|
Log-Analyse und Auswertung: Virus auf meinem Rechner (100euro psc für illigale Aktivitäten)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.08.2012, 20:15 | #1 |
| Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) Hallo zusammen, also ich heute meinen Rechner gestartet habe, öffnete sich ein Fenster, welches von mir verlangte 100 Euro PSC an irgendeine Behörde zu zahlen. Was natürlich irgendein Fake ist. Ich habe versucht mit dem Task-manager das Fenster zu schließen, doch dieser spinnt ebenfalls und lässt sich nicht öffnen. Nach mehrmalige Neustart (mit und ohne Internet) öffnete sich das Fenster immer mit einem Internet zugang. Ich habe nach dem Problem gegoogelt und mich entschieden mich hier anzumelden. Da dies meine erstes Forum und ich allgemein nicht so bewandert in dem Berreich bin, hoffe ich, dass ich alles richtig mache und mir jemand helfen kann diesen nervigen Trojaner oder was es auch ist zu eleminiern. Nun zum Wesentlichen: ich haben einen scann durchgeführt, alle 9 gefunden Vieren gelöscht und diesen Log erhalten (Nachnahme hab ich durch *** ersetzt) Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Raphael *** :: RAPHAEL***-PC [Administrator] 23.08.2012 18:56:49 mbam-log-2012-08-23 (18-56-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400793 Laufzeit: 55 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Raphael ***\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F45CC202-61D9-2F4E-508C-206074A5D528} (Trojan.ZbotR.Gen) -> Daten: "C:\Users\Raphael ***\AppData\Roaming\Usym\qoifvu.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Raphael ***\AppData\Local\Temp\tmp0434af43\soft.exe (Trojan.Agent.XVatGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Raphael ***\AppData\Local\Temp\tmp09bfae43\241.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Raphael ***\AppData\Local\Temp\tmp44bafba0\p.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Raphael***\AppData\Local\Temp\tmpd504a565\setup.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Raphael ***\Downloads\SoftonicDownloader_fuer_curse-client.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Raphael ***\Downloads\SoftonicDownloader_fuer_openoffice.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Raphael ***\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Löschen bei Neustart. C:\Users\Raphael ***\AppData\Roaming\appConf32.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Raphael (Trojan.ZbotR.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Nun habe ich auch die anderen Programme runtergeladen und durchlaufen lassen. Beim ersten gab es keine Fehlermeldung, nur den angekündigten Neustart. Alcohol 120 % habe ich wie befohlen vorher deinstalliert. Der Log von Defogger ist follgender: defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:01 on 23/08/2012 (Raphael ***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Nun kommt der von OTL: OTL logfile created on: 23.08.2012 20:17:12 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Raphael ***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,23% Memory free 6,50 Gb Paging File | 5,44 Gb Available in Paging File | 83,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 500,00 Gb Total Space | 288,15 Gb Free Space | 57,63% Space Free | Partition Type: NTFS Drive D: | 431,50 Gb Total Space | 134,91 Gb Free Space | 31,26% Space Free | Partition Type: NTFS Drive E: | 6,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: RAPHAEL***-PC | User Name: Raphael *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.23 19:38:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael ***\Desktop\OTL.exe PRC - [2012.08.17 13:00:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.05.08 19:08:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:08:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 19:08:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 03:14:31 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\Speech\Common\sapisvr.exe PRC - [2009.02.06 16:14:34 | 000,068,136 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe PRC - [2008.07.07 12:03:36 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\GamerOSD\GamerOSD.exe PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\G-series Software\LGDCore.exe ========== Modules (No Company Name) ========== MOD - [2012.07.17 10:56:14 | 000,587,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2012.06.15 18:03:19 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 18:02:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 18:02:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.05.11 14:57:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 14:56:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012.05.11 14:56:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 14:56:32 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 14:56:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 14:56:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2012.04.22 17:09:05 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2012.01.14 17:24:36 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3097.37069__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012.01.14 17:24:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012.01.14 17:24:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012.01.14 17:24:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2012.01.14 17:24:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012.01.14 17:24:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012.01.14 17:24:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012.01.14 17:24:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012.01.14 17:24:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012.01.14 17:24:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012.01.14 17:24:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012.01.14 17:24:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012.01.14 17:24:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2012.01.14 17:24:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012.01.14 17:24:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012.01.14 17:24:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012.01.14 17:24:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012.01.14 17:24:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll MOD - [2012.01.14 17:24:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012.01.14 17:24:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012.01.14 17:24:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012.01.14 17:24:32 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3097.37349__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012.01.14 17:24:32 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3097.37100__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012.01.14 17:24:32 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3097.37359__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012.01.14 17:24:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3097.37356__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012.01.14 17:24:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3097.37062__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2012.01.14 17:24:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3097.37060__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012.01.14 17:24:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012.01.14 17:24:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3097.37396__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012.01.14 17:24:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012.01.14 17:24:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012.01.14 17:24:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012.01.14 17:24:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2012.01.14 17:24:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012.01.14 17:24:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2012.01.14 17:24:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012.01.14 17:24:32 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2012.01.14 17:24:32 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2012.01.14 17:24:32 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3097.37411__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2012.01.14 17:24:32 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3097.37062_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2012.01.14 17:24:31 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3097.37077__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012.01.14 17:24:31 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3097.37061__90ba9c70f846762e\ATIDEMOS.dll MOD - [2012.01.14 17:24:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3097.37058__90ba9c70f846762e\AEM.Server.dll MOD - [2012.01.14 17:24:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012.01.14 17:24:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012.01.14 17:24:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3097.37358__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012.01.14 17:24:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.11.01 19:32:48 | 000,573,100 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\sqlite3.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\Report.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VObject.dll MOD - [2008.07.07 12:03:36 | 001,073,152 | ---- | M] () -- C:\Programme\ASUS\GamerOSD\ImageTransform.dll MOD - [2008.07.07 12:03:36 | 000,184,320 | ---- | M] () -- C:\Programme\ASUS\GamerOSD\AudioOnVistaDLL.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security) SRV - [2012.08.17 14:13:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.28 08:57:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 19:47:36 | 000,018,360 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Overwolf\\OverwolfUpdater.exe -- (OverwolfUpdaterService) SRV - [2012.05.08 19:08:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:08:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.06 16:14:34 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service) SRV - [2008.07.07 12:03:40 | 000,067,072 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\Windows\System32\ATKFUSService.exe -- (ATKFUSService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX) DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG) DRV - [2012.08.23 20:06:40 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.08.22 16:43:34 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.08.22 16:43:34 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.05.08 19:08:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 19:08:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.01.14 17:21:23 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.07.07 12:03:40 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf) DRV - [2008.07.07 12:03:40 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 30 60 D5 B7 7F CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3 A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.facebook.de" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Raphael ***\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 08:57:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.28 15:16:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Raphael ***\AppData\Roaming\14001.016 [2012.08.20 16:26:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 08:57:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 16:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael ***\AppData\Roaming\mozilla\Extensions [2012.05.02 17:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael ***\AppData\Roaming\mozilla\Firefox\Profiles\wlu8jvm6.default\extensions [2012.04.22 18:36:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Raphael ***\AppData\Roaming\mozilla\Firefox\Profiles\wlu8jvm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.14 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\RAPHAEL ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WLU8JVM6.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} [2012.07.28 08:57:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.08 20:58:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 20:58:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 20:58:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 20:58:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 20:58:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 20:58:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSGamerOSD] C:\Programme\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" File not found O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\Raphael ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Raphael ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raphael ***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B33099D-ED00-4577-A04C-1951E9F2E6CA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F3018EB-3B3F-4A5D-96CB-4E404D47EA06}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7849A405-E654-4791-BE28-94C2A3A5711A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F07AE756-FBCB-47F1-90E0-C460F1BF0F7A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\Shell - "" = AutoRun O33 - MountPoints2\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{573000ce-dbe9-11e1-8df1-00241d8ef688}\Shell - "" = AutoRun O33 - MountPoints2\{573000ce-dbe9-11e1-8df1-00241d8ef688}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{573000ce-dbe9-11e1-8df1-00241d8ef688}\Shell\setup\command - "" = H:\setup.exe O33 - MountPoints2\{57a3063f-ec4d-11e1-a740-00241d8ef688}\Shell - "" = AutoRun O33 - MountPoints2\{57a3063f-ec4d-11e1-a740-00241d8ef688}\Shell\AutoRun\command - "" = I:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.23 19:56:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael ***\Desktop\OTL.exe [2012.08.23 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\Malwarebytes [2012.08.23 18:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.23 18:56:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.23 18:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.23 18:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.23 18:55:27 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Raphael ***\Desktop\ccsetup321.exe [2012.08.23 18:55:24 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raphael ***\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.22 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Podcasts [2012.08.22 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Documents\Media Go [2012.08.22 17:07:33 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Local\Sony [2012.08.22 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2012.08.22 17:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.08.22 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install [2012.08.22 17:04:18 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\Sony [2012.08.22 16:43:34 | 000,025,200 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2012.08.22 16:43:34 | 000,012,400 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2012.08.22 16:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2012.08.22 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [2012.08.22 16:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.08.22 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.08.22 16:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.08.22 16:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012.08.22 16:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012.08.22 16:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2012.08.20 16:26:11 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\14001.016 [2012.08.20 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\xmldm [2012.08.20 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\kock [2012.08.17 23:01:52 | 001,236,992 | ---- | C] (crea-doo) -- C:\Users\Raphael ***\Desktop\aoe3loader.exe [2012.08.17 22:46:22 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Local\LogMeIn Hamachi [2012.08.17 22:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.08.17 22:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.08.17 13:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.02 13:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.08.02 01:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 [2012.08.02 01:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games [2012.08.02 00:56:53 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Desktop\aoe [2012.08.02 00:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2012.08.01 22:14:51 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Local\Activision [2012.08.01 22:01:50 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Desktop\Stirb.Langsam.4 [2012.08.01 22:00:17 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Desktop\Fast5 [2012.08.01 21:58:20 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Desktop\300 [2012.08.01 21:57:10 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Desktop\AmericanPie [2012.08.01 21:56:53 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Desktop\transformers3 [2012.08.01 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\Desktop\call of duty 5 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Raphael ***\AppData\Roaming\*.tmp files -> C:\Users\Raphael ***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.23 20:14:16 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 20:14:16 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 20:13:36 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.23 20:13:36 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.23 20:13:36 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.23 20:13:36 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.23 20:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.23 20:06:18 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2012.08.23 20:01:45 | 000,000,020 | ---- | M] () -- C:\Users\Raphael ***\defogger_reenable [2012.08.23 19:38:30 | 000,302,592 | ---- | M] () -- C:\Users\Raphael ***\Desktop\yv8bzrz7.exe [2012.08.23 19:38:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael ***\Desktop\OTL.exe [2012.08.23 19:37:54 | 000,050,477 | ---- | M] () -- C:\Users\Raphael ***\Desktop\Defogger.exe [2012.08.23 19:30:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.23 18:56:02 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.23 18:53:00 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Raphael ***\Desktop\ccsetup321.exe [2012.08.23 18:49:20 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raphael ***\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.23 18:28:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.08.22 16:50:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf [2012.08.22 16:50:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01009.Wdf [2012.08.22 16:43:34 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2012.08.22 16:43:34 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2012.08.22 16:40:30 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.08.21 18:12:55 | 000,001,881 | ---- | M] () -- C:\Users\Raphael ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.20 18:20:13 | 000,000,048 | ---- | M] () -- C:\Users\Raphael ***\AppData\Roaming\blckdom.res [2012.08.20 16:26:22 | 000,006,400 | ---- | M] () -- C:\Users\Raphael ***\AppData\Roaming\BAcroIEHelpe.dll [2012.08.20 16:26:20 | 000,198,800 | ---- | M] () -- C:\Users\Raphael ***\AppData\Roaming\AcroIEHelpe.dll [2012.08.17 22:45:22 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.08.17 14:10:40 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.02 06:43:46 | 000,139,224 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Raphael ***\AppData\Roaming\*.tmp files -> C:\Users\Raphael ***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.23 20:01:13 | 000,000,020 | ---- | C] () -- C:\Users\Raphael ***\defogger_reenable [2012.08.23 19:56:56 | 000,050,477 | ---- | C] () -- C:\Users\Raphael ***\Desktop\Defogger.exe [2012.08.23 19:56:51 | 000,302,592 | ---- | C] () -- C:\Users\Raphael ***\Desktop\yv8bzrz7.exe [2012.08.23 18:56:02 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.22 16:50:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf [2012.08.22 16:50:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01009.Wdf [2012.08.22 16:40:30 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.08.21 18:12:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.08.21 18:12:55 | 000,001,881 | ---- | C] () -- C:\Users\Raphael ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.20 16:26:22 | 000,006,400 | ---- | C] () -- C:\Users\Raphael ***\AppData\Roaming\BAcroIEHelpe.dll [2012.08.20 16:26:20 | 000,198,800 | ---- | C] () -- C:\Users\Raphael ***\AppData\Roaming\AcroIEHelpe.dll [2012.08.20 16:26:02 | 000,000,048 | ---- | C] () -- C:\Users\Raphael ***\AppData\Roaming\blckdom.res [2012.08.17 23:01:09 | 000,320,552 | R--- | C] () -- C:\Users\Raphael ***\Desktop\aoe3loader_1.6.3.zip [2012.08.17 22:45:22 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.02.11 14:09:13 | 001,849,344 | ---- | C] () -- C:\Windows\System32\Qt4Pas5.dll [2012.01.28 22:23:53 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.01.28 22:23:52 | 000,022,328 | ---- | C] () -- C:\Users\Raphael ***\AppData\Roaming\PnkBstrK.sys [2012.01.28 22:23:19 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.01.28 22:23:14 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2012.01.28 22:23:14 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.01.14 17:52:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.01.14 17:26:24 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.01.14 17:26:24 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.01.14 17:23:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2012.01.14 15:52:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.08.20 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\14001.016 [2012.04.03 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\Babylon [2012.04.22 18:37:00 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\DVDVideoSoft [2012.04.22 18:36:37 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.14 23:48:38 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\FOG Downloader [2012.04.24 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\Kalydo [2012.08.20 16:25:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\kock [2012.04.22 17:09:27 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\OpenOffice.org [2012.08.22 17:07:51 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\Sony [2012.02.28 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\Thunderbird [2012.08.23 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\TS3Client [2012.01.14 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\ts3overlay [2012.02.23 16:04:28 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\Usym [2012.02.20 23:01:09 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\Voazuz [2012.08.20 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\xmldm [2012.06.22 15:10:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ___________die andere Datei____________________ OTL Extras logfile created on: 23.08.2012 20:17:12 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Raphael ***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,23% Memory free 6,50 Gb Paging File | 5,44 Gb Available in Paging File | 83,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 500,00 Gb Total Space | 288,15 Gb Free Space | 57,63% Space Free | Partition Type: NTFS Drive D: | 431,50 Gb Total Space | 134,91 Gb Free Space | 31,26% Space Free | Partition Type: NTFS Drive E: | 6,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: RAPHAEL***-PC | User Name: Raphael *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08E8041B-6147-4691-BC0A-EB01CC4A9B06}" = lport=10243 | protocol=6 | dir=in | app=system | "{112D2636-0E4B-4364-8D74-469C1F3DF97A}" = lport=137 | protocol=17 | dir=in | app=system | "{2A564946-8784-4596-BC0C-DC9411B14937}" = lport=445 | protocol=6 | dir=in | app=system | "{2C7BADD6-8E27-4D41-ADF1-4F0E0BEF44BC}" = rport=137 | protocol=17 | dir=out | app=system | "{317153F3-7776-409E-B317-6F69E13AC8D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{348104A5-86E2-4578-B54C-AC9B7F82561E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{45543315-EBAE-4A7C-AEAC-1836A60D3F42}" = lport=138 | protocol=17 | dir=in | app=system | "{65219023-2E56-4AC6-ACC3-B32A6BF0E19A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C00C440-772C-4C3C-9C1D-43277A4B0929}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{952BB664-8D45-4307-ACAF-7E86A0B6D0A1}" = rport=10243 | protocol=6 | dir=out | app=system | "{977FBA16-A57E-409E-9AF8-E51F67151D23}" = lport=2869 | protocol=6 | dir=in | app=system | "{A4F963E4-28BD-4B10-8E77-D233FF718123}" = lport=139 | protocol=6 | dir=in | app=system | "{B38AC65A-FCE2-4DDA-9F59-17939592853B}" = rport=138 | protocol=17 | dir=out | app=system | "{BBD6AA66-955E-4554-8043-7364BF26E0B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5B7B107-AA0B-4961-85CF-2C3B0F20CBFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CE200D01-D023-41F4-A51C-912B43701F92}" = rport=445 | protocol=6 | dir=out | app=system | "{E04AF8B9-D39F-4F0D-ADC5-9012D97C179F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E2151BB6-8599-461F-B7BF-5CC2022A13D5}" = rport=139 | protocol=6 | dir=out | app=system | "{E8CC8C15-B44C-4E96-A23D-C5A9FB8E4734}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F1CF62BE-1D60-4E4D-81B7-198FF3F01CD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F4BB4117-5120-4985-8F62-17C7EF1A9E07}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01D1688C-3581-4DE9-8728-460A3DAB9295}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0F56FD50-87E3-438B-BBD6-90A9B7903974}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0F5FF058-2961-4579-A0E3-AE34714F2A73}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{107237C3-F24D-4BE0-A653-9DC534353ABC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{10C54D0A-25B0-4684-8E92-802DAE50404C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12974102-652F-4BF0-97B3-83EE66716F73}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{13ABB13A-962A-4395-99FB-05C0AEB86499}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{188D34FB-6C55-45E6-BCBA-6E7CEBC6152E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1B04ABA3-0E19-4D14-BBB3-3FEB6799935E}" = dir=in | app=c:\program files\itunes\itunes.exe | "{1C6E86FE-B8CA-427F-B403-3FFF9B38AC6E}" = protocol=17 | dir=in | app=c:\users\raphael ***\desktop\counter-strike source\hl2.exe | "{24532D8C-6AFA-455C-9AFB-B7182E59C14C}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "{2549ECA0-7CA8-4D97-9FB7-788F500FF7E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{25535549-EC25-4DE9-AE4C-1BA06E63CA13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35C9DB2C-7FAE-4DB3-BF93-7BD500EE02C0}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{361198A9-873C-4B0D-BE0A-DBF444CCEBD9}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | "{41D04D3B-F024-4557-81BF-3BCAC85342FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{46622294-5934-40CC-AB15-DF518CB8663A}" = protocol=6 | dir=in | app=c:\users\raphael ***\desktop\counter-strike source\hl2.exe | "{46C7C77F-A25E-435B-B92D-F43284F9DBCE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | "{51B46C53-95E2-43AB-A97D-A49A239BDD52}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5D163E1C-CF30-4CA1-996C-73EAF5F0CE15}" = protocol=6 | dir=out | app=system | "{5DED32C5-FA4E-4CA4-A844-E4D488C011F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5E02613F-B98F-49F6-A11A-3C96AA207681}" = protocol=17 | dir=in | app=g:\games\counter-strike source\hl2.exe | "{64F0A287-805E-4851-A3B4-93F8D85C87FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{69937F52-B27F-41AB-B86D-B5C37CA6E527}" = protocol=6 | dir=in | app=c:\users\raphael ***\desktop\games\call of duty 4 deutsch\iw3mp.exe | "{7342449D-1FE6-40B9-9485-ABEE222F20ED}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{786634C1-DC9E-4A01-8786-1FA3900A66F7}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "{7DFF506A-5039-416C-BB11-3171E06DABA9}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{80F081F3-77B8-4099-BA76-2E7E2D323006}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{87A08399-A90B-4605-AF42-0957AF3BF452}" = protocol=6 | dir=in | app=g:\games\counter-strike source\hl2.exe | "{9D201FEC-091D-434D-9C60-7E89706FD1CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A620B639-9DA4-4874-A0EA-AD68FCAF03FD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{B3C2310B-D2AC-47F2-A6A9-1055EE5E2199}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CADD9028-08FD-4BD9-92C2-CAFA563971BB}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "{CDFF7FA8-1AE0-46B7-AA7F-E029FFDEA336}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{DE22EF5F-1C76-45B1-B356-3F14200405DD}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{DF7BFDE2-FA27-4B88-A46B-338A4DB2D98A}" = protocol=17 | dir=in | app=c:\users\raphael ***\desktop\games\call of duty 4 deutsch\iw3mp.exe | "{E47BFE30-5B27-427C-878E-D2948336D926}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "{EC6A5267-7855-4070-9D24-4C7386C83B63}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{F15A6C2D-F772-40E5-9968-B307B53345B7}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{F2EB3C8F-F1F7-4B7C-B5C2-A82CF107B885}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FFC1920E-4D79-4B03-A5FD-68AB11CAAD0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{06C3E63C-EB40-4739-A041-1CAF9055E844}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | "TCP Query User{179B759C-8F7E-4E1A-8F44-51D42B1A139C}F:\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\games\counter-strike source\hl2.exe | "TCP Query User{1961CDDC-77D6-4242-ACEB-DEC1E97118A1}C:\program files\runes of magic\launcher.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\launcher.exe | "TCP Query User{3F4C6E87-8FA9-46D1-820D-1237F75D023C}C:\users\raphael ***\desktop\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\raphael ***\desktop\counter-strike source\hl2.exe | "TCP Query User{42BC8517-1812-47E7-801C-206B49B25B0B}C:\users\raphael ***\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe" = protocol=6 | dir=in | app=c:\users\raphael lütz\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe | "TCP Query User{4F572A95-62FB-45CB-9EDE-972FAE259D81}C:\users\raphael ***\desktop\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\users\raphael lütz\desktop\tera\tera-launcher.exe | "TCP Query User{64C33B27-7FD3-4BF3-B137-4FFB25E573DD}C:\users\raphael ***\desktop\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\users\raphael ***\desktop\unreal tournament 3 (lg)\binaries\ut3.exe | "TCP Query User{93E46595-399C-458F-8D9C-594FD743EFB1}C:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe | "TCP Query User{9B44EF68-2F28-41EF-930A-56FA908648FE}C:\users\raphael ***\downloads\runes_of_magic_4_0_5_2467_eu_full.exe" = protocol=6 | dir=in | app=c:\users\raphael lütz\downloads\runes_of_magic_4_0_5_2467_eu_full.exe | "TCP Query User{E8872ED4-8A3B-404B-9ACE-8E54A6569B48}C:\users\raphael ***\downloads\runes_of_magic_4_0_8_2506_full_eu.exe" = protocol=6 | dir=in | app=c:\users\raphael lütz\downloads\runes_of_magic_4_0_8_2506_full_eu.exe | "TCP Query User{E89AA019-C750-48FD-AAC7-C55242CAD02F}C:\program files\microsoft games\age of empires iii\age3y.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "TCP Query User{E95C9ABA-7E69-4E40-BC5C-57E3BD5AC9EA}C:\users\raphael ***\desktop\games\call of duty 4 deutsch\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\raphael lütz\desktop\games\call of duty 4 deutsch\iw3mp.exe | "TCP Query User{FB537187-4E41-41E3-8E9C-796951E5FBE6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{FEC9D007-B6F3-43BB-BB34-19069DEBFCEE}G:\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\games\counter-strike source\hl2.exe | "TCP Query User{FF755939-44FB-40F6-B07D-975DD7087F6F}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe | "UDP Query User{0744F450-0AA8-4F91-A53D-9A2B6D9641DD}C:\program files\runes of magic\launcher.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\launcher.exe | "UDP Query User{0B37498A-6E4F-40D5-807C-DA9BA3AC87C4}G:\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\games\counter-strike source\hl2.exe | "UDP Query User{2FB9D65F-0C33-40A0-BFA6-4391112ACAE9}C:\users\raphael ***\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe" = protocol=17 | dir=in | app=c:\users\raphael ***\appdata\roaming\kalydo\kalydoplayer\bin1\kalydoloader.exe | "UDP Query User{3A9889E9-8C77-4673-8E4C-EE2D04EB793F}C:\users\raphael ***\desktop\games\call of duty 4 deutsch\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\raphael ***\desktop\games\call of duty 4 deutsch\iw3mp.exe | "UDP Query User{3F63E473-194C-4162-AB8E-3FC869F18CF2}C:\users\raphael ***\downloads\runes_of_magic_4_0_8_2506_full_eu.exe" = protocol=17 | dir=in | app=c:\users\raphael ***\downloads\runes_of_magic_4_0_8_2506_full_eu.exe | "UDP Query User{3FF6327B-552C-40A0-BB67-3AFE9CAC66F6}C:\users\raphael ***\desktop\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\users\raphael ***\desktop\unreal tournament 3 (lg)\binaries\ut3.exe | "UDP Query User{402C47C5-9337-47F6-A8B0-65887502AE9E}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | "UDP Query User{4D008858-CE6E-4AB6-B25D-9868588C9AA4}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{67E4DA06-B5C2-4C85-AB00-73C761BD9ECE}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe | "UDP Query User{8511CF01-8D7C-45E1-A619-C7FA72404FAE}F:\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\games\counter-strike source\hl2.exe | "UDP Query User{A31F19A6-8DF9-4812-9A8B-B1C2FA8B3BE8}C:\program files\microsoft games\age of empires iii\age3y.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "UDP Query User{CEEB3DBF-3FB6-47F5-8030-EFD9BA140123}C:\users\raphael ***\downloads\runes_of_magic_4_0_5_2467_eu_full.exe" = protocol=17 | dir=in | app=c:\users\raphael lütz\downloads\runes_of_magic_4_0_5_2467_eu_full.exe | "UDP Query User{D698098A-7019-4846-A72E-DE5F3700CE09}C:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe | "UDP Query User{EB9AFCCE-2065-4772-A999-229964E42AE1}C:\users\raphael ***\desktop\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\raphael lütz\desktop\counter-strike source\hl2.exe | "UDP Query User{F4D72B4A-B72E-44C6-8466-A987CE71F4E9}C:\users\raphael ***\desktop\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\users\raphael ***\desktop\tera\tera-launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1021301A-D4FF-3BFB-A0DF-084AE7577A4E}" = Catalyst Control Center Graphics Full Existing "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{181E3D67-A8BB-83F9-4072-BBA404EEC355}" = Catalyst Control Center Core Implementation "{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E389D3C-5404-C61E-33D3-3BA072CD485A}" = CCC Help German "{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R) "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch "{4893A35F-0A23-48EC-8E74-24969244D6F2}" = Catalyst Control Center - Branding "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{520C3B22-DB86-4FAD-B856-45C1D9F5B0DE}" = ASUS Smart Doctor "{5626CC74-F31C-3F4A-2E19-87F163D613BB}" = Catalyst Control Center InstallProxy "{5C7EEAA0-F0B3-D27D-B0EF-FBD466473F9C}" = Skins "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B9.0316.1 "{7F31A3DE-1681-8093-6243-FD0F5E83BE96}" = ccc-core-static "{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{85D0E700-0580-9D89-FA34-337BD0D19275}" = Catalyst Control Center Graphics Full New "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A4064329-BCB4-D6FD-0384-E1E66DDC8CEC}" = ATI Catalyst Install Manager "{A479B868-E782-4BEC-B0DB-1AD9E0521908}" = Overwolf "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B5CE674D-ECEA-3FC0-B353-A5B121DD4FB2}" = ccc-utility "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CEFCDEFA-6AE8-8E9D-A356-9C1AB78AA90C}" = Catalyst Control Center Graphics Previews Vista "{DA1FDD1A-52B7-CBBC-70DF-47446ADDFCD8}" = Catalyst Control Center Graphics Light "{E0D78BD9-9C81-4C5C-7ABC-9D89B6484CB1}" = Catalyst Control Center Localization German "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Crysis Wars(R)" = Crysis Wars(R) "Crysis Wars(R) Patch" = Crysis Wars(R) Patch "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.19.412 "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{520C3B22-DB86-4FAD-B856-45C1D9F5B0DE}" = ASUS Smart Doctor "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "Lazarus_is1" = Lazarus 0.9.30.2 "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PunkBusterSvc" = PunkBuster Services "TeamSpeak 3 Client" = TeamSpeak 3 Client "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 2.0.0 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "xvid" = XviD MPEG-4 Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "Kalydo App RunesOfMagic" = RunesOfMagic "KalydoPlayer" = Kalydo Player 4.05.03 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.08.2012 12:14:37 | Computer Name = Raphael***-PC | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406) festgestellt. Error - 23.08.2012 12:17:26 | Computer Name = Raphael***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303, Zeitstempel: 0x46e90354 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x3bc Startzeit der fehlerhaften Anwendung: 0x01cd814ac4feed92 Pfad der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 067b6ca3-ed3e-11e1-bd58-00241d8ef688 Error - 23.08.2012 12:26:44 | Computer Name = Raphael***-PC | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406) festgestellt. Error - 23.08.2012 12:31:10 | Computer Name = Raphael***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303, Zeitstempel: 0x46e90354 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x3bc Startzeit der fehlerhaften Anwendung: 0x01cd814cae676177 Pfad der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f1f5b19a-ed3f-11e1-810f-00241d8ef688 Error - 23.08.2012 12:39:36 | Computer Name = Raphael***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303, Zeitstempel: 0x46e90354 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x3bc Startzeit der fehlerhaften Anwendung: 0x01cd814ddded9750 Pfad der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 1fb3e109-ed41-11e1-8d4f-00241d8ef688 Error - 23.08.2012 12:41:31 | Computer Name = Raphael***-PC | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406) festgestellt. Error - 23.08.2012 13:59:31 | Computer Name = Raphael***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303, Zeitstempel: 0x46e90354 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x3bc Startzeit der fehlerhaften Anwendung: 0x01cd81590947c9da Pfad der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 499f7fa9-ed4c-11e1-852a-00241d8ef688 Error - 23.08.2012 14:00:23 | Computer Name = Raphael***-PC | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406) festgestellt. Error - 23.08.2012 14:06:42 | Computer Name = Raphael***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303, Zeitstempel: 0x46e90354 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x3a8 Startzeit der fehlerhaften Anwendung: 0x01cd815a09b21f17 Pfad der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 4a859c74-ed4d-11e1-817f-00241d8ef688 Error - 23.08.2012 14:08:25 | Computer Name = Raphael***-PC | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406) festgestellt. [ System Events ] Error - 13.05.2012 07:47:10 | Computer Name = Raphael***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.05.2012 07:47:10 | Computer Name = Raphael***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 13.05.2012 07:47:10 | Computer Name = Raphael***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.05.2012 07:47:22 | Computer Name = Raphael***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.05.2012 07:47:23 | Computer Name = Raphael***-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP SRTSPX Error - 13.05.2012 14:28:29 | Computer Name = Raphael***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 13.05.2012 14:28:29 | Computer Name = Raphael***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.05.2012 14:28:30 | Computer Name = Raphael***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 13.05.2012 14:28:30 | Computer Name = Raphael***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.05.2012 14:28:40 | Computer Name = Raphael***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > und das letzte Programm für 32 Bit GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-08-23 20:58:10 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HDT721010SLA360 rev.ST6OA31B Running: yv8bzrz7.exe; Driver: C:\Users\RAPHAE~1\AppData\Local\Temp\ffliipod.sys ---- System - GMER 1.0.15 ---- SSDT 95653D56 ZwCreateSection SSDT 95653D60 ZwRequestWaitReplyPort SSDT 95653D5B ZwSetContextThread SSDT 95653D65 ZwSetSecurityObject SSDT 95653D6A ZwSystemDebugControl SSDT 95653CF7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E493C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E82D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E89EAC 4 Bytes [56, 3D, 65, 95] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E8A208 4 Bytes [60, 3D, 65, 95] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E8A24C 4 Bytes [5B, 3D, 65, 95] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82E8A2C8 4 Bytes [65, 3D, 65, 95] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82E8A31C 4 Bytes [6A, 3D, 65, 95] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9741A000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3804] USER32.dll!RegisterMessagePumpHook + 2F1 76C38B9E 7 Bytes JMP 10053940 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3804] USER32.dll!PostMessageW + 43A 76C448B5 7 Bytes JMP 100537F0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3804] USER32.dll!SetDlgItemTextA + 25 76C5709F 7 Bytes JMP 10053920 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3804] USER32.dll!MessageBoxIndirectA + F5 76C8E95E 7 Bytes JMP 10053990 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3804] USER32.dll!MessageBoxIndirectW + 61 76C8E9C4 7 Bytes JMP 10053A60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3804] USER32.dll!MessageBoxExA + 1F 76C8E9E8 7 Bytes JMP 10053A10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x42 0xAD 0x4E 0x09 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x42 0xAD 0x4E 0x09 ... ---- EOF - GMER 1.0.15 ---- soooo das wars... ich hoffe nach dieser stundelangen Arbeit gibt es irgendeinen tallentierten Speziallsten, der in der Lage ist, mir schnell und zuverlässig zu helfen vielen Dank im vorraus MfG Rapahel |
24.08.2012, 01:14 | #2 |
/// Helfer-Team | Virus auf meinem Rechner (100euro psc für illigale Aktivitäten)Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.facebook.de" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found O4 - Startup: C:\Users\Raphael ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\Shell - "" = AutoRun O33 - MountPoints2\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{573000ce-dbe9-11e1-8df1-00241d8ef688}\Shell - "" = AutoRun O33 - MountPoints2\{573000ce-dbe9-11e1-8df1-00241d8ef688}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{57a3063f-ec4d-11e1-a740-00241d8ef688}\Shell - "" = AutoRun O33 - MountPoints2\{57a3063f-ec4d-11e1-a740-00241d8ef688}\Shell\AutoRun\command - "" = I:\Startme.exe [2012.08.23 19:38:30 | 000,302,592 | ---- | M] () -- C:\Users\Raphael ***\Desktop\yv8bzrz7.exe [2012.08.23 18:28:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.08.21 18:12:55 | 000,001,881 | ---- | M] () -- C:\Users\Raphael ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.20 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\xmldm [2012.08.20 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\kock [2012.08.20 16:26:11 | 000,000,000 | ---D | C] -- C:\Users\Raphael ***\AppData\Roaming\14001.016 [2012.08.20 16:26:22 | 000,006,400 | ---- | M] () -- C:\Users\Raphael ***\AppData\Roaming\BAcroIEHelpe.dll [2012.08.20 16:26:20 | 000,198,800 | ---- | M] () -- C:\Users\Raphael ***\AppData\Roaming\AcroIEHelpe.dll [2012.08.20 16:26:02 | 000,000,048 | ---- | C] () -- C:\Users\Raphael ***\AppData\Roaming\blckdom.res [2012.04.03 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\Raphael ***\AppData\Roaming\Babylon :Files C:\Users\Raphael ***\AppData\Roaming\140* C:\Users\Raphael ***\AppData\Roaming\*croIEHelp*.* ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
24.08.2012, 16:53 | #3 |
| Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) Ok ich hab alles so gemacht wie es beschriben war und ein fenster hat mir gesagt, dass irgendwas gelöscht wurde. Hat sich die sache damit erledigt?
__________________ |
24.08.2012, 18:07 | #4 |
/// Helfer-Team | Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) Wo ist das Fix-Log? |
26.08.2012, 11:52 | #5 |
| Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) Oh ja sorry, hab ich vergessen zu posten. Hier das müsste es sein: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully. C:\Windows\System32\dvmurl.dll moved successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: false removed from browser.search.update Prefs.js: "www.facebook.de" removed from browser.startup.homepage Prefs.js: 0 removed from network.proxy.type Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. C:\Users\Raphael lütz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07809a62-5c7f-11e1-8ad5-00241d8ef688}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{573000ce-dbe9-11e1-8df1-00241d8ef688}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{573000ce-dbe9-11e1-8df1-00241d8ef688}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{573000ce-dbe9-11e1-8df1-00241d8ef688}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{573000ce-dbe9-11e1-8df1-00241d8ef688}\ not found. File H:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57a3063f-ec4d-11e1-a740-00241d8ef688}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57a3063f-ec4d-11e1-a740-00241d8ef688}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57a3063f-ec4d-11e1-a740-00241d8ef688}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57a3063f-ec4d-11e1-a740-00241d8ef688}\ not found. File I:\Startme.exe not found. C:\Users\Raphael lütz\Desktop\yv8bzrz7.exe moved successfully. C:\ProgramData\0tbpw.pad moved successfully. C:\Users\Raphael lütz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully. C:\Users\Raphael lütz\AppData\Roaming\xmldm folder moved successfully. C:\Users\Raphael lütz\AppData\Roaming\kock folder moved successfully. C:\Users\Raphael lütz\AppData\Roaming\14001.016\components folder moved successfully. C:\Users\Raphael lütz\AppData\Roaming\14001.016 folder moved successfully. C:\Users\Raphael lütz\AppData\Roaming\BAcroIEHelpe.dll moved successfully. C:\Users\Raphael lütz\AppData\Roaming\AcroIEHelpe.dll moved successfully. C:\Users\Raphael lütz\AppData\Roaming\blckdom.res moved successfully. C:\Users\Raphael lütz\AppData\Roaming\Babylon folder moved successfully. ========== FILES ========== File\Folder C:\Users\Raphael lütz\AppData\Roaming\140* not found. C:\Users\Raphael lütz\AppData\Roaming\AcroIEHelpe.txt moved successfully. < ipconfig /flushdns /c > No captured output from command... C:\Users\Raphael Lütz\Desktop\cmd.bat deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Raphael Lütz ->Temp folder emptied: 14113241 bytes ->Temporary Internet Files folder emptied: 5424018 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 158207091 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1136 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 530474 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 170,00 mb OTL by OldTimer - Version 3.2.58.1 log created on 08242012_174437 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
27.08.2012, 02:25 | #6 |
/// Helfer-Team | Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) |
13.10.2012, 00:16 | #7 |
/// Helfer-Team | Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Virus auf meinem Rechner (100euro psc für illigale Aktivitäten) |
100 euro trojaner virus windows7, antivir, avira, bho, bonjour, ccsetup, converter, error, euro, firefox, flash player, helper, home, install.exe, internet, langs, launch, locker, logfile, mozilla, mp3, ntdll.dll, ohne internet, plug-in, problem, realtek, registry, required, scan, security, software, svchost.exe, teamspeak, trojaner, virus |