|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner nach BackupWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.08.2012, 15:46 | #1 |
| GVU Trojaner nach Backup Hallo Trojaner Gemeinde. Bin den GVU Virus vor zwei Wochen durch Systemwiederherstellung(jedoch nur vom Vortag) vorzeitig losgeworden. Dachte ich. Hab jetzt gestern eine Email bekommen von einem Anbieter, dass mein Konto gesperrt wurde aufgrund verdächtiger Bewegungen und verschiedene Sachen. Denke ich hab den Virus also doch noch drauf -.- Hab versucht alle Schritte abzuarbeiten : Malwarebyte: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.28.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Dominik :: DOMINIK-PC [Administrator] Schutz: Aktiviert 28.08.2012 11:47:26 mbam-log-2012-08-28 (11-47-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212734 Laufzeit: 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Dominik\AppData\Roaming\AcroIEHelpe180.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL: Code:
ATTFilter OTL logfile created on: 28.08.2012 12:29:42 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free 8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.28 12:11:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Downloads\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.21 19:39:30 | 002,043,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe PRC - [2009.03.02 16:33:02 | 000,920,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe PRC - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe PRC - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe ========== Modules (No Company Name) ========== MOD - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2009.03.02 14:09:30 | 000,588,360 | ---- | M] () -- C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.14 23:27:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.22 19:12:14 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.05.25 09:25:28 | 002,214,504 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe -- (AVKService) SRV - [2009.02.25 04:24:52 | 000,852,040 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe -- (G Data Backup Service) SRV - [2009.02.25 04:18:58 | 000,907,336 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe -- (G Data Tuner Service) SRV - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.02.25 03:32:46 | 001,905,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe -- (AVKWCtl) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.22 19:03:29 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.01.22 19:03:11 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.01.22 19:02:45 | 000,048,072 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.08.11 13:46:46 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2011.05.25 09:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV - [2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 39 59 D7 22 D9 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{4C867F62-3B83-42F5-A6F4-94C4C6942B27}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0AC79DA4-49EB-461A-94EE-1F9F69815688&apn_sauid=9D8C6F13-BB66-41FC-B95C-3FAA4C627594 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\ CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Ask Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\ CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll () O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll () O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6549C2A9-1353-4B27-A247-98E100D1FD97}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82FF7BF9-407A-4A45-8B5C-6AFFFDECE4C9}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.28 11:37:31 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2012.08.28 11:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.28 11:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 11:36:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 11:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.28 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D61A716A-1393-473F-ABC0-E26EC01161BF} [2012.08.25 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{017905A8-2EDA-4037-8696-9DBEAC6126D8} [2012.08.23 08:47:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AA2B18AF-BC5B-46AE-B9BB-ECC88B07D595} [2012.08.22 10:18:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A931F075-0C04-4CA1-A97C-EA310067B345} [2012.08.21 22:15:06 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{60CFB0F3-EE71-49B5-802D-AAE5B2EF6EAA} [2012.08.21 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2012.08.21 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.08.21 10:57:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.08.21 10:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.21 10:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.08.21 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\pdfforge [2012.08.21 10:56:42 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.08.21 10:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012.08.21 10:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.08.21 10:13:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F84985FD-E867-4BB4-B428-57C405838797} [2012.08.20 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7AB08069-073D-4BCE-9C03-49D1721F37C4} [2012.08.18 20:28:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B1D40AF9-9795-45B4-B99F-B0D1BC2C7398} [2012.08.18 20:28:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F8A8BA6C-51A3-4C68-BD45-F5851F574B3D} [2012.08.17 09:40:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DABE8470-8BF0-435F-AED3-DFBF9C879D9A} [2012.08.17 09:39:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C58989A3-3509-4C31-A17E-352CB67FC828} [2012.08.17 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2F6804EE-7E15-4FA1-889F-48CCA9FB82B7} [2012.08.17 00:18:34 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F734149-E2E8-4999-95E2-CD6AC04E325D} [2012.08.16 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3072A8FD-0999-480B-919C-615374A5DC88} [2012.08.16 19:04:46 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4898FEE-7153-44EB-B897-3CD9D151045E} [2012.08.16 18:58:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7B59A063-9355-4177-BEFE-F721389CEF5D} [2012.08.16 18:28:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{52D3737E-B4A2-48F8-8E30-4FACABD5F36E} [2012.08.16 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{777A45BB-37D3-4E9C-9EDE-0AFE2F01C234} [2012.08.16 18:21:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2EC69E1B-A1A5-4DCB-84A7-7C16FB5A2D5C} [2012.08.16 12:26:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1593CBCF-71D8-4922-9F81-9E383AA73A60} [2012.08.16 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3FE3F998-A98D-4BCF-B9D9-BBC8000E94B2} [2012.08.15 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F657A96-CB4A-4A8A-80BA-8FFC8A16ECE4} [2012.08.15 11:01:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{329AA700-139D-4631-B9E8-26385A9E7BF7} [2012.08.14 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{CCE47E2A-71D4-49BB-9286-CBA5E73178DF} [2012.08.14 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{235B4783-F507-4420-94AB-21C6E8A20E2C} [2012.08.14 10:30:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D500D55E-3FEC-4645-A57C-16F772F0FA5C} [2012.08.14 10:29:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DEAB545B-3E0E-46FF-8C66-319BDB3FD443} [2012.08.13 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A529FB1E-40DD-47D1-888F-D61B64AC0EB1} [2012.08.13 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1EB64AE1-6A77-4A9F-965B-6B5D0988B11D} [2012.08.13 12:50:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F0FD0CE4-64A1-4756-9150-0435014F2AF4} [2012.08.13 12:47:00 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09242CD1-8F7B-4997-9B03-98AAA9E50A74} [2012.08.13 12:42:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6BF558A4-EEFA-469B-AB3C-A3A3243B5A06} [2012.08.12 22:02:37 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C6134E32-3977-4D45-A949-5770D15B5568} [2012.08.12 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{265D22C2-AC87-407B-B54C-445D16142163} [2012.08.12 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0007927F-1B3B-493C-BA9C-9982351683E2} [2012.08.11 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{16BC219E-1F4F-4D8A-B905-6D0FD6FF7F1E} [2012.08.11 20:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4796B4-BB8A-4F1E-9B75-4566B1E06304} [2012.08.10 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F4D61EF-56FB-474A-ADF0-90F8850EBFF8} [2012.08.10 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9850D84-C6DF-4A64-88C7-8CB1ED95D644} [2012.08.10 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2AD0015B-D892-4404-B30F-38432CD275DB} [2012.08.10 16:34:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A6ED1F27-6276-4714-81E8-4178289221DD} [2012.08.10 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E5EBAA16-1448-449A-9443-3A4F2C142838} [2012.08.10 16:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0B247A6C-5AD1-4D9C-B2F1-95B260617B94} [2012.08.10 16:06:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{2029247A-564D-40BC-AE0B-D9A4F9AF0CE3} [2012.08.10 08:59:16 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B0FA90AC-B680-49AF-B968-C575ED8EE9C1} [2012.08.10 08:58:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9A65D1D6-98DD-4401-9AAF-5CCD1D1B4BB8} [2012.08.09 23:09:17 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{10B1C940-9893-4F3D-B4EC-13E6C226FBC0} [2012.08.09 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{98D3447D-AAE5-4F4F-8FFB-45367DA96458} [2012.08.09 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{07844FC0-1D70-45B5-A8C0-40F0871EEEF8} [2012.08.09 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{38A7E366-6DA0-492E-B7B6-72F6F84B4FA2} [2012.08.09 22:32:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B57F4E3F-0AB9-4630-9310-30E0916C8546} [2012.08.09 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{234097D9-2F21-4982-B1BD-0119E4BE6E83} [2012.08.09 21:13:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C77C0E2-0FE9-4A41-B671-7D11E2157363} [2012.08.09 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E9234AFF-7823-4EC1-8085-BD81A84F8B42} [2012.08.09 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A68F3D6C-5153-4324-9C8A-39AB0D09DAD7} [2012.08.07 15:58:47 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{00C87FE3-57C1-42BC-9184-0B30F1009C12} [2012.08.07 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{29736AA0-1648-4131-9276-3189EE78B609} [2012.08.07 13:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2012.08.07 13:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.08.07 10:56:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72C83036-D81F-4BB7-8056-FE9F961B84DC} [2012.08.07 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{72DADEAC-5D0E-4795-804C-8480ED2FCD86} [2012.08.07 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0031334B-26DF-4556-BA36-2567F4E93647} [2012.08.07 00:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C82B9163-1957-4A14-9F6A-CD969AE552AC} [2012.08.07 00:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{035ABF51-B01D-45A2-99C0-2B8467B10FBB} [2012.08.06 19:32:51 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A63A484B-70BD-4A5B-8E9E-DC75513FFA94} [2012.08.06 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BA786DBB-8021-42FF-A57C-EC0F5047EE42} [2012.08.06 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{86965326-1D17-471B-8BAE-15E3044A65C7} [2012.08.06 19:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.08.06 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{85690C93-B110-4CFD-A52A-867A05637366} [2012.08.06 18:48:52 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.08.06 18:48:52 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.08.06 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{EB0D8360-DAD3-4A01-A8A4-FC8499CBA761} [2012.08.06 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AE0A9576-389B-4E0F-84D2-A44F78C90302} [2012.08.06 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{56F86133-E31C-40D2-9B0A-0672D5BC198A} [2012.08.06 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9F732ED4-F573-405D-B7F0-639D72353837} [2012.08.03 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{ADA8BDFD-0F54-4C7D-8E28-84336DC3B52F} [2012.08.03 17:18:33 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AC10F047-2D0E-4B53-926F-241132F254CE} [2012.08.02 11:40:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{DA47A535-DD3F-4C5A-A7BE-123125559428} [2012.08.02 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{33EAC64C-401A-4887-B0CD-A73F9FA87887} [2012.08.02 11:02:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BB97C8AC-AA90-405B-BD9E-134EF8035520} [2012.08.01 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{860AC8F7-DA3D-4250-8932-7224FD095D39} [2012.08.01 23:46:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{8B53A927-1814-41F4-908E-0F2A3EF5C86D} [2012.08.01 21:11:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{6A08337E-A716-4D59-A95C-769B1F4D4AAD} [2012.08.01 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{79DE48C0-9805-485D-9678-B5D035747196} [2012.08.01 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{B6663AAC-CC98-4FC7-8F39-4F19ED9152CC} [2012.08.01 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F7B3B580-A777-4FDC-B9A0-4EC827DB72C8} [2012.08.01 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F827077D-3F73-41AA-8563-B74E66891EC9} [2012.08.01 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{F65D0177-D47A-4BD0-9282-9DC3EF444870} [2012.08.01 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{572C8788-618F-4208-B08F-79E1E3A1D458} [2012.08.01 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{9AFFFE7E-A738-450D-9D57-786D79AB0CEC} [2012.08.01 17:07:48 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A9D4F693-72CC-4177-8603-0FA079EB2AA3} [2012.08.01 17:07:27 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{1E6646F1-6D28-4FA6-B736-AED03FC0E613} [2012.08.01 14:56:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4E2197BD-3342-46A3-B903-3FE1065A1DAE} [2012.08.01 14:56:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{4F0A1B00-723D-4F8C-AFD1-AA9F7082744A} [2012.08.01 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E4917CD4-4A28-4F8A-A9ED-088EBD80710C} [2012.08.01 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C8C35CAA-C2EC-4AF4-B972-B304387AB271} [2012.08.01 13:52:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7F4AB77C-6877-43CE-9807-243184BC76BD} [2012.08.01 13:52:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C15C71EE-50CA-4A57-8EF0-86085E0A3452} [2012.08.01 12:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.08.01 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{08D68D36-3FD3-4986-B701-7171E1040859} [2012.08.01 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{953F335F-D602-4C2D-A266-19FC4BF2DF6D} [2012.08.01 09:31:43 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{D96FBB31-0A06-4178-A0CA-E0917A56C63D} [2012.08.01 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{689BD84C-1E6E-4BA1-B6E2-80486DE4B0F3} [2012.08.01 01:33:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0C90C69D-54E8-4B15-9F0F-0E1F474A3003} [2012.08.01 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{BD723880-BFA9-4F3C-AB34-75E5D546EA37} [2012.08.01 01:19:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{E25BC7DF-6F41-4690-9402-E11BF8FBE186} [2012.08.01 01:19:40 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7332A06F-6BED-4449-B566-125471268C26} [2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Pro [2012.08.01 00:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012.08.01 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.08.01 00:09:22 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\ManyCam [2012.08.01 00:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012.08.01 00:09:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\ManyCam [2012.08.01 00:09:05 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\APN [2012.08.01 00:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.08.01 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam [2012.07.31 23:48:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\WoW [2012.07.31 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2012.07.31 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{09087301-0FC5-4574-AFC1-063A28384D37} [2012.07.31 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{A3504A6B-6B43-48BF-ADE9-F7E992D0FBDC} [2012.07.31 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3728EC00-2B45-44C6-AADE-14B6449BF3A9} [2012.07.31 13:30:54 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{C7083A91-A51C-4622-A60B-E2F27A31759D} [2012.07.30 11:25:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{FE078EA5-9B01-48A9-AD8A-174A3835B069} [2012.07.30 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{AF419906-4D9F-46FA-9662-1384C3BCAD64} [2012.07.29 22:13:03 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{378C3D81-2C18-4C5A-8E1E-77B5DE9E3249} [2012.07.29 22:12:42 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{0F782117-A36A-4F8A-8A9E-C9834E6CA2C7} [2012.07.29 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{3CACBB2B-E555-4A64-B504-5C16547C603C} [2012.07.29 15:31:12 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\{7262FA37-7B44-4FA2-8140-161316BC2F90} [1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.28 12:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.28 12:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\defogger_reenable [2012.08.28 12:06:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 11:59:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 11:56:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.28 11:56:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.28 11:56:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.28 11:56:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.28 11:56:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.28 11:52:25 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.28 11:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.28 11:52:01 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.08.28 11:36:40 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.28 11:09:44 | 000,104,904 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2012.08.21 11:02:41 | 002,163,445 | ---- | M] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf [2012.08.21 10:56:52 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.21 10:56:51 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.21 10:30:09 | 000,000,216 | ---- | M] () -- C:\Users\Dominik\Desktop\SweetPcFix.url [2012.08.18 03:20:19 | 000,286,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.16 18:28:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.07 13:32:38 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2012.08.06 15:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll [2012.08.02 00:10:28 | 000,000,017 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res [2012.08.01 23:46:36 | 000,006,400 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll [2012.08.01 13:15:29 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.08.01 00:10:07 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.07.31 23:47:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.31 13:31:26 | 000,000,018 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat [1 C:\Users\Dominik\AppData\Roaming\*.tmp files -> C:\Users\Dominik\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.28 12:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\defogger_reenable [2012.08.28 11:36:40 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.21 11:02:34 | 002,163,445 | ---- | C] () -- C:\Users\Dominik\Desktop\Zeugnis.pdf [2012.08.21 10:56:52 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.21 10:56:51 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.21 10:30:09 | 000,000,216 | ---- | C] () -- C:\Users\Dominik\Desktop\SweetPcFix.url [2012.08.15 11:09:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.01 23:46:36 | 000,006,400 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll [2012.08.01 00:10:07 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.07.31 23:47:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.31 22:50:10 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.07.31 13:31:26 | 000,000,018 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\urhtps.dat [2012.07.28 21:33:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll [2012.07.28 21:33:15 | 000,000,017 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\blckdom.res [2012.04.30 13:28:52 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.02.29 21:46:42 | 1301,272,174 | ---- | C] () -- C:\Users\Dominik\SilkroadOnline_GlobalOfficial_v1_351_LEGEND_8.exe [2012.02.02 18:27:26 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.02.02 18:27:26 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.01.29 21:41:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.08.22 00:17:22 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ICQ [2012.07.28 21:32:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\kock [2012.02.04 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LolClient [2012.08.01 00:10:29 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ManyCam [2012.08.21 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\pdfforge [2012.08.21 10:57:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software [2012.07.28 21:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UAs [2012.08.01 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\xmldm [2012.07.21 02:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.08.2012 12:29:43 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dominik\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,53% Memory free 8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 910,41 Gb Total Space | 789,49 Gb Free Space | 86,72% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,33 Gb Free Space | 51,67% Space Free | Partition Type: NTFS Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10E259EA-BF11-4541-BB08-B4356EDF6D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19B009B6-74F7-429F-B784-2BEFDC393965}" = lport=139 | protocol=6 | dir=in | app=system | "{244D7D3C-DBD1-46C6-AB0E-B933A9AB56EB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2D28D130-608D-4091-AC82-990C01CC522D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2D3CC969-7661-4EEC-B90D-E0F35F701027}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38E0FA51-44F3-4BC3-80E7-D65687862B07}" = rport=139 | protocol=6 | dir=out | app=system | "{3FFAA57A-70C7-40FC-94A4-E52A56A3601E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E2373EB-DD85-4953-9EC9-BF119C0DAFC8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4F5D5DD3-158C-4043-8B6E-DD9CE201E54E}" = lport=10243 | protocol=6 | dir=in | app=system | "{594A5207-C271-4E7F-85E7-E055DFA44B27}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 | "{5B12B54B-F45D-4DDB-9375-C8F841770295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5BFC9C15-BA8B-451B-A2C2-B109F6337662}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{621EA96B-5B7D-4D39-AED9-C008272FD025}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{670AFBBF-B189-419B-AD7A-F93977834C7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6BA214DE-6B15-4C1D-9AA2-3132EEC9BDC4}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{72D20341-A39A-43D0-90ED-595CF65EE480}" = rport=445 | protocol=6 | dir=out | app=system | "{8087B877-C48F-422B-9C4D-209FC0B9CAD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{808B08D7-1CA8-4D4B-9A5F-7DDEF354C820}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{83CED0B6-F22C-428E-9D5B-D0921B2C5B79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84D57231-3C0C-440D-801E-80C8669A8EC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{91698BE0-F0D2-45E3-A30D-18349CB4B56D}" = lport=138 | protocol=17 | dir=in | app=system | "{929A3E62-6D1E-4CBF-B528-7ED3A1E55E3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9731BDA6-92C8-4053-93B2-6D52A49E1601}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{A110EAF0-39D2-42CA-B90C-1854B17DC986}" = rport=138 | protocol=17 | dir=out | app=system | "{A699B036-7E4F-4957-9CB5-5A8612747446}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A9588D78-67BF-4A12-B181-53FA576224BE}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port | "{C45F672A-055C-4094-A81E-3E33268F0CD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C9488AC5-C7EC-4E3E-8737-795A47466D8E}" = lport=445 | protocol=6 | dir=in | app=system | "{CF46BD05-A098-4030-AC31-A571691D599C}" = rport=10243 | protocol=6 | dir=out | app=system | "{D7D9076A-C896-4D6D-A7A4-3B8FFD30F3E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DBFD5D9C-469D-4A42-9ACD-957D45E6EFEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E105D083-6957-4681-9D65-0CBCE639629D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E25E6975-CCAD-4532-B8EB-3660F8986804}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{EC01D01E-D542-45D4-95C2-AB17B53D3069}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ED4B6021-1990-4238-A999-1BC222FB49A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F316006D-676F-41A3-A6D0-C96E3FB0D7A0}" = rport=137 | protocol=17 | dir=out | app=system | "{F6A9CCBE-7729-48B1-A885-B320E2EF3779}" = lport=53 | protocol=6 | dir=in | name=rtldns-port | "{F95ABC00-26AA-4A7E-B3F7-56715E77E20D}" = lport=2869 | protocol=6 | dir=in | app=system | "{FC075A32-60D9-45E0-86D7-FD9D0461C9E5}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 | "{FDE59EEE-39A1-4E64-A2FA-BA1E8D4E0F5A}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{011148A8-B22D-4A2E-8603-FD1301D7F681}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{02604856-2469-4B63-A1F7-92BDA47347FC}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | "{02A07994-58F8-4FA9-9109-98F39B62734E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{03E68AFF-C030-46BC-A7D4-B5B66147AABF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{06BFA27E-8257-481C-B05A-0FDA0D028921}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1D83992D-F104-48D8-AA83-D08AEDA1A78F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{1DF84089-1EFD-48A4-A009-121237C5F42D}" = protocol=6 | dir=out | app=system | "{2363BAAB-4BDE-4C91-A394-4EFFB3822762}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "{2C946469-2FAB-4003-84FF-80D5286825A2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{377A57C5-5811-4643-A1A0-AD64F0BE5CC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{37E20A6F-B805-43B8-A783-E002741EA18F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3D3D6384-7CA8-4C6E-BFC6-4F702513EC11}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe | "{3E22EDEB-5CE3-41F7-9D14-0CD25E5A0C90}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{4559A80E-6CC0-4C7B-BCA9-9C6807ACC00E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4672AAA2-8B13-435D-8E49-59F671C425C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4910260B-9823-4C89-BA1F-6924F89D737E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4EB0BA9C-AE76-4D6D-AE0F-C52A813EF08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5179F720-6BE5-474B-8EED-02CF416EA7B0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{594796F5-D6AC-4070-B564-9466FF789970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5AFDCAA7-A3BF-431C-960A-A60AB56F236B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{5BF3314E-3FFB-4159-8ABB-881BA3B57A35}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{5E1148BF-9077-489F-BC2A-795E571C4349}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{607E43D0-7423-4882-BAD1-ADDE00623C97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60DC9BB3-974E-4D56-9152-338DD89E05C0}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{61E66727-5C76-4B38-AF26-98CB263FC2A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A1F79A0-F3BC-4D6A-AE69-81A2BAE7A91B}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{6BD03DBD-1C97-429C-B517-504B1699DE64}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{7199BFE8-1203-44D8-9993-2F43E64905A2}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | "{7472E6E0-E5BD-4414-9960-CB12D6E35F07}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{822FE985-EA50-4E7A-967F-BDBE9F7AAC30}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{8B6055DE-F1C2-4754-9E22-B39D36AD9ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{8CBB2022-1115-4B04-BF27-EC20760A7AAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{915E0EA5-C731-4B82-A6AD-80A15432425A}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | "{98059B26-519E-4C50-A199-BD74C43BC600}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2BBB699-4A80-496B-BA40-4B96700DFF22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A40C7C0B-3AF9-4A98-B973-7014C2B89FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{AEDE413B-6F4E-4256-B976-7F81270E200E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3946BC7-CEFF-439C-AD47-2F7E64A2066E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{C3C5A101-2BF4-40DD-959A-0CB35827ED0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C98F4849-A180-4536-8B45-B7C93C42DC35}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CD59FA48-203B-4B9E-846E-34A33910CAA6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{CD8488AC-B3FA-4CC4-B00A-F84A83EAC493}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{CE39C1FD-0029-4CA0-B973-14409D7B8571}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{CF2A5A8B-124F-4945-B32C-372B9371AF4C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{D2B70495-DC8A-40AD-A840-A25807A089D5}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "{D30C9440-8198-49F1-8944-085EEE70098F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D4F3C1D8-64E1-4B63-9A14-3580B8176E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{D5413057-675A-4BE6-AC66-3D74A2B06589}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{E10B6E7A-7740-4AA4-83CD-D247A52C72B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E4247834-2FC0-404D-9C9B-4F20DB7A8774}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | "{E4D2B6BD-EFFF-4538-B4F8-C464A1649C54}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | "{E5B8117F-DC29-4886-847F-B641A8B6CF3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EACA8257-5E8A-4235-AEFE-66B80F371BA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EBBFCFCD-45E8-46DA-9FBD-E3C0B9DF06E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EF764ECC-ED4D-43A1-9284-75F7CBA99E92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F3163611-A6BD-45A4-9D42-E15CBBA59A90}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{FAD355B3-60E8-4536-959F-C5754D7B4348}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FDE5B6B7-AA0C-42C6-AB37-D787957B03CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "TCP Query User{0166F507-7DA3-491A-8DB1-E63A1B31F9F3}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "TCP Query User{4B52ADA7-0160-44C1-9064-6D597E0E9048}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "TCP Query User{90E0BA9E-A15A-41BE-B49B-544392BCE737}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe | "TCP Query User{92A20F08-92C7-40B1-85ED-0D53F2445D35}C:\users\dominik\desktop\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\srobot.exe | "TCP Query User{A3A9D230-18B4-466A-85DD-BA65C647DB83}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{BB3305F2-1C2B-432C-845D-990D1A934DA4}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{CA94B588-D3A7-40C3-9B35-D59972E4853A}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "TCP Query User{CF5C20FD-4CF9-48C3-86DD-145C026F5AA5}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe | "TCP Query User{E3573D12-92EA-4B41-A839-7B7F3D4E1BA6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{E85DF1DE-E3F6-4D00-9116-B90810B3F7B5}C:\users\dominik\downloads\sro\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe | "TCP Query User{EAEF591F-B241-47AB-9B8E-0643FE39D36E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{F6AC5CC1-D90C-4FAC-AC99-6B2F91322859}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "TCP Query User{F8704388-CA2D-4BB2-A5D3-EB2DA78EF0A8}C:\users\dominik\downloads\srobot.exe" = protocol=6 | dir=in | app=c:\users\dominik\downloads\srobot.exe | "UDP Query User{0E95E684-AE93-42BC-8427-8F386286192B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{2F6F4088-2FBE-42E2-AA22-349DA8D2D723}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{3BC1ECA8-3D45-4436-A081-DA8B206D2B96}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "UDP Query User{750E2F01-25B5-4135-B762-166C31E91537}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{785BAE2C-ED87-4F5D-949C-31442AA2E96C}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "UDP Query User{917603E9-C845-4420-828C-F5D4A7D675FA}C:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\sro_full_client_downloader_bmt_v8.exe | "UDP Query User{93A51768-02CA-49DF-B037-CEAF0AC1F2BB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{B181E1E1-3B40-4FE2-9783-B05748350720}C:\users\dominik\desktop\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\srobot.exe | "UDP Query User{CA4D8911-9DBC-4B15-A5C5-960A75BFD537}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | "UDP Query User{D1285684-05A8-4C86-B2E4-C1058982D02F}C:\users\dominik\downloads\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\srobot.exe | "UDP Query User{E176F75C-A3AB-4086-A7BB-145BCD9DE34D}C:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\microsoft\windows\temporary internet files\content.ie5\b64l2qap\starcraft_2_eu_de-de.exe | "UDP Query User{F0B1AD79-DBFC-44C3-80C7-F75192DC3A45}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "UDP Query User{F165D046-D577-4B8C-8A81-5A517793269D}C:\users\dominik\downloads\sro\srobot.exe" = protocol=17 | dir=in | app=c:\users\dominik\downloads\sro\srobot.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C8D55041-A13C-4620-8DF4-9C5A9C16908D}" = G Data TotalCare "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Azureus" = Azureus "Guard.Mail.ru" = Guard.ICQ "ICQToolbar" = ICQ Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "ManyCam" = ManyCam 3.0.80 (remove only) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Risk II_is1" = Risk II "Silkroad" = Silkroad "Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2 "StarCraft II" = StarCraft II "WinLiveSuite" = Windows Live Essentials "Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro "Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.08.2012 14:38:05 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Wow.exe, Version: 4.3.4.15595, Zeitstempel: 0x4f84d63a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fa50 ID des fehlerhaften Prozesses: 0x10a0 Startzeit der fehlerhaften Anwendung: 0x01cd7014c89bb1a0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\Wow.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 07719980-dc08-11e1-a188-4061864b7971 Error - 01.08.2012 17:47:39 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x74c8e2c4 ID des fehlerhaften Prozesses: 0x10f0 Startzeit der fehlerhaften Anwendung: 0x01cd702f1ee0a8d0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 8331e308-dc22-11e1-9efe-4061864b7971 Error - 01.08.2012 18:05:48 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73dbaa34 ID des fehlerhaften Prozesses: 0x1d30 Startzeit der fehlerhaften Anwendung: 0x01cd702f47dd78f8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung: 0c7d7dc8-dc25-11e1-9efe-4061864b7971 Error - 01.08.2012 18:38:41 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c8e2c4 ID des fehlerhaften Prozesses: 0x1744 Startzeit der fehlerhaften Anwendung: 0x01cd703271d6ed58 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a470eaf8-dc29-11e1-9efe-4061864b7971 Error - 01.08.2012 18:49:21 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 0x70b4aa34 ID des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung: 0x01cd70366ff426c8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung: 21eb4dd8-dc2b-11e1-9efe-4061864b7971 Error - 01.08.2012 18:49:27 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9cd53 Name des fehlerhaften Moduls: AcroIEHelpe180.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50197269 Ausnahmecode: 0xc0000005 Fehleroffset: 0x70b4aa34 ID des fehlerhaften Prozesses: 0x12e8 Startzeit der fehlerhaften Anwendung: 0x01cd7034b10f6598 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe180.dll Berichtskennung: 255a35d8-dc2b-11e1-9efe-4061864b7971 Error - 07.08.2012 07:14:38 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002 Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2760 Startzeit: 01cd74856d5cfb58 Endzeit: 650 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe Berichts-ID: Error - 09.08.2012 15:11:27 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002 Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13f8 Startzeit: 01cd765fff6642f8 Endzeit: 690 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe Berichts-ID: Error - 21.08.2012 04:41:04 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dominik\Downloads\SoftonicDownloader_for_risk-2.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 22.08.2012 07:37:17 | Computer Name = Dominik-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 166c Startzeit: 01cd805a61535e70 Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: [ System Events ] Error - 24.06.2012 15:37:41 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?06.?2012 um 21:35:48 unerwartet heruntergefahren. Error - 24.06.2012 16:04:50 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?06.?2012 um 22:03:18 unerwartet heruntergefahren. Error - 25.06.2012 15:57:10 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?25.?06.?2012 um 21:55:08 unerwartet heruntergefahren. Error - 28.06.2012 03:05:18 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?27.?06.?2012 um 23:40:53 unerwartet heruntergefahren. Error - 28.07.2012 17:20:48 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?07.?2012 um 23:18:47 unerwartet heruntergefahren. Error - 28.07.2012 17:20:51 | Computer Name = DOMINIK-PC | Source = BugCheck | ID = 1001 Description = Error - 31.07.2012 19:18:21 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?08.?2012 um 01:15:50 unerwartet heruntergefahren. Error - 31.07.2012 19:20:09 | Computer Name = Dominik-PC | Source = DCOM | ID = 10010 Description = Error - 31.07.2012 19:32:11 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?08.?2012 um 01:30:11 unerwartet heruntergefahren. Error - 01.08.2012 08:55:46 | Computer Name = Dominik-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?08.?2012 um 14:32:34 unerwartet heruntergefahren. < End of report > |
28.08.2012, 16:23 | #2 |
/// Malware-holic | GVU Trojaner nach Backup hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.08.06 15:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll [2012.08.01 23:46:36 | 000,006,400 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
28.08.2012, 20:38 | #3 |
| GVU Trojaner nach BackupCode:
ATTFilter All processes killed ========== OTL ========== C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe.dll moved successfully. C:\Users\Dominik\AppData\Roaming\BAcroIEHelpe180.dll moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Dominik ->Flash cache emptied: 27321 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dominik ->Temp folder emptied: 255521402 bytes ->Temporary Internet Files folder emptied: 901348640 bytes ->Java cache emptied: 801381 bytes ->Google Chrome cache emptied: 142661539 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 510735187 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36050696 bytes RecycleBin emptied: 93872629 bytes Total Files Cleaned = 1.851,00 mb OTL by OldTimer - Version 3.2.55.0 log created on 08282012_213216 Files\Folders moved on Reboot... C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... Ist der Virus jetzt weg ? :/ Geändert von Dome1993 (28.08.2012 um 20:44 Uhr) |
28.08.2012, 20:39 | #4 |
/// Malware-holic | GVU Trojaner nach Backup sehr gut, weiter mit dem upload bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.08.2012, 21:24 | #5 |
| GVU Trojaner nach Backup hab ich getan virus jetzt weg ? :/ |
29.08.2012, 11:22 | #6 |
/// Malware-holic | GVU Trojaner nach Backup hi nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ --> GVU Trojaner nach Backup |
30.08.2012, 10:56 | #7 |
| GVU Trojaner nach Backup jaa berufliches zahlungsabwicklungen und onlinebanking... warum das ? oO konnte das jemand ausspionieren ? oO |
30.08.2012, 19:40 | #8 |
/// Malware-holic | GVU Trojaner nach Backup bank bitte anrufen, onlinebanking wegen trojan.banker sperren lassen der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.08.2012, 22:06 | #9 |
| GVU Trojaner nach Backup reicht das nicht den pin des onlinebanking zu ändern? |
04.09.2012, 20:56 | #10 |
/// Malware-holic | GVU Trojaner nach Backup nein, sonst hätte ich das geschrieben. außer du hast natürlich genug geld, ums mit fremden zu teilen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu GVU Trojaner nach Backup |
acroiehelpe180.dll, antivirus, autorun, bho, browser, email, entfernen, error, excel, firefox, flash player, format, helper, home, homepage, iexplore.exe, install.exe, konto gesperrt, langs, logfile, msiexec.exe, ntdll.dll, nvidia update, plug-in, realtek, registry, richtlinie, rundll, security, software, svchost.exe, sweetim, trojaner, usb, virus |