| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Virus nach SystemwiederherstellungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.08.2012, 11:52
| #1 |
| |  GVU Virus nach Systemwiederherstellung Hallo Liebe Trojaner Gemeinde. Mich hats vor zwei wochen auch erwischt und ich hatte mir den GVU Virus eingefangen, hab dann eine Systemwiederherstellung vom Vortag gemacht und alles funktionierte eigentlich wieder. Hatte danach zwar ganz oft Probleme mit dem Internet, aber dachte das wäre vlt kurzzeitig vom Anbieter so. Ich wollte damals noch eine gründliche Bereinigung durchführen, hab dies aber nicht getan. Jetzt bekam ich gestern eine Email von Battle.net, dass mein Account gesperrt wurde aufgrund verdächtiger Bewegungen und allein aus dem Grund, dass ich glaub, dass so ein Virus durch ne einfache Systemwiederherstellung nicht ausgelöscht werden kann eröffne ich das Thema. Ich hab heute Mittag einen Durchlauf mit Malwarebytes gemacht und danach(wie ich danach auf dieser Seite erfahren hab sollte man das eigentlich nicht tun) die gefundenen einträge entfernen lassen. Jetzt meine Frage: Soll ich nochmal ne Systemwiederherstellung machen um die Dateien wiederherzustellen? Hier meine Logs sowie der MalwarebytesLog vor dem Löschen: OTL Extras: [SPOILER]OTL Extras logfile created on: 28.08.2012 12:29:43 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free 8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10E259EA-BF11-4541-BB08-B4356EDF6D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19B009B6-74F7-429F-B784-2BEFDC393965}" = lport=139 | protocol=6 | dir=in | app=system | "{244D7D3C-DBD1-46C6-AB0E-B933A9AB56EB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2D28D130-608D-4091-AC82-990C01CC522D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2D3CC969-7661-4EEC-B90D-E0F35F701027}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38E0FA51-44F3-4BC3-80E7-D65687862B07}" = rport=139 | protocol=6 | dir=out | app=system | "{3FFAA57A-70C7-40FC-94A4-E52A56A3601E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E2373EB-DD85-4953-9EC9-BF119C0DAFC8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4F5D5DD3-158C-4043-8B6E-DD9CE201E54E}" = lport=10243 | protocol=6 | dir=in | app=system | "{594A5207-C271-4E7F-85E7-E055DFA44B27}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 | "{5B12B54B-F45D-4DDB-9375-C8F841770295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5BFC9C15-BA8B-451B-A2C2-B109F6337662}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{621EA96B-5B7D-4D39-AED9-C008272FD025}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{670AFBBF-B189-419B-AD7A-F93977834C7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6BA214DE-6B15-4C1D-9AA2-3132EEC9BDC4}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{72D20341-A39A-43D0-90ED-595CF65EE480}" = rport=445 | protocol=6 | dir=out | app=system | "{8087B877-C48F-422B-9C4D-209FC0B9CAD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{808B08D7-1CA8-4D4B-9A5F-7DDEF354C820}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{83CED0B6-F22C-428E-9D5B-D0921B2C5B79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84D57231-3C0C-440D-801E-80C8669A8EC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{91698BE0-F0D2-45E3-A30D-18349CB4B56D}" = lport=138 | protocol=17 | dir=in | app=system | "{929A3E62-6D1E-4CBF-B528-7ED3A1E55E3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9731BDA6-92C8-4053-93B2-6D52A49E1601}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{A110EAF0-39D2-42CA-B90C-1854B17DC986}" = rport=138 | protocol=17 | dir=out | app=system | "{A699B036-7E4F-4957-9CB5-5A8612747446}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A9588D78-67BF-4A12-B181-53FA576224BE}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port | "{C45F672A-055C-4094-A81E-3E33268F0CD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C9488AC5-C7EC-4E3E-8737-795A47466D8E}" = lport=445 | protocol=6 | dir=in | app=system | "{CF46BD05-A098-4030-AC31-A571691D599C}" = rport=10243 | protocol=6 | dir=out | app=system | "{D7D9076A-C896-4D6D-A7A4-3B8FFD30F3E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DBFD5D9C-469D-4A42-9ACD-957D45E6EFEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E105D083-6957-4681-9D65-0CBCE639629D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E25E6975-CCAD-4532-B8EB-3660F8986804}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{EC01D01E-D542-45D4-95C2-AB17B53D3069}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ED4B6021-1990-4238-A999-1BC222FB49A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F316006D-676F-41A3-A6D0-C96E3FB0D7A0}" = rport=137 | protocol=17 | dir=out | app=system | "{F6A9CCBE-7729-48B1-A885-B320E2EF3779}" = lport=53 | protocol=6 | dir=in | name=rtldns-port | "{F95ABC00-26AA-4A7E-B3F7-56715E77E20D}" = lport=2869 | protocol=6 | dir=in | app=system | "{FC075A32-60D9-45E0-86D7-FD9D0461C9E5}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 | "{FDE59EEE-39A1-4E64-A2FA-BA1E8D4E0F5A}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{011148A8-B22D-4A2E-8603-FD1301D7F681}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{02604856-2469-4B63-A1F7-92BDA47347FC}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | "{02A07994-58F8-4FA9-9109-98F39B62734E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{03E68AFF-C030-46BC-A7D4-B5B66147AABF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{06BFA27E-8257-481C-B05A-0FDA0D028921}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1D83992D-F104-48D8-AA83-D08AEDA1A78F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{1DF84089-1EFD-48A4-A009-121237C5F42D}" = protocol=6 | dir=out | app=system | "{2363BAAB-4BDE-4C91-A394-4EFFB3822762}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "{2C946469-2FAB-4003-84FF-80D5286825A2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{377A57C5-5811-4643-A1A0-AD64F0BE5CC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{37E20A6F-B805-43B8-A783-E002741EA18F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3D3D6384-7CA8-4C6E-BFC6-4F702513EC11}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe | "{3E22EDEB-5CE3-41F7-9D14-0CD25E5A0C90}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{4559A80E-6CC0-4C7B-BCA9-9C6807ACC00E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4672AAA2-8B13-435D-8E49-59F671C425C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4910260B-9823-4C89-BA1F-6924F89D737E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4EB0BA9C-AE76-4D6D-AE0F-C52A813EF08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5179F720-6BE5-474B-8EED-02CF416EA7B0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{594796F5-D6AC-4070-B564-9466FF789970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5AFDCAA7-A3BF-431C-960A-A60AB56F236B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{5BF3314E-3FFB-4159-8ABB-881BA3B57A35}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{5E1148BF-9077-489F-BC2A-795E571C4349}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{607E43D0-7423-4882-BAD1-ADDE00623C97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60DC9BB3-974E-4D56-9152-338DD89E05C0}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{61E66727-5C76-4B38-AF26-98CB263FC2A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A1F79A0-F3BC-4D6A-AE69-81A2BAE7A91B}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{6BD03DBD-1C97-429C-B517-504B1699DE64}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{7199BFE8-1203-44D8-9993-2F43E64905A2}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | "{7472E6E0-E5BD-4414-9960-CB12D6E35F07}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{822FE985-EA50-4E7A-967F-BDBE9F7AAC30}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{8B6055DE-F1C2-4754-9E22-B39D36AD9ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{8CBB2022-1115-4B04-BF27-EC20760A7AAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{915E0EA5-C731-4B82-A6AD-80A15432425A}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | "{98059B26-519E-4C50-A199-BD74C43BC600}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2BBB699-4A80-496B-BA40-4B96700DFF22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A40C7C0B-3AF9-4A98-B973-7014C2B89FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{AEDE413B-6F4E-4256-B976-7F81270E200E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3946BC7-CEFF-439C-AD47-2F7E64A2066E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{C3C5A101-2BF4-40DD-959A-0CB35827ED0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C98F4849-A180-4536-8B45-B7C93C42DC35}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CD59FA48-203B-4B9E-846E-34A33910CAA6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{CD8488AC-B3FA-4CC4-B00A-F84A83EAC493}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{CE39C1FD-0029-4CA0-B973-14409D7B8571}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{CF2A5A8B-124F-4945-B32C-372B9371AF4C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{D2B70495-DC8A-40AD-A840-A25807A089D5}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "{D30C9440-8198-49F1-8944-085EEE70098F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D4F3C1D8-64E1-4B63-9A14-3580B8176E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{D5413057-675A-4BE6-AC66-3D74A2B06589}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{E10B6E7A-7740-4AA4-83CD-D247A52C72B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E4247834-2FC0-404D-9C9B-4F20DB7A8774}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | "{E4D2B6BD-EFFF-4538-B4F8-C464A1649C54}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{E5B8117F-DC29-4886-847F-B641A8B6CF3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EACA8257-5E8A-4235-AEFE-66B80F371BA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EBBFCFCD-45E8-46DA-9FBD-E3C0B9DF06E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EF764ECC-ED4D-43A1-9284-75F7CBA99E92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F3163611-A6BD-45A4-9D42-E15CBBA59A90}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{FAD355B3-60E8-4536-959F-C5754D7B4348}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FDE5B6B7-AA0C-42C6-AB37-D787957B03CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "TCP Query User{0166F507-7DA3-491A-8DB1-E63A1B31F9F3}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "TCP Query User{4B52ADA7-0160-44C1-9064-6D597E0E9048}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "TCP Query User{90E0BA9E-A15A-41BE-B49B-544392BCE737}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe | "TCP Query User{92A20F08-92C7-40B1-85ED-0D53F2445D35}C:\users\dominik\desktop\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\srobot.exe | "TCP Query User{A3A9D230-18B4-466A-85DD-BA65C647DB83}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{BB3305F2-1C2B-432C-845D-990D1A934DA4}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{CA94B588-D3A7-40C3-9B35-D59972E4853A}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "TCP Query User{CF5C20FD-4CF9-48C3-86DD-145C026F5AA5}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe | "TCP Query User{E3573D12-92EA-4B41-A839-7B7F3D4E1BA6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{E85DF1DE-E3F6-4D00-9116-B90810B3F7B5}C:\users\dominik\downloads\sro\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe | "TCP Query User{EAEF591F-B241-47AB-9B8E-0643FE39D36E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{F6AC5CC1-D90C-4FAC-AC99-6B2F91322859}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "TCP Query User{F8704388-CA2D-4BB2-A5D3-EB2DA78EF0A8}C:\users\dominik\downloads\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\srobot.exe | "UDP Query User{0E95E684-AE93-42BC-8427-8F386286192B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{2F6F4088-2FBE-42E2-AA22-349DA8D2D723}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{3BC1ECA8-3D45-4436-A081-DA8B206D2B96}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "UDP Query User{750E2F01-25B5-4135-B762-166C31E91537}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{785BAE2C-ED87-4F5D-949C-31442AA2E96C}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "UDP Query User{917603E9-C845-4420-828C-F5D4A7D675FA}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe | "UDP Query User{93A51768-02CA-49DF-B037-CEAF0AC1F2BB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{B181E1E1-3B40-4FE2-9783-B05748350720}C:\users\dominik\desktop\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\srobot.exe | "UDP Query User{CA4D8911-9DBC-4B15-A5C5-960A75BFD537}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "UDP Query User{D1285684-05A8-4C86-B2E4-C1058982D02F}C:\users\dominik\downloads\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\srobot.exe | "UDP Query User{E176F75C-A3AB-4086-A7BB-145BCD9DE34D}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe | "UDP Query User{F0B1AD79-DBFC-44C3-80C7-F75192DC3A45}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "UDP Query User{F165D046-D577-4B8C-8A81-5A517793269D}C:\users\dominik\downloads\sro\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C8D55041-A13C-4620-8DF4-9C5A9C16908D}" = G Data TotalCare "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Azureus" = Azureus "Guard.Mail.ru" = Guard.ICQ "ICQToolbar" = ICQ Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "ManyCam" = ManyCam 3.0.80 (remove only) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Risk II_is1" = Risk II "Silkroad" = Silkroad "Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2 "StarCraft II" = StarCraft II "WinLiveSuite" = Windows Live Essentials "Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro "Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.08.2012 14:38:05 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Wow.exe, Version: 4.3.4.15595, Zeitstempel: 0x4f84d63a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fa50 ID des fehlerhaften Prozesses: 0x10a0 Startzeit der fehlerhaften Anwendung: 0x01cd7014c89bb1a0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\Wow.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 07719980-dc08-11e1-a188-4061864b7971 Error - 01.08.2012 17:47:39 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x74c8e2c4 ID des fehlerhaften Prozesses: 0x10f0 Startzeit der fehlerhaften Anwendung: 0x01cd702f1ee0a8d0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 8331e308-dc22-11e1-9efe-4061864b7971 Error - 01.08.2012 18:05:48 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73dbaa34 ID des fehlerhaften Prozesses: 0x1d30 Startzeit der fehlerhaften Anwendung: 0x01cd702f47dd78f8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung: 0c7d7dc8-dc25-11e1-9efe-4061864b7971 Error - 01.08.2012 18:38:41 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c8e2c4 ID des fehlerhaften Prozesses: 0x1744 Startzeit der fehlerhaften Anwendung: 0x01cd703271d6ed58 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a470eaf8-dc29-11e1-9efe-4061864b7971 Error - 01.08.2012 18:49:21 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 0x70b4aa34 ID des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung: 0x01cd70366ff426c8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung: 21eb4dd8-dc2b-11e1-9efe-4061864b7971 Error - 01.08.2012 18:49:27 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 0x70b4aa34 ID des fehlerhaften Prozesses: 0x12e8 Startzeit der fehlerhaften Anwendung: 0x01cd7034b10f6598 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung: 255a35d8-dc2b-11e1-9efe-4061864b7971 Error - 07.08.2012 07:14:38 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002 Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2760 Startzeit: 01cd74856d5cfb58 Endzeit: 650 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe Berichts-ID: Error - 09.08.2012 15:11:27 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002 Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13f8 Startzeit: 01cd765fff6642f8 Endzeit: 690 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe Berichts-ID: Error - 21.08.2012 04:41:04 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dominik\Downloads\SoftonicDownloader_for_risk-2.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 22.08.2012 07:37:17 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 166c Startzeit: 01cd805a61535e70 Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: [ System Events ] Error - 24.06.2012 15:37:41 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?06.?2012 um 21:35:48 unerwartet heruntergefahren. Error - 24.06.2012 16:04:50 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?06.?2012 um 22:03:18 unerwartet heruntergefahren. Error - 25.06.2012 15:57:10 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?25.?06.?2012 um 21:55:08 unerwartet heruntergefahren. Error - 28.06.2012 03:05:18 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?27.?06.?2012 um 23:40:53 unerwartet heruntergefahren. Error - 28.07.2012 17:20:48 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?07.?2012 um 23:18:47 unerwartet heruntergefahren. Error - 28.07.2012 17:20:51 | Computer Name = DOMINIK-PC | Source = BugCheck | ID = 1001 Description = Error - 31.07.2012 19:18:21 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?08.?2012 um 01:15:50 unerwartet heruntergefahren. Error - 31.07.2012 19:20:09 | Computer Name = Dominik-PC | Source = DCOM | ID = 10010 Description = Error - 31.07.2012 19:32:11 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?08.?2012 um 01:30:11 unerwartet heruntergefahren. Error - 01.08.2012 08:55:46 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?08.?2012 um 14:32:34 unerwartet heruntergefahren. < End of report > [/SPOILER] OTL : [SPOILER] OTL logfile created on: 28.08.2012 12:29:42 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free 8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.28 12:11:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Downloads\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.21 19:39:30 | 002,043,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe PRC - [2009.03.02 16:33:02 | 000,920,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe PRC - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe PRC - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe ========== Modules (No Company Name) ========== MOD - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2009.03.02 14:09:30 | 000,588,360 | ---- | M] () -- C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.14 23:27:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe -- (AVKService) SRV - [2009.02.25 04:24:52 | 000,852,040 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe -- (G Data Backup Service) SRV - [2009.02.25 04:18:58 | 000,907,336 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe -- (G Data Tuner Service) SRV - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.02.25 03:32:46 | 001,905,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe -- (AVKWCtl) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.22 19:03:29 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.01.22 19:03:11 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.01.22 19:02:45 | 000,048,072 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.08.11 13:46:46 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2011.05.25 09:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 39 59 D7 22 D9 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{4C867F62-3B83-42F5-A6F4-94C4C6942B27}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0AC79DA4-49EB-461A-94EE-1F9F69815688&apn_sauid=9D8C6F13-BB66-41FC-B95C-3FAA4C627594 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\ CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\ CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll () O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll () O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6549C2A9-1353-4B27-A247-98E100D1FD97}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82FF7BF9-407A-4A45-8B5C-6AFFFDECE4C9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.28 11:37:31 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2012.08.28 11:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.28 11:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 11:36:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 11:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.28 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D61A716A-1393-473F-ABC0-E26EC01161BF} [2012.08.25 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{017905A8-2EDA-4037-8696-9DBEAC6126D8} [2012.08.23 08:47:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AA2B18AF-BC5B-46AE-B9BB-ECC88B07D595} [2012.08.22 10:18:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A931F075-0C04-4CA1-A97C-EA310067B345} [2012.08.21 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{60CFB0F3-EE71-49B5-802D-AAE5B2EF6EAA} [2012.08.21 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2012.08.21 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.08.21 10:57:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.08.21 10:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.21 10:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.08.21 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\pdfforge [2012.08.21 10:56:42 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012.08.21 10:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.08.21 10:13:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F84985FD-E867-4BB4-B428-57C405838797} [2012.08.20 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7AB08069-073D-4BCE-9C03-49D1721F37C4} [2012.08.18 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B1D40AF9-9795-45B4-B99F-B0D1BC2C7398} [2012.08.18 20:28:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F8A8BA6C-51A3-4C68-BD45-F5851F574B3D} [2012.08.17 09:40:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DABE8470-8BF0-435F-AED3-DFBF9C879D9A} [2012.08.17 09:39:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C58989A3-3509-4C31-A17E-352CB67FC828} [2012.08.17 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2F6804EE-7E15-4FA1-889F-48CCA9FB82B7} [2012.08.17 00:18:34 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F734149-E2E8-4999-95E2-CD6AC04E325D} [2012.08.16 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3072A8FD-0999-480B-919C-615374A5DC88} [2012.08.16 19:04:46 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4898FEE-7153-44EB-B897-3CD9D151045E} [2012.08.16 18:58:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7B59A063-9355-4177-BEFE-F721389CEF5D} [2012.08.16 18:28:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{52D3737E-B4A2-48F8-8E30-4FACABD5F36E} [2012.08.16 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{777A45BB-37D3-4E9C-9EDE-0AFE2F01C234} [2012.08.16 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2EC69E1B-A1A5-4DCB-84A7-7C16FB5A2D5C} [2012.08.16 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1593CBCF-71D8-4922-9F81-9E383AA73A60} [2012.08.16 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3FE3F998-A98D-4BCF-B9D9-BBC8000E94B2} [2012.08.15 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F657A96-CB4A-4A8A-80BA-8FFC8A16ECE4} [2012.08.15 11:01:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{329AA700-139D-4631-B9E8-26385A9E7BF7} [2012.08.14 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{CCE47E2A-71D4-49BB-9286-CBA5E73178DF} [2012.08.14 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{235B4783-F507-4420-94AB-21C6E8A20E2C} [2012.08.14 10:30:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D500D55E-3FEC-4645-A57C-16F772F0FA5C} [2012.08.14 10:29:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DEAB545B-3E0E-46FF-8C66-319BDB3FD443} [2012.08.13 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A529FB1E-40DD-47D1-888F-D61B64AC0EB1} [2012.08.13 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1EB64AE1-6A77-4A9F-965B-6B5D0988B11D} [2012.08.13 12:50:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F0FD0CE4-64A1-4756-9150-0435014F2AF4} [2012.08.13 12:47:00 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09242CD1-8F7B-4997-9B03-98AAA9E50A74} [2012.08.13 12:42:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6BF558A4-EEFA-469B-AB3C-A3A3243B5A06} [2012.08.12 22:02:37 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C6134E32-3977-4D45-A949-5770D15B5568} [2012.08.12 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{265D22C2-AC87-407B-B54C-445D16142163} [2012.08.12 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0007927F-1B3B-493C-BA9C-9982351683E2} [2012.08.11 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{16BC219E-1F4F-4D8A-B905-6D0FD6FF7F1E} [2012.08.11 20:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4796B4-BB8A-4F1E-9B75-4566B1E06304} [2012.08.10 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4D61EF-56FB-474A-ADF0-90F8850EBFF8} [2012.08.10 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9850D84-C6DF-4A64-88C7-8CB1ED95D644} [2012.08.10 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2AD0015B-D892-4404-B30F-38432CD275DB} [2012.08.10 16:34:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A6ED1F27-6276-4714-81E8-4178289221DD} [2012.08.10 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E5EBAA16-1448-449A-9443-3A4F2C142838} [2012.08.10 16:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0B247A6C-5AD1-4D9C-B2F1-95B260617B94} [2012.08.10 16:06:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2029247A-564D-40BC-AE0B-D9A4F9AF0CE3} [2012.08.10 08:59:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B0FA90AC-B680-49AF-B968-C575ED8EE9C1} [2012.08.10 08:58:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9A65D1D6-98DD-4401-9AAF-5CCD1D1B4BB8} [2012.08.09 23:09:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{10B1C940-9893-4F3D-B4EC-13E6C226FBC0} [2012.08.09 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{98D3447D-AAE5-4F4F-8FFB-45367DA96458} [2012.08.09 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{07844FC0-1D70-45B5-A8C0-40F0871EEEF8} [2012.08.09 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{38A7E366-6DA0-492E-B7B6-72F6F84B4FA2} [2012.08.09 22:32:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B57F4E3F-0AB9-4630-9310-30E0916C8546} [2012.08.09 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{234097D9-2F21-4982-B1BD-0119E4BE6E83} [2012.08.09 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C77C0E2-0FE9-4A41-B671-7D11E2157363} [2012.08.09 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9234AFF-7823-4EC1-8085-BD81A84F8B42} [2012.08.09 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A68F3D6C-5153-4324-9C8A-39AB0D09DAD7} [2012.08.07 15:58:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{00C87FE3-57C1-42BC-9184-0B30F1009C12} [2012.08.07 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{29736AA0-1648-4131-9276-3189EE78B609} [2012.08.07 13:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2012.08.07 13:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.08.07 10:56:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72C83036-D81F-4BB7-8056-FE9F961B84DC} [2012.08.07 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72DADEAC-5D0E-4795-804C-8480ED2FCD86} [2012.08.07 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0031334B-26DF-4556-BA36-2567F4E93647} [2012.08.07 00:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C82B9163-1957-4A14-9F6A-CD969AE552AC} [2012.08.07 00:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{035ABF51-B01D-45A2-99C0-2B8467B10FBB} [2012.08.06 19:32:51 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A63A484B-70BD-4A5B-8E9E-DC75513FFA94} [2012.08.06 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BA786DBB-8021-42FF-A57C-EC0F5047EE42} [2012.08.06 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{86965326-1D17-471B-8BAE-15E3044A65C7} [2012.08.06 19:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.08.06 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{85690C93-B110-4CFD-A52A-867A05637366} [2012.08.06 18:48:52 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.08.06 18:48:52 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.08.06 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{EB0D8360-DAD3-4A01-A8A4-FC8499CBA761} [2012.08.06 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AE0A9576-389B-4E0F-84D2-A44F78C90302} [2012.08.06 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{56F86133-E31C-40D2-9B0A-0672D5BC198A} [2012.08.06 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9F732ED4-F573-405D-B7F0-639D72353837} [2012.08.03 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{ADA8BDFD-0F54-4C7D-8E28-84336DC3B52F} [2012.08.03 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AC10F047-2D0E-4B53-926F-241132F254CE} [2012.08.02 11:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DA47A535-DD3F-4C5A-A7BE-123125559428} [2012.08.02 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{33EAC64C-401A-4887-B0CD-A73F9FA87887} [2012.08.02 11:02:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BB97C8AC-AA90-405B-BD9E-134EF8035520} [2012.08.01 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{860AC8F7-DA3D-4250-8932-7224FD095D39} [2012.08.01 23:46:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{8B53A927-1814-41F4-908E-0F2A3EF5C86D} [2012.08.01 21:11:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6A08337E-A716-4D59-A95C-769B1F4D4AAD} [2012.08.01 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{79DE48C0-9805-485D-9678-B5D035747196} [2012.08.01 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B6663AAC-CC98-4FC7-8F39-4F19ED9152CC} [2012.08.01 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F7B3B580-A777-4FDC-B9A0-4EC827DB72C8} [2012.08.01 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F827077D-3F73-41AA-8563-B74E66891EC9} [2012.08.01 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F65D0177-D47A-4BD0-9282-9DC3EF444870} [2012.08.01 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{572C8788-618F-4208-B08F-79E1E3A1D458} [2012.08.01 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9AFFFE7E-A738-450D-9D57-786D79AB0CEC} [2012.08.01 17:07:48 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A9D4F693-72CC-4177-8603-0FA079EB2AA3} [2012.08.01 17:07:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1E6646F1-6D28-4FA6-B736-AED03FC0E613} [2012.08.01 14:56:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4E2197BD-3342-46A3-B903-3FE1065A1DAE} [2012.08.01 14:56:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4F0A1B00-723D-4F8C-AFD1-AA9F7082744A} [2012.08.01 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4917CD4-4A28-4F8A-A9ED-088EBD80710C} [2012.08.01 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C8C35CAA-C2EC-4AF4-B972-B304387AB271} [2012.08.01 13:52:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7F4AB77C-6877-43CE-9807-243184BC76BD} [2012.08.01 13:52:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C15C71EE-50CA-4A57-8EF0-86085E0A3452} [2012.08.01 12:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.08.01 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{08D68D36-3FD3-4986-B701-7171E1040859} [2012.08.01 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{953F335F-D602-4C2D-A266-19FC4BF2DF6D} [2012.08.01 09:31:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D96FBB31-0A06-4178-A0CA-E0917A56C63D} [2012.08.01 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{689BD84C-1E6E-4BA1-B6E2-80486DE4B0F3} [2012.08.01 01:33:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C90C69D-54E8-4B15-9F0F-0E1F474A3003} [2012.08.01 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BD723880-BFA9-4F3C-AB34-75E5D546EA37} [2012.08.01 01:19:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E25BC7DF-6F41-4690-9402-E11BF8FBE186} [2012.08.01 01:19:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7332A06F-6BED-4449-B566-125471268C26} [2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012.08.01 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.08.01 00:09:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ManyCam [2012.08.01 00:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012.08.01 00:09:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\ManyCam [2012.08.01 00:09:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\APN [2012.08.01 00:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.08.01 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam [2012.07.31 23:48:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\WoW [2012.07.31 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2012.07.31 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09087301-0FC5-4574-AFC1-063A28384D37} [2012.07.31 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A3504A6B-6B43-48BF-ADE9-F7E992D0FBDC} [2012.07.31 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3728EC00-2B45-44C6-AADE-14B6449BF3A9} [2012.07.31 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C7083A91-A51C-4622-A60B-E2F27A31759D} [2012.07.30 11:25:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{FE078EA5-9B01-48A9-AD8A-174A3835B069} [2012.07.30 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AF419906-4D9F-46FA-9662-1384C3BCAD64} [2012.07.29 22:13:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{378C3D81-2C18-4C5A-8E1E-77B5DE9E3249} [2012.07.29 22:12:42 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F782117-A36A-4F8A-8A9E-C9834E6CA2C7} [2012.07.29 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3CACBB2B-E555-4A64-B504-5C16547C603C} [2012.07.29 15:31:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7262FA37-7B44-4FA2-8140-161316BC2F90} [1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.28 12:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.28 12:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\defogger_reenable [2012.08.28 12:06:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 11:56:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.28 11:56:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.28 11:56:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.28 11:56:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.28 11:56:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.28 11:52:25 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.28 11:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.28 11:52:01 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.08.28 11:36:40 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2012.08.21 11:02:41 | 002,163,445 | ---- | M] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf [2012.08.21 10:56:52 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.21 10:56:51 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.21 10:30:09 | 000,000,216 | ---- | M] () -- C:\Users\Dominik\Desktop\SweetPcFix.url [2012.08.18 03:20:19 | 000,286,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.16 18:28:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.07 13:32:38 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012.08.06 15:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll [2012.08.02 00:10:28 | 000,000,017 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res [2012.08.01 23:46:36 | 000,006,400 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll [2012.08.01 13:15:29 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.08.01 00:10:07 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.07.31 23:47:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.31 13:31:26 | 000,000,018 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat [1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.28 12:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\defogger_reenable [2012.08.28 11:36:40 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.21 11:02:34 | 002,163,445 | ---- | C] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf [2012.08.21 10:56:52 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.21 10:56:51 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.21 10:30:09 | 000,000,216 | ---- | C] () -- C:\Users\Dominik\Desktop\SweetPcFix.url [2012.08.15 11:09:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.01 23:46:36 | 000,006,400 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll [2012.08.01 00:10:07 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.07.31 23:47:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.31 22:50:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.07.31 13:31:26 | 000,000,018 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat [2012.07.28 21:33:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll [2012.07.28 21:33:15 | 000,000,017 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res [2012.04.30 13:28:52 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.02.29 21:46:42 | 1301,272,174 | ---- | C] () -- C:\Users\Dominik\SilkroadOnline_GlobalOfficial_v1_351_LEGEND_8.exe [2012.02.02 18:27:26 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.02.02 18:27:26 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.01.29 21:41:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.08.22 00:17:22 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ICQ [2012.07.28 21:32:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\kock [2012.02.04 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LolClient [2012.08.01 00:10:29 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ManyCam [2012.08.21 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\pdfforge [2012.08.21 10:57:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2012.07.28 21:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UAs [2012.08.01 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\xmldm [2012.07.21 02:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/SPOILER] Malwarebytes: [SPOILER] Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.28.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Dominik :: DOMINIK-PC [Administrator] Schutz: Aktiviert 28.08.2012 11:47:26 mbam-log-2012-08-28 (11-47-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212734 Laufzeit: 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Dominik\AppData\Roaming\AcroIEHelpe180.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) [/SPOILER] Sorry, wenn ich noch etwas vergessen habe :/ Und vielen Dank im Voraus |
|
28.08.2012, 11:57
| #2 |
| | GVU Virus nach Systemwiederherstellung Sorry Ich dachte der Befehl wäre SPOILER :/
__________________Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.28.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Dominik :: DOMINIK-PC [Administrator] Schutz: Aktiviert 28.08.2012 11:47:26 mbam-log-2012-08-28 (11-47-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212734 Laufzeit: 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Dominik\AppData\Roaming\AcroIEHelpe180.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL: Code:
ATTFilter OTL logfile created on: 28.08.2012 12:29:42 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free 8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.28 12:11:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Downloads\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.21 19:39:30 | 002,043,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe PRC - [2009.03.02 16:33:02 | 000,920,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe PRC - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe PRC - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe ========== Modules (No Company Name) ========== MOD - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2009.03.02 14:09:30 | 000,588,360 | ---- | M] () -- C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.14 23:27:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe -- (AVKService) SRV - [2009.02.25 04:24:52 | 000,852,040 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe -- (G Data Backup Service) SRV - [2009.02.25 04:18:58 | 000,907,336 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe -- (G Data Tuner Service) SRV - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.02.25 03:32:46 | 001,905,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe -- (AVKWCtl) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.22 19:03:29 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.01.22 19:03:11 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.01.22 19:02:45 | 000,048,072 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.08.11 13:46:46 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2011.05.25 09:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 39 59 D7 22 D9 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{4C867F62-3B83-42F5-A6F4-94C4C6942B27}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0AC79DA4-49EB-461A-94EE-1F9F69815688&apn_sauid=9D8C6F13-BB66-41FC-B95C-3FAA4C627594 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\ CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\ CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll () O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll () O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6549C2A9-1353-4B27-A247-98E100D1FD97}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82FF7BF9-407A-4A45-8B5C-6AFFFDECE4C9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.28 11:37:31 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2012.08.28 11:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.28 11:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 11:36:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 11:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.28 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D61A716A-1393-473F-ABC0-E26EC01161BF} [2012.08.25 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{017905A8-2EDA-4037-8696-9DBEAC6126D8} [2012.08.23 08:47:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AA2B18AF-BC5B-46AE-B9BB-ECC88B07D595} [2012.08.22 10:18:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A931F075-0C04-4CA1-A97C-EA310067B345} [2012.08.21 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{60CFB0F3-EE71-49B5-802D-AAE5B2EF6EAA} [2012.08.21 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2012.08.21 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.08.21 10:57:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.08.21 10:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.21 10:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.08.21 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\pdfforge [2012.08.21 10:56:42 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012.08.21 10:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.08.21 10:13:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F84985FD-E867-4BB4-B428-57C405838797} [2012.08.20 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7AB08069-073D-4BCE-9C03-49D1721F37C4} [2012.08.18 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B1D40AF9-9795-45B4-B99F-B0D1BC2C7398} [2012.08.18 20:28:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F8A8BA6C-51A3-4C68-BD45-F5851F574B3D} [2012.08.17 09:40:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DABE8470-8BF0-435F-AED3-DFBF9C879D9A} [2012.08.17 09:39:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C58989A3-3509-4C31-A17E-352CB67FC828} [2012.08.17 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2F6804EE-7E15-4FA1-889F-48CCA9FB82B7} [2012.08.17 00:18:34 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F734149-E2E8-4999-95E2-CD6AC04E325D} [2012.08.16 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3072A8FD-0999-480B-919C-615374A5DC88} [2012.08.16 19:04:46 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4898FEE-7153-44EB-B897-3CD9D151045E} [2012.08.16 18:58:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7B59A063-9355-4177-BEFE-F721389CEF5D} [2012.08.16 18:28:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{52D3737E-B4A2-48F8-8E30-4FACABD5F36E} [2012.08.16 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{777A45BB-37D3-4E9C-9EDE-0AFE2F01C234} [2012.08.16 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2EC69E1B-A1A5-4DCB-84A7-7C16FB5A2D5C} [2012.08.16 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1593CBCF-71D8-4922-9F81-9E383AA73A60} [2012.08.16 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3FE3F998-A98D-4BCF-B9D9-BBC8000E94B2} [2012.08.15 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F657A96-CB4A-4A8A-80BA-8FFC8A16ECE4} [2012.08.15 11:01:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{329AA700-139D-4631-B9E8-26385A9E7BF7} [2012.08.14 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{CCE47E2A-71D4-49BB-9286-CBA5E73178DF} [2012.08.14 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{235B4783-F507-4420-94AB-21C6E8A20E2C} [2012.08.14 10:30:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D500D55E-3FEC-4645-A57C-16F772F0FA5C} [2012.08.14 10:29:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DEAB545B-3E0E-46FF-8C66-319BDB3FD443} [2012.08.13 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A529FB1E-40DD-47D1-888F-D61B64AC0EB1} [2012.08.13 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1EB64AE1-6A77-4A9F-965B-6B5D0988B11D} [2012.08.13 12:50:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F0FD0CE4-64A1-4756-9150-0435014F2AF4} [2012.08.13 12:47:00 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09242CD1-8F7B-4997-9B03-98AAA9E50A74} [2012.08.13 12:42:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6BF558A4-EEFA-469B-AB3C-A3A3243B5A06} [2012.08.12 22:02:37 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C6134E32-3977-4D45-A949-5770D15B5568} [2012.08.12 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{265D22C2-AC87-407B-B54C-445D16142163} [2012.08.12 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0007927F-1B3B-493C-BA9C-9982351683E2} [2012.08.11 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{16BC219E-1F4F-4D8A-B905-6D0FD6FF7F1E} [2012.08.11 20:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4796B4-BB8A-4F1E-9B75-4566B1E06304} [2012.08.10 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4D61EF-56FB-474A-ADF0-90F8850EBFF8} [2012.08.10 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9850D84-C6DF-4A64-88C7-8CB1ED95D644} [2012.08.10 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2AD0015B-D892-4404-B30F-38432CD275DB} [2012.08.10 16:34:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A6ED1F27-6276-4714-81E8-4178289221DD} [2012.08.10 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E5EBAA16-1448-449A-9443-3A4F2C142838} [2012.08.10 16:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0B247A6C-5AD1-4D9C-B2F1-95B260617B94} [2012.08.10 16:06:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2029247A-564D-40BC-AE0B-D9A4F9AF0CE3} [2012.08.10 08:59:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B0FA90AC-B680-49AF-B968-C575ED8EE9C1} [2012.08.10 08:58:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9A65D1D6-98DD-4401-9AAF-5CCD1D1B4BB8} [2012.08.09 23:09:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{10B1C940-9893-4F3D-B4EC-13E6C226FBC0} [2012.08.09 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{98D3447D-AAE5-4F4F-8FFB-45367DA96458} [2012.08.09 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{07844FC0-1D70-45B5-A8C0-40F0871EEEF8} [2012.08.09 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{38A7E366-6DA0-492E-B7B6-72F6F84B4FA2} [2012.08.09 22:32:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B57F4E3F-0AB9-4630-9310-30E0916C8546} [2012.08.09 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{234097D9-2F21-4982-B1BD-0119E4BE6E83} [2012.08.09 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C77C0E2-0FE9-4A41-B671-7D11E2157363} [2012.08.09 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9234AFF-7823-4EC1-8085-BD81A84F8B42} [2012.08.09 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A68F3D6C-5153-4324-9C8A-39AB0D09DAD7} [2012.08.07 15:58:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{00C87FE3-57C1-42BC-9184-0B30F1009C12} [2012.08.07 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{29736AA0-1648-4131-9276-3189EE78B609} [2012.08.07 13:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2012.08.07 13:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.08.07 10:56:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72C83036-D81F-4BB7-8056-FE9F961B84DC} [2012.08.07 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72DADEAC-5D0E-4795-804C-8480ED2FCD86} [2012.08.07 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0031334B-26DF-4556-BA36-2567F4E93647} [2012.08.07 00:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C82B9163-1957-4A14-9F6A-CD969AE552AC} [2012.08.07 00:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{035ABF51-B01D-45A2-99C0-2B8467B10FBB} [2012.08.06 19:32:51 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A63A484B-70BD-4A5B-8E9E-DC75513FFA94} [2012.08.06 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BA786DBB-8021-42FF-A57C-EC0F5047EE42} [2012.08.06 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{86965326-1D17-471B-8BAE-15E3044A65C7} [2012.08.06 19:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.08.06 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{85690C93-B110-4CFD-A52A-867A05637366} [2012.08.06 18:48:52 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.08.06 18:48:52 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.08.06 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{EB0D8360-DAD3-4A01-A8A4-FC8499CBA761} [2012.08.06 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AE0A9576-389B-4E0F-84D2-A44F78C90302} [2012.08.06 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{56F86133-E31C-40D2-9B0A-0672D5BC198A} [2012.08.06 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9F732ED4-F573-405D-B7F0-639D72353837} [2012.08.03 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{ADA8BDFD-0F54-4C7D-8E28-84336DC3B52F} [2012.08.03 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AC10F047-2D0E-4B53-926F-241132F254CE} [2012.08.02 11:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DA47A535-DD3F-4C5A-A7BE-123125559428} [2012.08.02 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{33EAC64C-401A-4887-B0CD-A73F9FA87887} [2012.08.02 11:02:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BB97C8AC-AA90-405B-BD9E-134EF8035520} [2012.08.01 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{860AC8F7-DA3D-4250-8932-7224FD095D39} [2012.08.01 23:46:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{8B53A927-1814-41F4-908E-0F2A3EF5C86D} [2012.08.01 21:11:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6A08337E-A716-4D59-A95C-769B1F4D4AAD} [2012.08.01 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{79DE48C0-9805-485D-9678-B5D035747196} [2012.08.01 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B6663AAC-CC98-4FC7-8F39-4F19ED9152CC} [2012.08.01 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F7B3B580-A777-4FDC-B9A0-4EC827DB72C8} [2012.08.01 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F827077D-3F73-41AA-8563-B74E66891EC9} [2012.08.01 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F65D0177-D47A-4BD0-9282-9DC3EF444870} [2012.08.01 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{572C8788-618F-4208-B08F-79E1E3A1D458} [2012.08.01 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9AFFFE7E-A738-450D-9D57-786D79AB0CEC} [2012.08.01 17:07:48 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A9D4F693-72CC-4177-8603-0FA079EB2AA3} [2012.08.01 17:07:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1E6646F1-6D28-4FA6-B736-AED03FC0E613} [2012.08.01 14:56:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4E2197BD-3342-46A3-B903-3FE1065A1DAE} [2012.08.01 14:56:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4F0A1B00-723D-4F8C-AFD1-AA9F7082744A} [2012.08.01 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4917CD4-4A28-4F8A-A9ED-088EBD80710C} [2012.08.01 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C8C35CAA-C2EC-4AF4-B972-B304387AB271} [2012.08.01 13:52:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7F4AB77C-6877-43CE-9807-243184BC76BD} [2012.08.01 13:52:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C15C71EE-50CA-4A57-8EF0-86085E0A3452} [2012.08.01 12:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.08.01 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{08D68D36-3FD3-4986-B701-7171E1040859} [2012.08.01 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{953F335F-D602-4C2D-A266-19FC4BF2DF6D} [2012.08.01 09:31:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D96FBB31-0A06-4178-A0CA-E0917A56C63D} [2012.08.01 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{689BD84C-1E6E-4BA1-B6E2-80486DE4B0F3} [2012.08.01 01:33:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C90C69D-54E8-4B15-9F0F-0E1F474A3003} [2012.08.01 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BD723880-BFA9-4F3C-AB34-75E5D546EA37} [2012.08.01 01:19:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E25BC7DF-6F41-4690-9402-E11BF8FBE186} [2012.08.01 01:19:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7332A06F-6BED-4449-B566-125471268C26} [2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012.08.01 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.08.01 00:09:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ManyCam [2012.08.01 00:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012.08.01 00:09:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\ManyCam [2012.08.01 00:09:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\APN [2012.08.01 00:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.08.01 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam [2012.07.31 23:48:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\WoW [2012.07.31 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2012.07.31 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09087301-0FC5-4574-AFC1-063A28384D37} [2012.07.31 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A3504A6B-6B43-48BF-ADE9-F7E992D0FBDC} [2012.07.31 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3728EC00-2B45-44C6-AADE-14B6449BF3A9} [2012.07.31 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C7083A91-A51C-4622-A60B-E2F27A31759D} [2012.07.30 11:25:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{FE078EA5-9B01-48A9-AD8A-174A3835B069} [2012.07.30 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AF419906-4D9F-46FA-9662-1384C3BCAD64} [2012.07.29 22:13:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{378C3D81-2C18-4C5A-8E1E-77B5DE9E3249} [2012.07.29 22:12:42 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F782117-A36A-4F8A-8A9E-C9834E6CA2C7} [2012.07.29 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3CACBB2B-E555-4A64-B504-5C16547C603C} [2012.07.29 15:31:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7262FA37-7B44-4FA2-8140-161316BC2F90} [1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.28 12:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.28 12:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\defogger_reenable [2012.08.28 12:06:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 11:56:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.28 11:56:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.28 11:56:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.28 11:56:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.28 11:56:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.28 11:52:25 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.28 11:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.28 11:52:01 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.08.28 11:36:40 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2012.08.21 11:02:41 | 002,163,445 | ---- | M] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf [2012.08.21 10:56:52 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.21 10:56:51 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.21 10:30:09 | 000,000,216 | ---- | M] () -- C:\Users\Dominik\Desktop\SweetPcFix.url [2012.08.18 03:20:19 | 000,286,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.16 18:28:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.07 13:32:38 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012.08.06 15:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll [2012.08.02 00:10:28 | 000,000,017 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res [2012.08.01 23:46:36 | 000,006,400 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll [2012.08.01 13:15:29 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.08.01 00:10:07 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.07.31 23:47:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.31 13:31:26 | 000,000,018 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat [1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.28 12:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\defogger_reenable [2012.08.28 11:36:40 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.21 11:02:34 | 002,163,445 | ---- | C] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf [2012.08.21 10:56:52 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.21 10:56:51 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.21 10:30:09 | 000,000,216 | ---- | C] () -- C:\Users\Dominik\Desktop\SweetPcFix.url [2012.08.15 11:09:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.01 23:46:36 | 000,006,400 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll [2012.08.01 00:10:07 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.07.31 23:47:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.31 22:50:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.07.31 13:31:26 | 000,000,018 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat [2012.07.28 21:33:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll [2012.07.28 21:33:15 | 000,000,017 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res [2012.04.30 13:28:52 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.02.29 21:46:42 | 1301,272,174 | ---- | C] () -- C:\Users\Dominik\SilkroadOnline_GlobalOfficial_v1_351_LEGEND_8.exe [2012.02.02 18:27:26 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.02.02 18:27:26 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.01.29 21:41:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.08.22 00:17:22 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ICQ [2012.07.28 21:32:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\kock [2012.02.04 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LolClient [2012.08.01 00:10:29 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ManyCam [2012.08.21 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\pdfforge [2012.08.21 10:57:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2012.07.28 21:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UAs [2012.08.01 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\xmldm [2012.07.21 02:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.08.2012 12:29:43 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free
8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E259EA-BF11-4541-BB08-B4356EDF6D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19B009B6-74F7-429F-B784-2BEFDC393965}" = lport=139 | protocol=6 | dir=in | app=system |
"{244D7D3C-DBD1-46C6-AB0E-B933A9AB56EB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2D28D130-608D-4091-AC82-990C01CC522D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D3CC969-7661-4EEC-B90D-E0F35F701027}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38E0FA51-44F3-4BC3-80E7-D65687862B07}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FFAA57A-70C7-40FC-94A4-E52A56A3601E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E2373EB-DD85-4953-9EC9-BF119C0DAFC8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4F5D5DD3-158C-4043-8B6E-DD9CE201E54E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{594A5207-C271-4E7F-85E7-E055DFA44B27}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{5B12B54B-F45D-4DDB-9375-C8F841770295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BFC9C15-BA8B-451B-A2C2-B109F6337662}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{621EA96B-5B7D-4D39-AED9-C008272FD025}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{670AFBBF-B189-419B-AD7A-F93977834C7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6BA214DE-6B15-4C1D-9AA2-3132EEC9BDC4}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{72D20341-A39A-43D0-90ED-595CF65EE480}" = rport=445 | protocol=6 | dir=out | app=system |
"{8087B877-C48F-422B-9C4D-209FC0B9CAD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{808B08D7-1CA8-4D4B-9A5F-7DDEF354C820}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{83CED0B6-F22C-428E-9D5B-D0921B2C5B79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84D57231-3C0C-440D-801E-80C8669A8EC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{91698BE0-F0D2-45E3-A30D-18349CB4B56D}" = lport=138 | protocol=17 | dir=in | app=system |
"{929A3E62-6D1E-4CBF-B528-7ED3A1E55E3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9731BDA6-92C8-4053-93B2-6D52A49E1601}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{A110EAF0-39D2-42CA-B90C-1854B17DC986}" = rport=138 | protocol=17 | dir=out | app=system |
"{A699B036-7E4F-4957-9CB5-5A8612747446}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A9588D78-67BF-4A12-B181-53FA576224BE}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{C45F672A-055C-4094-A81E-3E33268F0CD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9488AC5-C7EC-4E3E-8737-795A47466D8E}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF46BD05-A098-4030-AC31-A571691D599C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D7D9076A-C896-4D6D-A7A4-3B8FFD30F3E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBFD5D9C-469D-4A42-9ACD-957D45E6EFEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E105D083-6957-4681-9D65-0CBCE639629D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E25E6975-CCAD-4532-B8EB-3660F8986804}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{EC01D01E-D542-45D4-95C2-AB17B53D3069}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED4B6021-1990-4238-A999-1BC222FB49A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F316006D-676F-41A3-A6D0-C96E3FB0D7A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6A9CCBE-7729-48B1-A885-B320E2EF3779}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{F95ABC00-26AA-4A7E-B3F7-56715E77E20D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FC075A32-60D9-45E0-86D7-FD9D0461C9E5}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{FDE59EEE-39A1-4E64-A2FA-BA1E8D4E0F5A}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011148A8-B22D-4A2E-8603-FD1301D7F681}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02604856-2469-4B63-A1F7-92BDA47347FC}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{02A07994-58F8-4FA9-9109-98F39B62734E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{03E68AFF-C030-46BC-A7D4-B5B66147AABF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{06BFA27E-8257-481C-B05A-0FDA0D028921}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1D83992D-F104-48D8-AA83-D08AEDA1A78F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{1DF84089-1EFD-48A4-A009-121237C5F42D}" = protocol=6 | dir=out | app=system |
"{2363BAAB-4BDE-4C91-A394-4EFFB3822762}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{2C946469-2FAB-4003-84FF-80D5286825A2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{377A57C5-5811-4643-A1A0-AD64F0BE5CC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{37E20A6F-B805-43B8-A783-E002741EA18F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D3D6384-7CA8-4C6E-BFC6-4F702513EC11}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{3E22EDEB-5CE3-41F7-9D14-0CD25E5A0C90}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{4559A80E-6CC0-4C7B-BCA9-9C6807ACC00E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4672AAA2-8B13-435D-8E49-59F671C425C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4910260B-9823-4C89-BA1F-6924F89D737E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4EB0BA9C-AE76-4D6D-AE0F-C52A813EF08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5179F720-6BE5-474B-8EED-02CF416EA7B0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{594796F5-D6AC-4070-B564-9466FF789970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AFDCAA7-A3BF-431C-960A-A60AB56F236B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{5BF3314E-3FFB-4159-8ABB-881BA3B57A35}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E1148BF-9077-489F-BC2A-795E571C4349}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{607E43D0-7423-4882-BAD1-ADDE00623C97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60DC9BB3-974E-4D56-9152-338DD89E05C0}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{61E66727-5C76-4B38-AF26-98CB263FC2A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A1F79A0-F3BC-4D6A-AE69-81A2BAE7A91B}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{6BD03DBD-1C97-429C-B517-504B1699DE64}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7199BFE8-1203-44D8-9993-2F43E64905A2}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{7472E6E0-E5BD-4414-9960-CB12D6E35F07}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{822FE985-EA50-4E7A-967F-BDBE9F7AAC30}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{8B6055DE-F1C2-4754-9E22-B39D36AD9ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{8CBB2022-1115-4B04-BF27-EC20760A7AAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{915E0EA5-C731-4B82-A6AD-80A15432425A}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{98059B26-519E-4C50-A199-BD74C43BC600}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2BBB699-4A80-496B-BA40-4B96700DFF22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A40C7C0B-3AF9-4A98-B973-7014C2B89FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{AEDE413B-6F4E-4256-B976-7F81270E200E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3946BC7-CEFF-439C-AD47-2F7E64A2066E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{C3C5A101-2BF4-40DD-959A-0CB35827ED0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C98F4849-A180-4536-8B45-B7C93C42DC35}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CD59FA48-203B-4B9E-846E-34A33910CAA6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{CD8488AC-B3FA-4CC4-B00A-F84A83EAC493}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CE39C1FD-0029-4CA0-B973-14409D7B8571}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{CF2A5A8B-124F-4945-B32C-372B9371AF4C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D2B70495-DC8A-40AD-A840-A25807A089D5}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{D30C9440-8198-49F1-8944-085EEE70098F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4F3C1D8-64E1-4B63-9A14-3580B8176E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{D5413057-675A-4BE6-AC66-3D74A2B06589}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{E10B6E7A-7740-4AA4-83CD-D247A52C72B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4247834-2FC0-404D-9C9B-4F20DB7A8774}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{E4D2B6BD-EFFF-4538-B4F8-C464A1649C54}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{E5B8117F-DC29-4886-847F-B641A8B6CF3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EACA8257-5E8A-4235-AEFE-66B80F371BA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBBFCFCD-45E8-46DA-9FBD-E3C0B9DF06E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EF764ECC-ED4D-43A1-9284-75F7CBA99E92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F3163611-A6BD-45A4-9D42-E15CBBA59A90}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{FAD355B3-60E8-4536-959F-C5754D7B4348}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FDE5B6B7-AA0C-42C6-AB37-D787957B03CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"TCP Query User{0166F507-7DA3-491A-8DB1-E63A1B31F9F3}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{4B52ADA7-0160-44C1-9064-6D597E0E9048}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{90E0BA9E-A15A-41BE-B49B-544392BCE737}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe |
"TCP Query User{92A20F08-92C7-40B1-85ED-0D53F2445D35}C:\users\dominik\desktop\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\srobot.exe |
"TCP Query User{A3A9D230-18B4-466A-85DD-BA65C647DB83}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{BB3305F2-1C2B-432C-845D-990D1A934DA4}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{CA94B588-D3A7-40C3-9B35-D59972E4853A}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{CF5C20FD-4CF9-48C3-86DD-145C026F5AA5}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe |
"TCP Query User{E3573D12-92EA-4B41-A839-7B7F3D4E1BA6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E85DF1DE-E3F6-4D00-9116-B90810B3F7B5}C:\users\dominik\downloads\sro\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe |
"TCP Query User{EAEF591F-B241-47AB-9B8E-0643FE39D36E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{F6AC5CC1-D90C-4FAC-AC99-6B2F91322859}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"TCP Query User{F8704388-CA2D-4BB2-A5D3-EB2DA78EF0A8}C:\users\dominik\downloads\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\srobot.exe |
"UDP Query User{0E95E684-AE93-42BC-8427-8F386286192B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{2F6F4088-2FBE-42E2-AA22-349DA8D2D723}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{3BC1ECA8-3D45-4436-A081-DA8B206D2B96}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"UDP Query User{750E2F01-25B5-4135-B762-166C31E91537}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{785BAE2C-ED87-4F5D-949C-31442AA2E96C}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{917603E9-C845-4420-828C-F5D4A7D675FA}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe |
"UDP Query User{93A51768-02CA-49DF-B037-CEAF0AC1F2BB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B181E1E1-3B40-4FE2-9783-B05748350720}C:\users\dominik\desktop\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\srobot.exe |
"UDP Query User{CA4D8911-9DBC-4B15-A5C5-960A75BFD537}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{D1285684-05A8-4C86-B2E4-C1058982D02F}C:\users\dominik\downloads\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\srobot.exe |
"UDP Query User{E176F75C-A3AB-4086-A7BB-145BCD9DE34D}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe |
"UDP Query User{F0B1AD79-DBFC-44C3-80C7-F75192DC3A45}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{F165D046-D577-4B8C-8A81-5A517793269D}C:\users\dominik\downloads\sro\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C8D55041-A13C-4620-8DF4-9C5A9C16908D}" = G Data TotalCare
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Azureus" = Azureus
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManyCam" = ManyCam 3.0.80 (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Risk II_is1" = Risk II
"Silkroad" = Silkroad
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.08.2012 14:38:05 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Wow.exe, Version: 4.3.4.15595, Zeitstempel:
0x4f84d63a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fa50 ID des fehlerhaften Prozesses:
0x10a0 Startzeit der fehlerhaften Anwendung: 0x01cd7014c89bb1a0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\World of Warcraft\Wow.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 07719980-dc08-11e1-a188-4061864b7971
Error - 01.08.2012 17:47:39 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x74c8e2c4 ID des fehlerhaften
Prozesses: 0x10f0 Startzeit der fehlerhaften Anwendung: 0x01cd702f1ee0a8d0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 8331e308-dc22-11e1-9efe-4061864b7971
Error - 01.08.2012 18:05:48 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset:
0x73dbaa34 ID des fehlerhaften Prozesses: 0x1d30 Startzeit der fehlerhaften Anwendung:
0x01cd702f47dd78f8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung:
0c7d7dc8-dc25-11e1-9efe-4061864b7971
Error - 01.08.2012 18:38:41 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c8e2c4 ID des fehlerhaften
Prozesses: 0x1744 Startzeit der fehlerhaften Anwendung: 0x01cd703271d6ed58 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a470eaf8-dc29-11e1-9efe-4061864b7971
Error - 01.08.2012 18:49:21 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset:
0x70b4aa34 ID des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung:
0x01cd70366ff426c8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung:
21eb4dd8-dc2b-11e1-9efe-4061864b7971
Error - 01.08.2012 18:49:27 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset:
0x70b4aa34 ID des fehlerhaften Prozesses: 0x12e8 Startzeit der fehlerhaften Anwendung:
0x01cd7034b10f6598 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung:
255a35d8-dc2b-11e1-9efe-4061864b7971
Error - 07.08.2012 07:14:38 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2760 Startzeit:
01cd74856d5cfb58 Endzeit: 650 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe
Berichts-ID:
Error - 09.08.2012 15:11:27 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13f8 Startzeit:
01cd765fff6642f8 Endzeit: 690 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe
Berichts-ID:
Error - 21.08.2012 04:41:04 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dominik\Downloads\SoftonicDownloader_for_risk-2.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 22.08.2012 07:37:17 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 166c Startzeit: 01cd805a61535e70 Endzeit: 14 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
[ System Events ]
Error - 24.06.2012 15:37:41 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?06.?2012 um 21:35:48 unerwartet heruntergefahren.
Error - 24.06.2012 16:04:50 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?06.?2012 um 22:03:18 unerwartet heruntergefahren.
Error - 25.06.2012 15:57:10 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?06.?2012 um 21:55:08 unerwartet heruntergefahren.
Error - 28.06.2012 03:05:18 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?06.?2012 um 23:40:53 unerwartet heruntergefahren.
Error - 28.07.2012 17:20:48 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?07.?2012 um 23:18:47 unerwartet heruntergefahren.
Error - 28.07.2012 17:20:51 | Computer Name = DOMINIK-PC | Source = BugCheck | ID = 1001
Description =
Error - 31.07.2012 19:18:21 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 01:15:50 unerwartet heruntergefahren.
Error - 31.07.2012 19:20:09 | Computer Name = Dominik-PC | Source = DCOM | ID = 10010
Description =
Error - 31.07.2012 19:32:11 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 01:30:11 unerwartet heruntergefahren.
Error - 01.08.2012 08:55:46 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?08.?2012 um 14:32:34 unerwartet heruntergefahren.
< End of report >
|
|
29.08.2012, 06:02
| #3 | |
| /// Helfer-Team  | GVU Virus nach Systemwiederherstellung Zitat:
__________________ |
|
29.08.2012, 06:03
| #4 |
| /// Helfer-Team | GVU Virus nach Systemwiederherstellung |
|
30.08.2012, 10:55
| #5 |
| | GVU Virus nach Systemwiederherstellung ja warum? hat da ein trojaner alles mitbekommen? |
|
30.08.2012, 19:42
| #6 |
| /// Helfer-Team | GVU Virus nach Systemwiederherstellung Schlechte Nachrichten! Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern. Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________ --> GVU Virus nach Systemwiederherstellung |
|
30.08.2012, 21:59
| #7 |
| | GVU Virus nach Systemwiederherstellung Ich hab einige Spiele drauf die mehrere Gigabyte haben und die man zur Installation zum größten Teil downloaden muss (WoW, Starcraft etc.) gibt es Möglichkeiten das zu retten? Kann man einfach den ganzen Ordner auf ne externe verschieben? und microsoft office.. die cd besitz ich nicht mehr kann ich das rüberziehen? |
|
31.08.2012, 09:30
| #8 | |
| /// Helfer-Team | GVU Virus nach Systemwiederherstellung Nein, du kannst keine ausfuehrbaren Dateien mitnehmen! Du muss alles neu machen (alles neu runterladen) Zitat:
|
|
| Themen zu GVU Virus nach Systemwiederherstellung |
| acroiehelpe180.dll, battle.net, bho, browser, email, entfernen, excel, firefox, flash player, google, home, iexplore.exe, install.exe, langs, logfile, msiexec.exe, ntdll.dll, nvidia update, plug-in, programm, realtek, registry, richtlinie, scan, security, software, svchost.exe, sweetim, trojaner, virus, windows |
Linear-Darstellung
