|
Log-Analyse und Auswertung: OTL und Extra.txt Log Analyse. Verdacht auf Keyloger o.ä Spyware.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.08.2012, 13:14 | #1 |
| OTL und Extra.txt Log Analyse. Verdacht auf Keyloger o.ä Spyware. Hallo, habe schon einen Thread in diesem Unterforum erstellt, doch man die Beiträge nur 60 Min beabeiten. Da ich mein System gescannt habe, hat das alles etwas länger gedauert. Deswegen die Bitte an den Admin den Thread: "WoW Account gehackt. Keylogger? In der Vergangenheit den BND Trojaner vom System beseitigt. Highjack Log anbei" zu löschen. Danke! Also hier nochmal die Problembeschreibung: habe bemerkt das mein inaktiver WoW Account gehackt wurde. Jetzt frage ich mich wie dieser Hacker mein Passwort rausfinden konnte. Gott sei dank war mein Email - Passwort ein anderers. Es kann eigentlich nur durch Spyware / Keylogger passiert sein, denn auf Phishingmails reagiere ich nie und ominöse .exe Dateien in irgednwelchen Anhängen öffne ich schon garnicht. Ich muss dazu sagen dass ich mir vor kurzem ( ca 6 Wochen her) den "BND" Trojaner eingefangen und manuell beseitigt habe. So dachte ich zumindest. Wie er auf mein System gelangen konnte, bleibt mir auch bis heute ein Rätzel. Der PC wird im Normalfall auschliesslich von mir benutzt. Ganz selten fürs Studium von meiner Freundin, die sich aber sicherlich nicht auf zweifelhaften Seiten aufhält. Habe nun mal einen OTL Log getätigt. Ich hoffe ihr könnt mir helfen. Muss ich formatieren oder werde ich mögliche Spyware auch "so" wieder los? Wenn ja, welches Tool ist empfehlenswert? Der Vierenscan über Bitdefender ergab keine Befunde. Ich danke jedenfalls schonmal im vorraus! Hier die Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.08.2012 14:02:19 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Andre\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,08 Gb Available Physical Memory | 64,18% Memory free 9,91 Gb Paging File | 7,24 Gb Available in Paging File | 73,05% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 6,21 Gb Free Space | 12,74% Space Free | Partition Type: NTFS Drive E: | 882,68 Gb Total Space | 111,02 Gb Free Space | 12,58% Space Free | Partition Type: NTFS Computer Name: ANDRE-PC | User Name: Andre | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.25 13:51:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe PRC - [2012.08.25 13:17:51 | 000,050,477 | ---- | M] () -- C:\Users\Andre\Desktop\Defogger.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.05.25 16:24:32 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.06 09:44:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.23 12:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe ========== Modules (No Company Name) ========== MOD - [2012.08.25 13:17:51 | 000,050,477 | ---- | M] () -- C:\Users\Andre\Desktop\Defogger.exe MOD - [2011.08.06 19:28:46 | 002,078,208 | ---- | M] () -- C:\Program Files (x86)\wLite\IPCameraRTSP.ax ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.05.25 16:23:46 | 002,660,624 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (vsserv) SRV:64bit: - [2012.05.25 16:23:18 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv) SRV - [2012.08.15 21:18:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.23 23:54:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.25 16:24:54 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.04.08 20:35:10 | 000,018,360 | ---- | M] () [On_Demand | Stopped] -- E:\Games\Runes of Magic\Overwolf\\OverwolfUpdater.exe -- (OverwolfUpdaterService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.06 09:44:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.06 20:30:48 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.07.27 21:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [Disabled | Stopped] -- C:\Program Files (x86)\wLite\wService.exe -- (wxpSvc) SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.23 12:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 15:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.01.18 15:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2011.10.11 01:40:53 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.09.07 06:21:51 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.09.07 06:21:51 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.09.07 06:21:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.04.10 05:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.04.06 17:52:18 | 000,028,304 | ---- | M] (SHAPE Services GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mobiolavs.sys -- (mobiolavs) DRV:64bit: - [2011.04.06 17:51:44 | 000,029,120 | ---- | M] (SHAPE Services) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mobiolawave.sys -- (MOBIOLA_Wave) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 11:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.06.28 11:55:44 | 001,040,976 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2010.06.28 11:55:38 | 000,692,816 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2010.05.13 15:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM) DRV:64bit: - [2010.04.07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2010.03.09 12:09:50 | 000,676,864 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2010.01.19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (Bdvedisk) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2010.08.20 17:42:04 | 000,099,408 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2010.08.20 14:42:08 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf) DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.05.23 17:18:26 | 000,034,793 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid7906.sys -- (hid7906) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 7C 38 E6 B3 AC CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=111863&babsrc=SP_ss&mntrId=bc733beb000000000000002522bd2a1b IE - HKCU\..\SearchScopes\{329DF456-2B9A-1254-3222-23D6BB4C8442}: "URL" = hxxp://ics.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-441-0-... IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\ITunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT\ [2012.06.07 22:40:18 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDTBEXT\ [2012.06.07 22:40:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012.06.07 22:40:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 23:54:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.16 16:24:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012.06.07 22:40:18 | 000,000,000 | ---D | M] [2011.09.02 19:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Extensions [2012.08.15 22:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\goqlnpk0.default\extensions [2012.08.15 22:58:50 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\goqlnpk0.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.11.26 00:40:23 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\goqlnpk0.default\extensions\DefaultManager@Microsoft [2011.11.09 15:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.23 17:23:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.15 02:45:48 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ANDRE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GOQLNPK0.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI [2012.07.23 23:54:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.12 03:33:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.27 00:20:02 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.02.12 03:33:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.12 03:33:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.01 18:59:55 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.12 03:33:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 03:33:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 03:33:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Save Flash - C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions) O8 - Extra context menu item: Save Flash - C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35D42F3A-15F0-40E5-A086-767631ABF482}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D27262-A236-4510-B1B3-100B8F851E0E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AA653A7-90CF-42DC-A644-2B6481219797}: DhcpNameServer = 212.23.115.148 212.23.97.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F930F494-19C4-47CB-AB59-B6F3EDAC301D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD911015-B12F-450E-97FD-43F376C2373C}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.25 13:51:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe [2012.08.23 17:23:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2012.08.23 17:23:40 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Canon [2012.08.23 17:20:44 | 000,438,272 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNQ4809L.dll [2012.08.23 17:20:44 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNQ4809U.dll [2012.08.23 17:20:44 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll [2012.08.23 17:20:44 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll [2012.08.20 07:31:03 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\Thelen Bilder 2 [2012.08.16 19:06:55 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.16 19:06:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.16 19:06:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.16 19:06:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.16 19:06:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.16 19:06:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.16 19:06:30 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.16 19:06:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.16 19:06:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.16 19:06:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.16 19:06:16 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.08.16 19:06:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 19:06:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 19:06:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 19:06:16 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 19:06:15 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 19:06:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 19:06:12 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.09 21:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC [2012.08.09 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC [2012.08.05 23:34:47 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\Thelen Bilder [2012.08.04 15:14:03 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Mozilla-Cache [2012.08.04 15:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker [2012.08.04 15:13:27 | 000,000,000 | ---D | C] -- C:\Programs [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.25 14:02:07 | 000,000,000 | ---- | M] () -- C:\Users\Andre\defogger_reenable [2012.08.25 13:56:25 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.25 13:56:25 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.25 13:51:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe [2012.08.25 13:18:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.25 13:17:51 | 000,050,477 | ---- | M] () -- C:\Users\Andre\Desktop\Defogger.exe [2012.08.25 12:31:03 | 000,980,140 | ---- | M] () -- C:\Users\Andre\Desktop\wow.png [2012.08.25 11:58:00 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.25 11:58:00 | 000,664,764 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.25 11:58:00 | 000,624,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.25 11:58:00 | 000,134,932 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.25 11:58:00 | 000,110,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.25 11:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.25 11:51:49 | 2078,806,015 | -HS- | M] () -- C:\hiberfil.sys [2012.08.18 20:15:53 | 008,760,499 | ---- | M] () -- C:\Users\Andre\Desktop\Behandlung Trennungsangst (Schneider) TAFF.pdf [2012.08.17 18:51:18 | 000,318,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.16 23:04:07 | 000,017,408 | ---- | M] () -- C:\Users\Andre\AppData\Local\WebpageIcons.db [2012.08.15 21:18:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 21:18:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.11 00:47:14 | 000,000,997 | ---- | M] () -- C:\Users\Andre\Desktop\VNC Viewer.lnk [2012.08.08 21:31:26 | 000,000,934 | ---- | M] () -- C:\Users\Andre\Documents\Dokument.rtf [2012.08.04 23:13:40 | 000,081,619 | ---- | M] () -- C:\Users\Andre\Desktop\558352_154438614693029_1747227822_n.jpg [2012.08.04 15:13:49 | 000,001,695 | ---- | M] () -- C:\Users\Andre\Desktop\PartyPoker.lnk [2012.07.31 22:02:06 | 000,001,057 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\vso_ts_preview.xml [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.25 14:02:07 | 000,000,000 | ---- | C] () -- C:\Users\Andre\defogger_reenable [2012.08.25 13:17:25 | 000,050,477 | ---- | C] () -- C:\Users\Andre\Desktop\Defogger.exe [2012.08.25 12:31:03 | 000,980,140 | ---- | C] () -- C:\Users\Andre\Desktop\wow.png [2012.08.23 17:20:44 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT [2012.08.23 17:20:44 | 000,393,256 | ---- | C] () -- C:\Windows\SysNative\CNQ4809N.DAT [2012.08.18 20:15:53 | 008,760,499 | ---- | C] () -- C:\Users\Andre\Desktop\Behandlung Trennungsangst (Schneider) TAFF.pdf [2012.08.09 21:59:21 | 000,000,997 | ---- | C] () -- C:\Users\Andre\Desktop\VNC Viewer.lnk [2012.08.08 21:31:26 | 000,000,934 | ---- | C] () -- C:\Users\Andre\Documents\Dokument.rtf [2012.08.04 17:49:00 | 000,081,619 | ---- | C] () -- C:\Users\Andre\Desktop\558352_154438614693029_1747227822_n.jpg [2012.08.04 15:13:49 | 000,001,695 | ---- | C] () -- C:\Users\Andre\Desktop\PartyPoker.lnk [2012.07.16 11:17:11 | 000,000,051 | ---- | C] () -- C:\ProgramData\ducnkctgujqkdzt [2012.07.11 03:53:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\gskdoxoskgxoumd [2012.06.21 01:56:47 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2012.06.19 23:30:46 | 001,554,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.19 23:29:09 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.06.10 17:47:30 | 000,017,408 | ---- | C] () -- C:\Users\Andre\AppData\Local\WebpageIcons.db [2012.05.25 03:13:47 | 000,000,502 | ---- | C] () -- C:\ProgramData\1337908426.bdinstall.bin [2012.05.25 03:12:59 | 000,159,500 | ---- | C] () -- C:\ProgramData\1337908266.bdinstall.bin [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.05.14 21:41:43 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.05.14 21:33:58 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.04.28 00:49:17 | 000,000,132 | ---- | C] () -- C:\Windows\kaillera.ini [2012.01.25 20:11:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.28 12:16:26 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.25 05:05:54 | 000,001,057 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\vso_ts_preview.xml [2011.09.23 02:51:25 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.23 02:51:24 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.09.23 02:51:24 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.15 01:49:33 | 000,007,625 | ---- | C] () -- C:\Users\Andre\AppData\Local\Resmon.ResmonCfg [2011.09.14 21:21:49 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.09.14 21:21:49 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.09.09 07:01:06 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2011.09.09 03:32:14 | 000,004,884 | ---- | C] () -- C:\ProgramData\homrfjdr.aqx [2011.09.09 03:27:08 | 000,005,119 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe [2011.09.09 03:27:07 | 000,005,093 | ---- | C] () -- C:\ProgramData\etgxespc.rpo [2011.09.08 05:45:04 | 000,006,144 | ---- | C] () -- C:\Users\Andre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.02 20:24:36 | 000,204,380 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.09.02 19:30:26 | 000,001,150 | ---- | C] () -- C:\Users\Andre\Mozilla Firefox.lnk [2011.09.02 18:59:00 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.09.02 14:53:58 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.02 14:53:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.02 14:53:58 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.02 14:53:58 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.09.02 14:53:58 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2010.07.08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe ========== Files - Unicode (All) ========== [2012.05.25 02:54:07 | 000,000,220 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 [2012.05.25 02:54:03 | 000,000,220 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.08.2012 14:02:19 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Andre\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,08 Gb Available Physical Memory | 64,18% Memory free 9,91 Gb Paging File | 7,24 Gb Available in Paging File | 73,05% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 6,21 Gb Free Space | 12,74% Space Free | Partition Type: NTFS Drive E: | 882,68 Gb Total Space | 111,02 Gb Free Space | 12,58% Space Free | Partition Type: NTFS Computer Name: ANDRE-PC | User Name: Andre | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{067E5CC1-8ED9-4889-8F92-2CCC9B165FBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B7F4187-3171-4DC2-8E4B-4786893BEB6C}" = rport=138 | protocol=17 | dir=out | app=system | "{2CC738AA-9AC6-45FA-ACF3-97239F374A40}" = lport=10243 | protocol=6 | dir=in | app=system | "{3625A104-C24A-4E0A-B210-44A02BA26106}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4CA8B3AA-1BF2-4855-977E-C93ED01CC9FC}" = lport=445 | protocol=6 | dir=in | app=system | "{4DAB3C83-21E4-41EF-B6D2-4F4AD50390D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{563A4856-98B8-4D80-81AD-2F7E6F244F46}" = lport=138 | protocol=17 | dir=in | app=system | "{5B55EA61-8DED-46BE-9D5C-2544AB65ACE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5C629B1B-BF9E-4F2E-9199-D3646F6B6BF5}" = lport=139 | protocol=6 | dir=in | app=system | "{65629151-545E-4C93-9B39-ABE1CC78F30F}" = lport=19376 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{79BC251A-2406-4DCB-A099-FE4B9F0FB17C}" = rport=137 | protocol=17 | dir=out | app=system | "{7D8D1B9E-A3C7-4D0F-9986-3543A2B44162}" = rport=139 | protocol=6 | dir=out | app=system | "{82651248-9572-468B-94D0-77B5E70C30AB}" = lport=137 | protocol=17 | dir=in | app=system | "{84359245-87B2-4F04-8A7D-BCF55E98FF51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9B686DC6-6FDB-43E4-9AE4-88161FB6287F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A0A90F8A-0BDF-4728-8711-5460DC37CF8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{AE9C9ACD-C45E-43EB-9556-6C364A8451C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B282A8C7-4B69-4870-AF77-CC63D66637E9}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{B9FC05E7-6F07-4782-BB9E-E0A8E1889FB9}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{C35794F4-64B4-440E-9CE1-513F90AA4352}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CFC80E97-379F-4A41-8CEC-0CFC178304E9}" = rport=10243 | protocol=6 | dir=out | app=system | "{D50D1010-F1C9-4713-922E-198CCACB833E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD0F7F95-3842-429B-8B3D-1BDC8CA7B3C0}" = rport=445 | protocol=6 | dir=out | app=system | "{DF615D03-AD6F-48CF-8D58-62A99C2B3A3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EA5838FE-E2F5-415F-92DC-5B649EE10447}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{EAF3A632-6C28-4FC3-9688-CD44A028A97C}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{EF92DA17-1BAB-4004-9254-BF2AEC73B6A7}" = lport=2869 | protocol=6 | dir=in | app=system | "{F367BD77-594D-40C9-BFAC-AC42CF495B04}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{019CFA85-7998-432D-B21D-75CBC0F75BC3}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\fragtastic1987\counter-strike source\hl2.exe | "{04233C32-53C3-4803-B0AB-B776A9AF7DAB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{119B8B47-576D-4FB7-8D28-84FF516E7F1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{17196FFC-ED26-42E9-AD88-C5A06BD9CA12}" = protocol=6 | dir=in | app=c:\program files (x86)\wlite\wservice.exe | "{21430863-B4EA-492A-9299-9DBD71A49555}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{230B14EC-646B-4220-B8A2-DB88448C7B05}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{2A592B1C-75FE-4D74-B956-5554C0D48093}" = protocol=6 | dir=in | app=e:\games\dirt 3\dirt3_game.exe | "{2E4D04A2-430E-4D40-82AF-956A051CB82C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{31DA83A0-CBAD-49BE-8A65-3AFA8BC97EFE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{345BEDCD-90DB-4F73-A6AE-926B24079CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3463677E-0FC6-4C83-85D7-D2854031B01B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{34C67CF4-6868-402E-87F5-3AE661E5E041}" = protocol=6 | dir=in | app=e:\games\battlefield bad company 2\bfbc2updater.exe | "{34ECC6DD-4CE5-424D-95DD-622D03AB0296}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{35C87494-B308-4BFF-A6D6-400C7299170C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\fragtastic1987\counter-strike\hl.exe | "{35CF670E-84D7-4CA7-A088-73AFA0624202}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{36861045-F7DF-42D6-8B2F-A1F97058DABB}" = protocol=17 | dir=in | app=c:\program files (x86)\wlite\wservice.exe | "{373ED89E-D843-4E23-B9D0-0727D0CF05C2}" = protocol=6 | dir=in | app=e:\games\crysis\bin32\crysisdedicatedserver.exe | "{38DF1C3F-761F-4BF5-9D74-C23A412A1D9C}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | "{3A86553D-4D8E-4E43-A3C9-9DA1ECDAD883}" = protocol=17 | dir=in | app=e:\games\crysis\bin32\crysisdedicatedserver.exe | "{3C5636C4-E7CC-4E99-AE8E-BF26C746F678}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3CD5F86B-6CCA-47F0-B0B9-D63B0268AC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3E4619AA-6631-4164-AF57-81D39842CCC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3E5DD082-9104-45AD-8F90-5A342A08511C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{3F948652-7814-4EFC-A6FC-69EDC7195DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{3FE8EF50-74AD-4519-8237-E53243854BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4340A507-CF40-492B-B172-2FBFB479C04F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4997928D-84C9-4D9C-9B71-BD717D977D00}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\fragtastic1987\counter-strike\hl.exe | "{4AF68BB4-5EC5-4074-8DCB-7FE33F54C796}" = protocol=6 | dir=in | app=e:\games\crysis\bin64\crysis.exe | "{50759016-BC3F-4EEE-8022-DA08942720FF}" = protocol=17 | dir=in | app=e:\games\battlefield bad company 2\bfbc2updater.exe | "{50C99D6C-930E-4393-AB73-8BCACB6A4B06}" = protocol=17 | dir=in | app=e:\games\crysis\bin32\crysis.exe | "{5D7F0A70-0A60-4A62-89A3-3A82980A390B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{65637C99-45E4-4DD7-BB8B-6EC94B6FBB14}" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\150n usb wireless lan utility\rtwlan.exe | "{664B6869-877B-40CB-B855-6A4EE49E2CD5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{66BAE37B-2D3A-4F40-BF0A-EFBA57AE4124}" = protocol=17 | dir=in | app=e:\games\crysis\bin64\crysisdedicatedserver.exe | "{67837EE3-714C-4A31-AC53-DCED649B9121}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{68EAB752-E913-4EB1-B2DF-E200CB454ABB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6B1E73DA-52D3-491D-8702-290B35075ADF}" = protocol=17 | dir=in | app=e:\games\crysis\bin64\crysis.exe | "{6D4DED45-5FD1-4B17-BB49-5360C3D7B488}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6EF2A4B8-C6E3-4A57-9DFA-CEE67C5252CA}" = protocol=17 | dir=in | app=e:\games\dirt 3\dirt3_game.exe | "{7026B8F6-7DEE-422E-92F2-81756BEA01B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{709392EF-E349-4ACD-BA26-D02F811E8777}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | "{71851E6C-39EB-4996-9684-3A9A24A3F5AD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{75FD3203-5664-4D62-A387-8C74B64881FD}" = protocol=6 | dir=in | app=e:\games\cod - world at war\codwawmp.exe | "{78B98241-B9DC-44BF-8F7D-D7DDC7A1A23A}" = protocol=6 | dir=in | app=e:\games\cod moden warfare i\iw3mp.exe | "{7C79DA2B-E8D5-4E8D-A47D-787F87B0FC80}" = protocol=17 | dir=in | app=e:\games\gta iv\grand theft auto iv\launchgtaiv.exe | "{7ED16FA8-B52A-47AB-AD46-414E3B95FDFA}" = protocol=6 | dir=in | app=e:\games\splinter cell - conviction\src\system\conviction_game.exe | "{801913D6-F4A0-46A1-AE72-BE2844EB18D1}" = protocol=17 | dir=in | app=c:\program files (x86)\wlite\wlite.exe | "{81E75B00-7CAA-4B5A-9AF1-0C0CF21D9CFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8373D82F-2530-44F4-807F-808F03ECEFD3}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{8F154123-BA5D-4C64-B49A-C8A5571A7012}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8FBFA1C8-CFA3-4440-9987-068F28C2D0E1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{95146A62-0C41-41E7-A567-4232651FD3F8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{97E6BBA3-1EF4-455A-B1D4-098122A2C4CF}" = protocol=6 | dir=in | app=e:\games\crysis\bin64\crysisdedicatedserver.exe | "{99CE010E-300E-4AAE-B4FA-706C26C88CDB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{AAE30AD3-BF83-4D5C-9620-7E6A71A48003}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B0407051-AC14-4ADB-B0CF-CA8476E92FA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4814351-399D-4364-A0BB-32C49B131833}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{B816E317-9352-438E-956B-A67F9EDD9367}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{BADBBD77-FD30-483D-A809-2032A371A324}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC5E9622-7932-46AC-9A42-FDD04CBE4997}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BCE45F60-90A2-4B1A-8F54-5AC2ECD1EBF6}" = protocol=6 | dir=in | app=e:\games\splinter cell - conviction\src\system\gu.exe | "{BEFFDB88-D682-47C9-88DD-98C693AE0C31}" = protocol=6 | dir=in | app=e:\games\gta iv - episodes from liberity city\eflc\launcheflc.exe | "{C02C7BA1-E53D-4C74-861A-AE983737FCD3}" = protocol=6 | dir=in | app=c:\program files (x86)\wlite\wlite.exe | "{C433071A-0520-4BE9-9B80-319B5A2E091E}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{C5DFC00C-9838-4B63-8FFB-F43504ED3DE8}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\fragtastic1987\counter-strike source\hl2.exe | "{C927B262-D062-4C3A-B5DC-BCFD19240222}" = protocol=17 | dir=in | app=e:\games\cod moden warfare i\iw3mp.exe | "{D12C1C02-FD2A-48B5-A9C8-3305E668DFF7}" = protocol=6 | dir=in | app=e:\games\crysis\bin32\crysis.exe | "{D329C192-62AF-4407-BA3C-63031FA639FE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{D5A2F01F-35D2-489D-B4A2-509BE323FE6B}" = protocol=17 | dir=in | app=e:\games\cod - world at war\codwawmp.exe | "{D691D8A4-1067-4263-891A-A69EF81F30DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D7545027-B14B-4FCC-B0B8-C44E754D8BEE}" = protocol=17 | dir=in | app=e:\games\splinter cell - conviction\src\system\conviction_game.exe | "{DB3078E8-E548-401C-A44A-1D3CBFE117FD}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{DC74D2CE-6A8B-480B-8993-289F5FC19380}" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\150n usb wireless lan utility\rtwlan.exe | "{DFE1AB9B-ED75-4143-87AC-5F6FC8AC4C2A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E6BF8E61-A2DF-4780-BEB0-36B63B38E392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7727737-1701-4CDD-A7C0-10C441B04261}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E9972058-2157-41C3-8D8B-C9AA19E89930}" = dir=in | app=e:\itunes\itunes.exe | "{EB050EC6-CA7E-4C4E-B9A0-08EBED049D7C}" = protocol=6 | dir=out | app=system | "{EBCE2FF6-3151-4A08-B78C-8504C905314A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{EC38CA7B-9D62-4277-9DD6-B2FCF3B823C7}" = protocol=17 | dir=in | app=e:\games\cod - world at war\codwaw.exe | "{EE0AD969-BA47-493A-B48A-1186C94F6F78}" = protocol=17 | dir=in | app=e:\games\gta iv - episodes from liberity city\eflc\launcheflc.exe | "{EF6F720F-3EBB-4ABF-AA0C-FEFC0A025203}" = protocol=6 | dir=in | app=e:\games\cod - world at war\codwaw.exe | "{F06BAF1C-9500-4DCB-AF02-9206CF6C03F5}" = protocol=17 | dir=in | app=e:\games\splinter cell - conviction\src\system\gu.exe | "{F0B0AC29-F03F-4C34-96DF-9D039A37824A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F297742F-C46E-4C61-BEA3-ACF50542A23A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F33B9B51-1603-47BA-B04E-0F2B5F3A536D}" = protocol=6 | dir=in | app=e:\games\gta iv\grand theft auto iv\launchgtaiv.exe | "{F4B51B15-1D05-43C2-8942-3B4CD702AFA0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F75EBB2A-C7CE-425F-A180-76180FA1BE7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{2616E144-DD2C-4660-A8F7-8EA9FA834FFB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{747E7ADB-8115-4E6D-842E-929C0988F74D}E:\games\cod - world at war\codwaw.unpacked.exe" = protocol=6 | dir=in | app=e:\games\cod - world at war\codwaw.unpacked.exe | "TCP Query User{F6DAF994-1373-4A5E-AC7A-AF54395CCEAC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{0D0830E6-2C9A-4A2B-AF5E-34EBC614AAAD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{7F047286-7D27-43E5-8EE4-796A46576E98}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{CADC9110-A930-4964-995A-880785451A09}E:\games\cod - world at war\codwaw.unpacked.exe" = protocol=17 | dir=in | app=e:\games\cod - world at war\codwaw.unpacked.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 1.0 "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{340A2AD6-0679-46DA-9180-DABBD5B36FD1}" = BitDefender Total Security 2011 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "BitDefender" = BitDefender Total Security 2011 "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "RealVNCViewer_is1" = VNC Viewer 5.0.1 "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD "{2A558A06-A44E-400D-95AD-D9FAA89AFD36}" = USB Network Joystick "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1 "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D74E1F4-32D5-44D0-9054-8D57E981F59F}_is1" = Flash Saving Plugin "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3 "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B531E735-8ED5-4270-ACCE-3809086FBD02}_is1" = Batman Arkham City version 1.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3 "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DE0DE2FF-3934-439D-91A6-3A1D38665526}" = Overwolf "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3C95BE6-479D-4F12-B1F2-B5A473DEE0E1}_is1" = F1 2011 Version v1.0 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "5513-1208-7298-9440" = JDownloader 0.9 "888poker" = 888poker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Azureus" = Azureus "Carom3D" = Carom3D "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "dlancockpit" = devolo dLAN Cockpit "Duke Nukem Forever_is1" = Duke Nukem Forever "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "HLSW_is1" = HLSW v1.3.2.1 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49a "MuhSound" = MuhSound "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PartyPoker" = PartyPoker "PKR" = PKR "PokerStars" = PokerStars "PrecisionX" = EVGA Precision X 3.0.2 "SopCast" = SopCast 3.4.0 "Steam App 10" = Counter-Strike "Steam App 240" = Counter-Strike: Source "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 730" = Counter-Strike: Global Offensive "Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack "SystemRequirementsLab" = System Requirements Lab "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 2.0.1 "VLC Setup Helper_is1" = VLC Setup Helper "WinLiveSuite" = Windows Live Essentials "Zattoo4" = Zattoo4 4.0.5 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.08.2012 12:52:50 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 17.08.2012 13:52:06 | Computer Name = Andre-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "e:\Games\F1 2011\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "e:\Games\F1 2011\F1 2011\CustomActionOnFinishInst.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 18.08.2012 10:20:29 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 19.08.2012 14:26:15 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 20.08.2012 01:14:53 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 20.08.2012 11:06:28 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 23.08.2012 10:18:45 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 23.08.2012 10:51:03 | Computer Name = Andre-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "e:\Games\F1 2011\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "e:\Games\F1 2011\F1 2011\CustomActionOnFinishInst.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 23.08.2012 11:24:33 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 24.08.2012 14:19:05 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = Error - 25.08.2012 05:53:41 | Computer Name = Andre-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 27.09.2011 15:58:51 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 21:58:51 - Fehler beim Herstellen der Internetverbindung. 21:58:51 - Serververbindung konnte nicht hergestellt werden.. Error - 27.09.2011 15:59:00 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 21:58:56 - Fehler beim Herstellen der Internetverbindung. 21:58:56 - Serververbindung konnte nicht hergestellt werden.. Error - 28.09.2011 11:38:15 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 17:38:15 - Fehler beim Herstellen der Internetverbindung. 17:38:15 - Serververbindung konnte nicht hergestellt werden.. Error - 28.09.2011 11:38:25 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 17:38:20 - Fehler beim Herstellen der Internetverbindung. 17:38:20 - Serververbindung konnte nicht hergestellt werden.. Error - 29.09.2011 18:51:33 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 00:51:33 - Fehler beim Herstellen der Internetverbindung. 00:51:33 - Serververbindung konnte nicht hergestellt werden.. Error - 29.09.2011 18:51:42 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 00:51:38 - Fehler beim Herstellen der Internetverbindung. 00:51:38 - Serververbindung konnte nicht hergestellt werden.. Error - 08.11.2011 18:34:23 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 23:34:23 - Fehler beim Herstellen der Internetverbindung. 23:34:23 - Serververbindung konnte nicht hergestellt werden.. Error - 08.11.2011 18:34:35 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 23:34:28 - Fehler beim Herstellen der Internetverbindung. 23:34:28 - Serververbindung konnte nicht hergestellt werden.. Error - 13.11.2011 08:35:56 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 13:35:56 - Fehler beim Herstellen der Internetverbindung. 13:35:56 - Serververbindung konnte nicht hergestellt werden.. Error - 13.11.2011 08:36:07 | Computer Name = Andre-PC | Source = MCUpdate | ID = 0 Description = 13:36:01 - Fehler beim Herstellen der Internetverbindung. 13:36:01 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 04.02.2012 10:00:51 | Computer Name = Andre-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?04.?02.?2012 um 03:01:30 unerwartet heruntergefahren. Error - 04.02.2012 10:11:18 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 07.02.2012 13:19:01 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 07.02.2012 23:10:11 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 09.02.2012 12:54:26 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 09.02.2012 22:57:39 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 11.02.2012 15:53:51 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 12.02.2012 19:42:40 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 16.02.2012 11:31:47 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 16.02.2012 16:29:17 | Computer Name = Andre-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. < End of report > |
25.08.2012, 15:04 | #2 |
/// Helfer-Team | OTL und Extra.txt Log Analyse. Verdacht auf Keyloger o.ä Spyware.__________________
__________________ |
Themen zu OTL und Extra.txt Log Analyse. Verdacht auf Keyloger o.ä Spyware. |
7-zip, behandlung, bho, bonjour, email, error, firefox, flash player, frage, google, grand theft auto, helper, home, hängen, install.exe, jdownloader, langs, locker, logfile, mozilla, mp3, nvidia update, plug-in, realtek, registry, richtlinie, saving, security, server, software, spyware, super, svchost.exe, system, teamspeak, trojaner, windows |