Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Skype und Verschlüßelungstrojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.11.2012, 21:49   #1
Quartz234
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Hallo Forum,

ich, bzw mein jüngerer Bruder, habe seit geraumer Zeit mehrere vermutlich Virenbedingte PC Probleme. Das ganze geht seit ungefähr 2 Wochen, er weis die genaue Reihenfolge und das auftreten allerdings nicht mehr genau. Ich habe mich bereits Anhand der Symptome im Internet informiert und versucht den Virus zu identifizieren, allerdings bin ich mir unsicher was ich genau habe. Ich Schildere jetzt hier einfach mal alle Probleme/Symptome und im Anschluss alles was ich bereits Unternomen habe:

- Mein Bruder hat sich auf jeden Fall diesen Skype Trojaner eingefangen(Er hat ungefähr so eine Nachricht bekommen "Sind das deine Fotos" und eine Datei heruntergeladen und ausgeführt) Was alles genau nicht funktioniert hat weis er nicht mehr, er hat dan anhand irgendeiner Anleitung im Internet Dateien gelöscht damit Skype wieder funktioniert
- Ein Ordner mit Fotos ist auf einmal verschwunden
- Er kommt nicht mehr richtig ins Internet, über den Browser gehts für 20 Sekunden, dann nicht mehr, erst nach dem man das Netzwerkkabel aus und wieder ein steckt, gehts wieder kurz. Das lässt sich beliebig oft wiederholen.

Wir haben folgendes Unternommen:

-Kaspersky Lab installiert(Vollversion), Updates gemacht, System gescannt. Hat auch einiges gefunden
- Mit einem Wiederherstellungstool (recuva) nach gelöschten Fotos gesucht, diese auch gefunden und wiederhergestellt. Nun kann mal allerdings die meisten Fotos nicht öffnen. Verschlüsselungstrojaner?
-Beim Internet Problem bin ich ratlos


So, dann habe ich noch gemacht was unter "Für alle Hilfesuchenden" steht. Ich poste nun mal alle Logfiles incl. Kaspersky :

Kaspersky
Code:
ATTFilter
Status: Gelöscht  (Ereignisse: 23)	
27.10.2012 18:53:37	Gelöscht	Adware not-a-virus:HEUR:AdWare.Win32.SweetIM.gen	D:\MEDIA\installation\FlashPlayer install.exe//UPX	Mittel	
27.10.2012 18:53:37	Gelöscht	Adware not-a-virus:HEUR:AdWare.Win32.SweetIM.gen	D:\MEDIA\installation\FlashPlayer install.exe	Mittel	
27.10.2012 18:03:55	Gelöscht	trojanisches Programm Trojan.Win32.Agent.hwcw	C:\Windows\Temp\wincout.exe	Hoch	
27.10.2012 17:33:09	Gelöscht	trojanisches Programm Trojan.Win32.Yakes.axwp	C:\Documents and Settings\Public\nvsvc32.exe	Hoch	
27.10.2012 17:31:23	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\FF98.exe	Hoch	
27.10.2012 17:31:23	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\F8DF.exe	Hoch	
27.10.2012 17:31:23	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\E08.exe	Hoch	
27.10.2012 17:31:23	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\DE32.exe	Hoch	
27.10.2012 17:31:23	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\D600.exe	Hoch	
27.10.2012 17:31:22	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\D176.exe	Hoch	
27.10.2012 17:31:22	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\C3F.exe	Hoch	
27.10.2012 17:31:22	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\C17E.exe	Hoch	
27.10.2012 17:31:22	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\A632.exe	Hoch	
27.10.2012 17:31:22	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\9481.exe	Hoch	
27.10.2012 17:31:22	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\904D.exe	Hoch	
27.10.2012 17:31:22	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\8C4B.exe	Hoch	
27.10.2012 17:31:21	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\5B4D.exe	Hoch	
27.10.2012 17:31:21	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\5234.exe	Hoch	
27.10.2012 17:31:21	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\31DD.exe	Hoch	
27.10.2012 17:31:21	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Documents and Settings\kingkong\Anwendungsdaten\316C.exe	Hoch	
27.10.2012 17:29:35	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Users\kingkong\AppData\Roaming\4569.exe	Hoch	
27.10.2012 17:29:35	Gelöscht	trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra	C:\Users\kingkong\AppData\Roaming\A4DA.exe	Hoch	
27.10.2012 16:55:44	Gelöscht	Virus HEUR:Trojan.Win32.Generic	c:\Users\kingkong\AppData\Roaming\Xroaox.exe	Hoch	
Status: Verdächtig  (Ereignisse: 3)	
30.10.2012 22:25:54	Verdächtig	legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen PDM.Keylogger	kernel mode memory patch	Mittel	
30.10.2012 16:43:18	Verdächtig	legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen PDM.Keylogger	D:\SPIELE\VIETCONGNEU2\VIETCONG\VIETCONG.EXE	Mittel	
27.10.2012 19:37:56	Verdächtig	legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen PDM.Keylogger	D:\SPIELE\BATTELFIELD PLAY FOR FREE\BFP4F.EXE	Mittel	
Status: Nicht vorhanden  (Ereignisse: 1)	
27.10.2012 19:41:20	Nicht gefunden	legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen not-a-virus:HEUR:WebToolbar.Win32.BetterInstaller.gen	D:\$RECYCLE.BIN\S-1-5-21-2865795408-1716504761-312820871-1000\$RXZ01G7.exe//biclient.exe	Niedrig
         
Defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:25 on 06/11/2012 (kingkong)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11/6/2012 9:27:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kingkong\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.79% Memory free
7.83 Gb Paging File | 5.91 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 32.51 Gb Free Space | 32.51% Space Free | Partition Type: NTFS
Drive D: | 578.01 Gb Total Space | 490.59 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
 
Computer Name: MARKUS | User Name: kingkong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/11/06 21:23:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kingkong\Desktop\OTL.exe
PRC - [2012/10/19 01:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/10/17 14:22:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/08/23 14:40:04 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/30 13:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011/02/16 22:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
PRC - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010/09/30 02:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/08/13 15:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2007/01/31 15:14:28 | 000,360,448 | ---- | M] (Ricoh Company, Ltd.) -- C:\Program Files (x86)\Caplio Software\RGateLXP.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/10/01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtGui4.dll
MOD - [2010/10/01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtCore4.dll
MOD - [2010/10/01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\localization_manager.dll
MOD - [2009/10/30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\dblite.dll
MOD - [2004/05/11 11:38:20 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Caplio Software\zlib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/09/13 14:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012/08/23 14:40:04 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2011/01/05 22:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 22:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 22:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/07 23:58:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 23:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/28 22:19:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 15:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/17 14:22:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/13 13:12:08 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/29 11:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/02/16 22:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe -- (Sierra Wireless QDL Service)
SRV - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/27 16:48:02 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 11:45:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/15 03:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/24 06:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 06:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/22 17:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 13:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/03/08 13:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/04 00:58:00 | 000,424,448 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3kmbb00.sys -- (swg3kmbb00)
DRV:64bit: - [2011/02/04 00:57:20 | 000,073,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibusflt00.sys -- (swibusflt00)
DRV:64bit: - [2011/02/04 00:57:20 | 000,073,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibus00.sys -- (swibus00)
DRV:64bit: - [2011/02/04 00:57:06 | 000,034,304 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kflt00.sys -- (swg3kflt00)
DRV:64bit: - [2011/02/04 00:56:58 | 000,256,384 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kser00.sys -- (swg3kser00)
DRV:64bit: - [2011/02/04 00:56:58 | 000,256,384 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3knmea00.sys -- (swg3knmea00)
DRV:64bit: - [2011/01/04 03:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/28 19:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/09 14:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010/05/07 03:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/12/14 11:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2009/12/14 11:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2009/11/19 13:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 06:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 11:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 11:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5B31D884-E7E4-470F-B0A6-5CEED594F51F}
IE:64bit: - HKLM\..\SearchScopes\{5B31D884-E7E4-470F-B0A6-5CEED594F51F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.26010003&st=12&barid={9DEC6880-81A4-4F42-A349-DB97AAD2AEAD}
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {5B31D884-E7E4-470F-B0A6-5CEED594F51F}
IE - HKLM\..\SearchScopes\{5B31D884-E7E4-470F-B0A6-5CEED594F51F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.26010003&st=12&q={searchTerms}&barid={9DEC6880-81A4-4F42-A349-DB97AAD2AEAD}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {5B31D884-E7E4-470F-B0A6-5CEED594F51F}
IE - HKCU\..\SearchScopes\{04237ED4-1BC3-44D7-A572-7ABDD93A0614}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=4f7cb9fe-44b5-4b15-8df5-a440a6e8ad71&apn_sauid=DC45494C-AF2A-496E-A17B-127332AF48FA
IE - HKCU\..\SearchScopes\{5B31D884-E7E4-470F-B0A6-5CEED594F51F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=4f7cb9fe-44b5-4b15-8df5-a440a6e8ad71&apn_ptnrs=%5EAGS&apn_sauid=DC45494C-AF2A-496E-A17B-127332AF48FA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\vlc mediaplayer\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/03 17:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/03 17:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 22:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2012/10/27 16:48:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 22:19:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/10/16 17:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingkong\AppData\Roaming\mozilla\Extensions
[2012/10/23 16:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingkong\AppData\Roaming\mozilla\Firefox\Profiles\poh75szc.default\extensions
[2012/10/16 17:47:36 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\kingkong\AppData\Roaming\mozilla\Firefox\Profiles\poh75szc.default\extensions\battlefieldplay4free@ea.com
[2012/10/28 22:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/28 22:19:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012/10/28 22:19:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Driver Whiz] D:\windows sounds\sounds\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false File not found
O4 - Startup: C:\Users\kingkong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Change your facebook look - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll (TODO: <Company name>)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEE701F9-6002-45EE-9721-E93128467913}: DhcpNameServer = 192.168.178.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF14B3B1-F238-4E26-B063-2221317D56C6}: DhcpNameServer = 192.168.178.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/06 21:25:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kingkong\Desktop\OTL.exe
[2012/11/06 21:19:12 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (4)
[2012/11/06 21:19:12 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (3)
[2012/11/06 21:19:10 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (2)
[2012/11/06 21:19:05 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012/11/06 19:22:13 | 000,000,000 | ---D | C] -- C:\Fotos
[2012/11/04 10:39:57 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/10/29 15:21:04 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\Diagnostics
[2012/10/28 22:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/27 16:48:39 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2012/10/27 16:48:39 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2012/10/27 16:48:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/10/27 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2012/10/27 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE
[2012/10/27 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/27 16:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/27 16:48:02 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/27 16:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/10/27 15:52:04 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\AskToolbar
[2012/10/27 15:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/10/27 15:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/10/27 09:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/27 09:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/10/22 13:53:05 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Roaming\PCCUStubInstaller
[2012/10/22 13:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/10/22 13:53:00 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\PC_Drivers_Headquarters
[2012/10/22 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2012/10/22 13:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz
[2012/10/16 22:24:33 | 000,000,000 | ---D | C] -- C:\Users\kingkong\Documents\Battlefield Play4Free
[2012/10/16 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\Macromedia
[2012/10/16 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Roaming\Mozilla
[2012/10/16 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\Mozilla
[2012/10/16 17:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/16 17:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/15 20:59:53 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Roaming\WinRAR
[2012/10/09 16:39:26 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\PunkBuster
[2012/09/21 19:42:30 | 019,054,352 | ---- | C] (GIANTS Software                                             ) -- C:\Users\kingkong\FarmingSimulator2011Patch2.2DE.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/06 21:25:56 | 000,000,000 | ---- | M] () -- C:\Users\kingkong\defogger_reenable
[2012/11/06 21:23:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kingkong\Desktop\OTL.exe
[2012/11/06 21:23:00 | 000,050,477 | ---- | M] () -- C:\Users\kingkong\Desktop\Defogger.exe
[2012/11/06 21:13:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/06 20:33:21 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/06 19:33:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/05 20:46:03 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 20:46:03 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 19:14:46 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/05 19:14:46 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/11/05 19:14:46 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/05 19:14:46 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/11/05 19:14:46 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 21:03:14 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/11/04 21:03:14 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/11/04 11:13:44 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/11/04 11:13:44 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/04 11:13:37 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/11/03 13:27:18 | 000,001,221 | ---- | M] () -- C:\Users\kingkong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
[2012/11/03 13:25:09 | 3152,506,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/27 19:25:07 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/27 17:14:37 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/27 17:14:37 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/27 16:48:02 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/17 14:22:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/16 17:44:37 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/06 21:25:56 | 000,000,000 | ---- | C] () -- C:\Users\kingkong\defogger_reenable
[2012/11/06 21:25:03 | 000,050,477 | ---- | C] () -- C:\Users\kingkong\Desktop\Defogger.exe
[2012/11/04 20:55:43 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/11/04 20:55:43 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/10/27 16:48:47 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/10/27 16:48:47 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/10/27 09:00:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/17 14:18:24 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/10/16 17:44:37 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/16 17:44:37 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/21 19:39:12 | 000,000,680 | RHS- | C] () -- C:\Users\kingkong\ntuser.pol
[2012/07/07 10:12:14 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/07 10:11:57 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/03 23:26:14 | 000,000,980 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/01 17:01:11 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SUPPORT.INI
[2011/12/25 11:50:08 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/12/25 11:50:08 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/12/25 09:28:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/12/25 05:55:27 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011/12/25 05:55:27 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011/12/25 05:55:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/05/07 18:16:59 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 01:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/02 01:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/02 01:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/05/02 01:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/02 01:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010/11/25 05:43:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/04 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\.minecraft
[2012/10/05 14:14:44 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\.terasology
[2012/09/22 09:55:33 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\Canon
[2011/05/07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\Fujitsu
[2012/09/21 19:39:26 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\Fujitsu Launch Center
[2012/10/22 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\PCCUStubInstaller
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11/6/2012 9:27:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kingkong\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.79% Memory free
7.83 Gb Paging File | 5.91 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 32.51 Gb Free Space | 32.51% Space Free | Partition Type: NTFS
Drive D: | 578.01 Gb Total Space | 490.59 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
 
Computer Name: MARKUS | User Name: kingkong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017BCFDE-7942-4272-9AEA-62AF81A0C8FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0194E714-8467-47AB-AD78-63284C73D3D6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{06E89086-29C2-4D18-AC5D-25C083906403}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0D34FE69-8253-440A-8762-D75792B14D50}" = rport=138 | protocol=17 | dir=out | app=system | 
"{39697303-8E2E-442C-8712-8113EC945DB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{43C335CA-2AEB-46AE-9976-46293EE6369F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5E7867D6-69CF-43B0-A7F4-06A3B243CE16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72D2D6CB-674E-4271-BA9E-EA3BB0CCD96B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7892B361-8453-4996-9B06-D26FFE0604A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7A49FAD4-FEEF-4B05-8352-43EF64B72CC0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7DA73E97-ED71-499F-ADEC-B40ABD75872A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C2333D8A-49CB-469A-97C6-3DB1C3181158}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C2801341-CA9F-409B-B4CA-D124FB38A2EA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CA4BD762-A7AB-4727-882B-62402F42E4D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F6A662F2-9A72-487C-A76B-AC67A926E1F8}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C6BDC0-4461-43F9-A87F-FD53F571D808}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{151801DE-8379-4AB3-9E55-7A10DA11E647}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{153DDFAB-7F2F-4B99-A503-775E2BBE95B6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{20896436-C190-4388-90C9-F51221BAAD2C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{20B936E1-FB61-4F9F-BE6C-9E38A76260C5}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{20F7CFE6-5720-48BB-990A-EBAA8CD8BA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{31DAF177-2BA2-40BA-9BFB-49B4D36391A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{32719CCF-70FE-4929-BD7A-92A8BD305825}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{331B12BF-08D6-46D9-B879-2549E6FA0436}" = protocol=17 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\snowcat2011.dll | 
"{42EC16F4-FDBD-4FDD-B068-17B68CD3EC05}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{42F4D90C-419D-4117-9B47-6A2D1CA5F432}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{437B58AC-61FA-4F9B-A386-0DCCEEB76A5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{51D7DB46-520A-4387-A527-61D2BD4F74E0}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{54956544-7A05-48F6-8BCA-BBD5C830DEE9}" = protocol=17 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\iupdate.dll | 
"{6367BA8E-CC6F-48A9-AA6C-C633FBA8C7F5}" = protocol=6 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\snowcat2011.dll | 
"{6399AC6D-74BB-4BD3-8E56-0937267B18C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{653731A5-FB14-434F-BBCF-32FDA602B692}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{68CA7D54-999F-4C5A-A94E-789CBFDAD723}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{6FC3321F-D31F-442D-961A-290336CDD4BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72928B9B-23C9-4C7A-AB72-37C1944769F5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{73416DEF-4528-4C1D-9F8F-D255B2AE685F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | 
"{73458EA1-588A-4B83-8799-15770C6D439C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{73FF8CAB-6DE7-48E2-B2DB-9D70C6BFA60A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7F2558C4-3573-4D96-A8CD-1B208D495312}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F60367F-EB11-4D4C-BF5B-49E11CC84A67}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{82D6BD3A-7677-4846-B484-E92D9661D870}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{88599510-3ABA-46CB-A734-C3A0624C8396}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8AEC4A58-F00F-44E4-86D8-401799BE1DE3}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{8D06D5AB-7647-4735-902A-DDF0DC4F4BDA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DD686D3-3B0C-4B71-BFB1-417133158F6F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{9628FCBE-D346-44C0-A3A1-B6D8F727E342}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{97AE961B-C23B-4674-B110-79DE36011DD2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9A78DA0D-5FB9-4AEB-918C-AC071CA47D8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9B601E1E-5A29-4529-AF79-4D6DBFEB43FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A47D9FD1-B4DF-4EF5-AA65-A83C8C7A8525}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A5D8F862-8C69-4AF3-8DCA-6905200EA40D}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{AEDA65EE-1A06-4D3D-95E2-75B34EA710A0}" = protocol=17 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe | 
"{B0F66C6C-D664-48A6-B516-DBEB2859021B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{BB6A8D13-9DAA-4240-9C48-485A13345648}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C1C95627-496C-4141-AF53-754CC1FFD115}" = protocol=17 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe | 
"{C360380A-C347-4B25-9F75-079412CD8B83}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{C487C5F0-E590-40D3-A025-7770B18D33B0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{C4E6696D-650B-4F92-AED4-B4CAC057CF48}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{C854ABDC-3B33-4644-B113-D01C00BE0F16}" = protocol=6 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\iupdate.dll | 
"{D025DAFC-B7E1-4402-B0DB-A19B3AD40A3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6F50812-9B04-4BC3-9584-9613BD70717B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DB33AEAF-1640-457E-802E-85ED1018A925}" = protocol=6 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe | 
"{E2F38963-A68C-4225-BC66-63B32989FF29}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E9C70965-C998-4011-93C1-CA028BB5EBB8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EC66966B-800B-4436-812A-855957C7F040}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{F01CD302-3234-4ABD-95A4-5EF6EE7105E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F449777F-BD37-421B-91CF-C23ED1CC2996}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F4594059-1AD0-43CD-9751-136BE3D94AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{F6B5E89F-FFEC-432E-8599-7661750EECC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | 
"{F81DAE36-F012-45D7-B79F-D4EAB469E0BC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{FA1F7A55-8066-462B-9FBA-09016B6E497C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{FC52CC17-8D98-45F2-AD7E-26355693BDF3}" = protocol=6 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe | 
"TCP Query User{07593F01-FF54-4A53-8F49-3553489EABEA}D:\spiele\stronghold\stronghold2.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold\stronghold2.exe | 
"TCP Query User{3970252F-2478-412B-80DE-2A1773D40853}D:\spiele\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\spiele\left4dead\left4dead.exe | 
"TCP Query User{4630814A-D31F-44A1-BA19-51380DDBB594}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe | 
"TCP Query User{89BDF480-F755-4860-B66B-1B0D41BFFF1F}D:\spiele\flat out2\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe | 
"TCP Query User{91EBD3AE-14EE-4DA6-9355-C4CE1D262F38}D:\spiele\stronghold\stronghold2.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold\stronghold2.exe | 
"TCP Query User{AE67E190-AA7B-410F-98B3-5AD7B4DAF79E}D:\spiele\vietcongneu\vietcong.exe" = protocol=6 | dir=in | app=d:\spiele\vietcongneu\vietcong.exe | 
"TCP Query User{C091F683-A23D-467A-89A2-A709EF5BD2EC}D:\stronghold\stronghold2.exe" = protocol=6 | dir=in | app=d:\stronghold\stronghold2.exe | 
"TCP Query User{C74C4FF8-D286-491F-BD33-13ED66A9EFE8}D:\spiele\cod4\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele\cod4\iw3mp.exe | 
"TCP Query User{DCE44E6D-7B7D-49F7-84F9-AAABB4F44E85}D:\spiele\generals\stunde null\game.dat" = protocol=6 | dir=in | app=d:\spiele\generals\stunde null\game.dat | 
"TCP Query User{EFE7E236-7C7D-4F85-84A1-FD569C847FA2}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{FAFA3760-B563-4836-BCB1-3D90BA2ED081}D:\aoe gold\empiresx.exe" = protocol=6 | dir=in | app=d:\aoe gold\empiresx.exe | 
"TCP Query User{FD274282-B84F-4BC2-BD66-B44650D8C6C8}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{0202E547-B9EB-45FB-A72E-2B7D120950CC}D:\spiele\generals\stunde null\game.dat" = protocol=17 | dir=in | app=d:\spiele\generals\stunde null\game.dat | 
"UDP Query User{21D89624-2DB0-40C6-AABC-7F915C135E40}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{22D9CBF7-746F-4F48-8753-D24DDA87F995}D:\spiele\stronghold\stronghold2.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold\stronghold2.exe | 
"UDP Query User{25D57BEC-0D6B-4CB8-9864-883074177E83}D:\spiele\cod4\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele\cod4\iw3mp.exe | 
"UDP Query User{3E112127-F00B-47E1-9FA8-21485A2967F0}D:\spiele\vietcongneu\vietcong.exe" = protocol=17 | dir=in | app=d:\spiele\vietcongneu\vietcong.exe | 
"UDP Query User{43F7F876-49D3-4F99-8348-4D9B4BC2DA63}D:\spiele\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\spiele\left4dead\left4dead.exe | 
"UDP Query User{4F3C2F8C-F131-46D9-A28D-ADA656B0CFB0}D:\spiele\stronghold\stronghold2.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold\stronghold2.exe | 
"UDP Query User{52BC817B-7760-4907-A8E6-384E0A0D287E}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe | 
"UDP Query User{62BEA6EB-66BC-48D8-8A27-07BEC33BD12A}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{67EC4C8C-DEFF-4F5D-BACB-74556B7C99AA}D:\stronghold\stronghold2.exe" = protocol=17 | dir=in | app=d:\stronghold\stronghold2.exe | 
"UDP Query User{979C15A2-74BF-464C-9E52-E6319ED28F0A}D:\spiele\flat out2\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe | 
"UDP Query User{BDF0D10B-327A-4F61-9BAF-F57E18F30859}D:\aoe gold\empiresx.exe" = protocol=17 | dir=in | app=d:\aoe gold\empiresx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = Web Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}" = Driver Whiz
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8F5F4AB-512F-44EB-9018-3C527AF6A717}" = Irodio Photo & Video Studio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F66CCDA6-950B-4F72-AE59-337765446589}" = Caplio Software
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIS Connect" = AIS Connect
"Audacity_is1" = Audacity 1.2.6
"BabylonToolbar" = Babylon toolbar on IE
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeskUpdate_is1" = DeskUpdate 4.11
"DPP" = Canon Utilities Digital Photo Professional 3.1
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FilesFrog Update Checker" = FilesFrog Update Checker
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"LayoutsExpress" = LayoutsExpress
"LogMeIn Hamachi" = LogMeIn Hamachi
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"STANDARD" = Microsoft Office Standard 2007
"SWIQMIDrvInstaller" = Sierra Wireless QMI Driver Package
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"Waldmeister Sause XXL_is1" = Waldmeister Sause XXL
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/3/2012 8:25:57 AM | Computer Name = Markus | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/3/2012 8:32:49 AM | Computer Name = Markus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlarp.exe, Version: 15.4.3508.1109,
 Zeitstempel: 0x4cda6de3  Name des fehlerhaften Moduls: wlarp.exe, Version: 15.4.3508.1109,
 Zeitstempel: 0x4cda6de3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000bac71  ID des fehlerhaften
 Prozesses: 0xe68  Startzeit der fehlerhaften Anwendung: 0x01cdb9bf5134ef4a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Berichtskennung:
 93a871ed-25b2-11e2-b230-8c736ea49c59
 
Error - 11/4/2012 9:34:58 AM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.70.10 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b2c    Startzeit: 
01cdba90e94116e0    Endzeit: 8    Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Berichts-ID:
   
 
Error - 11/4/2012 4:02:18 PM | Computer Name = Markus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0,
 Zeitstempel: 0x4ce795f5  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932,
 Zeitstempel: 0x503285c2  Ausnahmecode: 0xc0000017  Fehleroffset: 0x000000000000caed
ID
 des fehlerhaften Prozesses: 0x17f8  Startzeit der fehlerhaften Anwendung: 0x01cdbac72a8cf341
Pfad
 der fehlerhaften Anwendung: E:\setup.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung:
 88edc471-26ba-11e2-b230-8c736ea49c59
 
Error - 11/5/2012 9:50:06 AM | Computer Name = Markus | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 11/5/2012 10:42:12 AM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm vietcong.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e1c    Startzeit: 
01cdbb5d1684cf14    Endzeit: 33    Anwendungspfad: D:\spiele\Vietcongneu2\vietcong\vietcong.exe

Berichts-ID:
   
 
Error - 11/5/2012 10:44:50 AM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm StrongholdLegends.exe, Version 1.5.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1670    Startzeit: 01cdbb63cadf5300    Endzeit: 14    Anwendungspfad:
 D:\spiele\strongholds\Firefly Studios\Stronghold Legends\StrongholdLegends.exe    Berichts-ID:
   
 
Error - 11/5/2012 2:01:46 PM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm vietcong.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b60    Startzeit: 
01cdbb7db26346ef    Endzeit: 11    Anwendungspfad: D:\spiele\Vietcongneu2\vietcong\vietcong.exe

Berichts-ID:
   
 
Error - 11/5/2012 2:03:57 PM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm StrongholdLegends.exe, Version 1.5.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1230    Startzeit: 01cdbb7fb836ea20    Endzeit: 17    Anwendungspfad:
 D:\spiele\strongholds\Firefly Studios\Stronghold Legends\StrongholdLegends.exe    Berichts-ID:
   
 
Error - 11/5/2012 2:34:53 PM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm StrongholdLegends.exe, Version 1.5.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1ad0    Startzeit: 01cdbb840326cbd6    Endzeit: 23    Anwendungspfad:
 D:\spiele\strongholds\Firefly Studios\Stronghold Legends\StrongholdLegends.exe    Berichts-ID:
   
 
[ System Events ]
Error - 10/31/2012 5:21:08 PM | Computer Name = Markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%3
 
Error - 11/1/2012 12:20:14 PM | Computer Name = Markus | Source = bowser | ID = 8003
Description = 
 
Error - 11/2/2012 8:24:51 AM | Computer Name = Markus | Source = bowser | ID = 8003
Description = 
 
Error - 11/2/2012 8:31:09 AM | Computer Name = Markus | Source = BROWSER | ID = 8032
Description = 
 
Error - 11/3/2012 8:25:18 AM | Computer Name = Markus | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?11.?2012 um 11:12:30 unerwartet heruntergefahren.
 
Error - 11/3/2012 8:25:25 AM | Computer Name = Markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%3
 
Error - 11/3/2012 12:37:26 PM | Computer Name = Markus | Source = bowser | ID = 8003
Description = 
 
Error - 11/3/2012 12:58:21 PM | Computer Name = Markus | Source = BROWSER | ID = 8032
Description = 
 
Error - 11/4/2012 5:36:47 AM | Computer Name = Markus | Source = bowser | ID = 8003
Description = 
 
Error - 11/5/2012 5:11:35 PM | Computer Name = Markus | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         
--- --- ---



Ok, ich hoffe das ist alles richtig. Im weiteren würde ich gerne wissen, was den nun mich an einem warscheinlich noch nicht befallenen Computer im gleichen Netzwerk vor derartigen Problemen schützen kann?

Vielen Dank,

Andi

Tut mir leid, hab etwas vergessen:

Das wichtigste ist mir das ich checken kann ob die Fotos wiederhergestellt werden können bzw ob ich diesen Verschlüsselungstrojaner habe oder ob es ein anderes Problem ist. Wenn das geklärt ist, kann ich das System problemlos formatieren.

MFG

Geändert von Quartz234 (06.11.2012 um 22:00 Uhr) Grund: Code Tags eingefügt

Alt 12.11.2012, 11:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Zitat:
Das wichtigste ist mir das ich checken kann ob die Fotos wiederhergestellt werden können bzw ob ich diesen Verschlüsselungstrojaner habe oder ob es ein anderes Problem ist. Wenn das geklärt ist, kann ich das System problemlos formatieren.
Was hat Verschwinden mit Verschlüsselung zu tun?
Wenn der Verschlüsselungstrojaner am Werk war, dann wären deine Dateien schrott, also zB mit völlig anderem Dateinamen und nicht mehr zu öffnen


Code:
ATTFilter
PDM.Keylogger	D:\SPIELE\VIETCONGNEU2\VIETCONG\VIETCONG.EXE	Mittel	
PDM.Keylogger	D:\SPIELE\BATTELFIELD PLAY FOR FREE\BFP4F.EXE	Mittel
         
Was genau soll das sein und aus welcher Quelle stammt das?
__________________

__________________

Alt 12.11.2012, 21:40   #3
Quartz234
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Hi,

Vielen Dank erstmal, hier nähere Infos:
Zitat:
Was hat Verschwinden mit Verschlüsselung zu tun?
Wenn der Verschlüsselungstrojaner am Werk war, dann wären deine Dateien schrott, also zB mit völlig anderem Dateinamen und nicht mehr zu öffnen
Es waren alle Bilder gelöscht, ich konnte allerdings nahezu alle mit einem Recovery Tool wiederherstellen. Allerdings habe ich jetzt das Problem, das sich 80% der Bilder nicht öffnen lassen, aber das richtige Dateiformat haben.

Zitat:
PDM.Keylogger D:\SPIELE\VIETCONGNEU2\VIETCONG\VIETCONG.EXE Mittel
PDM.Keylogger D:\SPIELE\BATTELFIELD PLAY FOR FREE\BFP4F.EXE Mittel
Ersteres ist ein Computerspiel, vermutlich schon vor längerer Zeit erstanden auf einer LAN Party, zweites ist ebenfalls ein Computerspiel, eine abgespeckte legale Freeware Version von dieser Seite: hxxp://battlefield.play4free.com/de/

Wie gesagt, beide Programme, sowie das ganze System können problemlos formatiert werden, es geht mir nur um die Fotos.

MFG Andi
__________________

Alt 12.11.2012, 22:07   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Zitat:
Es waren alle Bilder gelöscht,
Gelöscht ist was anderes als Verschlüsselt

Zitat:
, es geht mir nur um die Fotos.
Da die gelöscht wurden, könnte dir bestenfalls noch der ShadowExplorer helfen wenn Datenretter wie Recuvy oder sowas wie PCInspectorFileRecovery nichts bringen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.11.2012, 22:13   #5
Quartz234
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Ich habe die Bilder bereits wiederhergestellt, allerdings werden 80% wenn ich einen doppelklick mache um sie zu öffnen nicht angezeigt, es kommt eine Fehlermeldung, darum habe ich mir gedacht das sie eventuel verschlüsselt worden sind ? Soll ich mal eine Beispieldatei hochladen ?

MFG


Alt 12.11.2012, 22:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Nein, ich kann deine verlorenen Daten auch nicht wieder zurückhexen - zudem stehen alle Möglichkeiten beim Verschlüsselunstrojaner ganz oben angepinnt - die Möglichkeiten sind sehr begrenzt!
Deswegen sollte man im Falle eines Verschlüsselungstrojaners der letzten Generation erstmal prüfen ob man ein einigermaßen aktuelles Backup hat, wenn dann was fehlt wäre der ShadowExplorer günstig und erst wenn alle Stricke reißen versucht man Entschlüsselungstools

Diese Reihenfolge ist am sinnvollsten. Je schneller und wahrscheinlicher man eine Datei aus der Methode zurückbekommt desto eher wendet man sie an. Niemand würde auf die Idee kommen, Tage oder Wochen mit einer Entschlüsselungs Zeit zu verplempern wenn man die Daten eh mal auf einem sicher extern gelegten Datenträger gesichert hat.
__________________
--> Skype und Verschlüßelungstrojaner?

Alt 13.11.2012, 07:27   #7
Quartz234
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Zurückhexen verlangt auch niemand. Ein Backup ist leider nicht vorhanden, den Shadow Explorer werde ich mal probieren. Bevor ich allerdings recht viel rumprobiere wollte ich erst mal checken ob es überhaupt dieser Trojaner ist, kann man das nicht herrausfinden ?

MFG Andi

Alt 13.11.2012, 12:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Skype und Verschlüßelungstrojaner? - Standard

Skype und Verschlüßelungstrojaner?



Hm, also wir wissen doch, dass die Daten weg sind. Was bringt dir das also wenn du denn genau weißt welcher Schädling es war bzw, ob es ein Schädling war? Diese Erkenntnis allein bringt dir die Daten auch nicht wieder und am schnellsten bekommst du die Daten über eine halbwegs aktuelle Datensicherung oder eben mit Glück über den ShadowExplorer zurück.

Und mit dem ShadowExplorer muss man nicht viel rumprobieren! Entweder er zeigt die Dateien aus den Schattenkopien an oder eben nicht

Die Rumprobiererei hast du ja selbst schon gemacht, allerdings bleibt nichts anderes übrig wenn keine Datensicherung da ist und auch der ShadowExplorer nichts findet.

Da du das System eh formatieren willst würde ich auch keine große Arbeit in eine Analyse und Bereingung stecken
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Skype und Verschlüßelungstrojaner?
audacity, avira searchfree toolbar, babylontoolbar, benutzerdaten, bho, browser, computer, dateien gelöscht, error, failed, firefox, flash player, grand theft auto, helper, heur, incredibar toolbar, internet problem, microsoft office starter 2010, mozilla, msiexec.exe, office 2007, plug-in, programm, realtek, recuva, recycle.bin, registry, security, sekunden, sierra, software, svchost.exe, sweetpacks, system, tastatur, teamspeak, trojaner, updates, usb 2.0, virus, windows, wrapper




Ähnliche Themen: Skype und Verschlüßelungstrojaner?


  1. Skype Virus "Your skype does not support extended icons"
    Log-Analyse und Auswertung - 10.10.2014 (15)
  2. Windows 7 - Skype Update - Umleitung auf skype.gmw.cn
    Alles rund um Windows - 12.08.2014 (9)
  3. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  4. Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (4)
  5. Avira Meldet "C:\WINDOWS\system32\Skype.scr\Skype.exe" und kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (11)
  6. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  7. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  8. TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe
    Log-Analyse und Auswertung - 27.02.2013 (15)
  9. Habe mir erneut den Verschlüßelungstrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (13)
  10. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  11. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  12. TR/Crypt.ZPACK.Gen2 - in Programme/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (9)
  13. TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (2)
  14. skype
    Alles rund um Windows - 25.08.2007 (2)
  15. Skype/skype me modus
    Überwachung, Datenschutz und Spam - 03.09.2006 (2)
  16. Skype
    Plagegeister aller Art und deren Bekämpfung - 21.03.2005 (1)
  17. Skype
    Antiviren-, Firewall- und andere Schutzprogramme - 18.03.2005 (1)

Zum Thema Skype und Verschlüßelungstrojaner? - Hallo Forum, ich, bzw mein jüngerer Bruder, habe seit geraumer Zeit mehrere vermutlich Virenbedingte PC Probleme. Das ganze geht seit ungefähr 2 Wochen, er weis die genaue Reihenfolge und das - Skype und Verschlüßelungstrojaner?...
Archiv
Du betrachtest: Skype und Verschlüßelungstrojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.