|
Plagegeister aller Art und deren Bekämpfung: "Programm kann Website nicht anzeigen" TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.11.2012, 14:45 | #1 |
| "Programm kann Website nicht anzeigen" Trojaner Hallo, ich glaube, dieses Problem ist schon öfters aufgetreten, aber hier ist es möglicherweise etwas anders: Immer wenn ich über meinen normalen Benutzer (ohne Adminrechte) eingeloggt bin, erscheint direkt das bildschirmfüllende Fenster "Das Programm kann die Website nicht anzeigen" (oder so ähnlich). Versuche ich es allerdings über einen Benutzer mit Adminrechten, funktioniert alles tadellos! Ich ließ also direkt mal Malwarebytes laufen, und es fand 2 infizierte Dateien, die ich direkt löschte. Als ich es danach auf meinen Benutzer ohne Admins versuchte, klappte alles wieder. Doch heute morgen, geschah das gleiche von vorne! Ich bin verzweifelt Ich bin nun grade wieder über den Benutzer mit Adminrechten on und lasse sowohl Malwarebytes als auch Emisoft Antimalware einen Komplett-Scan durchführen. Aber was soll ich ansonsten machen? Bitte, helft mir! |
18.11.2012, 01:31 | #2 |
/// Helfer-Team | "Programm kann Website nicht anzeigen" Trojaner__________________
__________________ |
18.11.2012, 02:03 | #3 |
| "Programm kann Website nicht anzeigen" Trojaner Okay, also erstmal vom Malwarebytes:
__________________HTML-Code: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.16.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Papa :: FELIX-PC [Administrator] Schutz: Aktiviert 16.11.2012 23:32:03 mbam-log-2012-11-16 (23-32-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 605798 Laufzeit: 2 Stunde(n), 34 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Felix\Downloads\Programme\SoftonicDownloader_fuer_audacity.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Games\Konami\rld.dll (PUP.Hacktool.crk) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.11.2012 23:53:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Papa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,39% Memory free 7,96 Gb Paging File | 4,39 Gb Available in Paging File | 55,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 433,06 Gb Total Space | 215,19 Gb Free Space | 49,69% Space Free | Partition Type: NTFS Drive D: | 456,92 Gb Total Space | 58,69 Gb Free Space | 12,84% Space Free | Partition Type: NTFS Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: FELIX-PC | User Name: Papa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Papa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe (Emsisoft GmbH) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Users\Papa\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe (Conduit Ltd.) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - D:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\829ed22d7328a4d7e0916b4cffda8707\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - D:\Program Files (x86)\Steam\bin\libcef.dll () MOD - D:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - D:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - D:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - D:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () ========== Services (SafeList) ========== SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/?sc=de IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.18 16:35:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.30 14:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44E322C7-311C-4653-9BD5-54CFD2A2E265}: NameServer = 192.168.178.1,192.168.178.98 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe) - c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.10 14:32:43 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2009.08.11 11:04:00 | 000,000,000 | R--D | M] - E:\Autoupdate -- [ UDF ] O33 - MountPoints2\{31174ecb-1675-11df-8029-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{31174ecb-1675-11df-8029-806e6f6e6963}\Shell\AutoRun\command - "" = E:\StartUp.exe -- [2009.11.26 13:10:20 | 000,623,967 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 14:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.11.17 14:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2012.11.17 13:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.11.17 13:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.11.17 13:38:14 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Anti-Malware [2012.11.17 13:29:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe [2012.11.17 12:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.17 00:14:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Drakensang_TRoT [2012.11.16 23:39:26 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\PunkBuster [2012.11.16 23:38:03 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\Battlefield 3 [2012.11.16 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\ArcaniA - Gothic 4 [2012.11.16 23:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.11.16 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Google [2012.11.16 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Origin [2012.11.16 23:32:38 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Origin [2012.11.16 23:03:57 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes [2012.11.16 23:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.16 23:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.16 23:03:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.16 23:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.16 21:32:13 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Windows Live [2012.11.16 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Audacity [2012.11.16 19:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.11.16 19:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.11.16 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\kgbshounxfannag [2012.11.15 22:55:01 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.15 22:55:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.15 22:50:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.15 22:50:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.15 22:50:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.15 22:50:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.15 22:50:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.15 22:50:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.15 22:50:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.15 22:50:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.15 22:50:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.15 22:50:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.15 22:50:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.15 22:50:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.15 22:50:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.15 22:50:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.15 22:50:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.15 22:48:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.15 22:48:07 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.15 22:48:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.15 22:48:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 13:22:52 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.15 13:22:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.15 13:22:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.15 13:22:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.15 13:22:49 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.15 13:22:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.15 13:22:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.15 13:22:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.15 13:22:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.15 13:22:40 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 13:22:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.14 19:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4 [2012.11.04 19:22:44 | 000,000,000 | ---D | C] -- C:\BOSS [2012.10.30 09:23:29 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2012.10.29 22:46:07 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\LogMeIn Hamachi [2012.10.21 14:28:08 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.10.21 14:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.10.21 14:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.10.21 14:11:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.10.20 12:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.10.20 12:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.10.20 12:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.17 23:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214886623-3929896450-3179004277-1000UA.job [2012.11.17 23:47:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.17 23:42:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.17 15:58:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214886623-3929896450-3179004277-1000Core.job [2012.11.17 13:39:22 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.11.17 13:29:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe [2012.11.17 13:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.17 13:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.17 13:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.17 13:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.17 13:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.17 12:47:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 12:47:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 12:44:07 | 000,876,903 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.11.17 12:44:07 | 000,046,559 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.11.17 12:10:44 | 3207,507,968 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 01:21:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.11.17 01:21:12 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.17 01:19:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.11.16 23:04:27 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.16 22:53:33 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012.11.16 22:51:30 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012.11.16 22:51:30 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012.11.16 22:51:29 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012.11.16 20:09:57 | 000,000,680 | RHS- | M] () -- C:\Users\Papa\ntuser.pol [2012.11.16 19:51:48 | 000,076,353 | ---- | M] () -- C:\ProgramData\rozbitcypmzmabk [2012.11.16 19:50:56 | 003,019,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.15 18:22:33 | 000,064,000 | ---- | M] () -- C:\Windows\rtbavfwn.exe [2012.11.14 19:47:22 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4.lnk [2012.11.12 20:31:13 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012.10.30 00:25:51 | 000,001,406 | ---- | M] () -- C:\Users\Papa\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.21 14:34:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.20 12:48:48 | 000,000,071 | ---- | M] () -- C:\Windows\wininit.ini [2012.10.20 12:48:47 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.17 13:39:22 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.11.16 23:03:41 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.16 19:51:31 | 000,076,353 | ---- | C] () -- C:\ProgramData\rozbitcypmzmabk [2012.11.15 22:55:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 22:48:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 18:22:40 | 000,064,000 | ---- | C] () -- C:\Windows\rtbavfwn.exe [2012.11.14 19:47:22 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4.lnk [2012.10.30 00:25:51 | 000,001,406 | ---- | C] () -- C:\Users\Papa\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.20 12:48:48 | 000,000,071 | ---- | C] () -- C:\Windows\wininit.ini [2012.10.20 12:48:47 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.08.19 10:23:18 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.19 10:23:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.14 16:45:38 | 000,876,903 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.08.25 17:25:37 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini [2011.08.23 17:13:24 | 000,000,680 | RHS- | C] () -- C:\Users\Papa\ntuser.pol [2011.08.23 12:38:17 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.08.17 14:04:40 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2011.08.16 17:38:03 | 000,001,302 | ---- | C] () -- C:\Windows\disney.ini [2011.08.16 17:37:40 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini [2010.11.17 15:52:17 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Und die Extras, falls du die brauchst: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 23:53:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Papa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,39% Memory free 7,96 Gb Paging File | 4,39 Gb Available in Paging File | 55,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 433,06 Gb Total Space | 215,19 Gb Free Space | 49,69% Space Free | Partition Type: NTFS Drive D: | 456,92 Gb Total Space | 58,69 Gb Free Space | 12,84% Space Free | Partition Type: NTFS Drive E: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: FELIX-PC | User Name: Papa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A07FCDA-993D-4AC1-9886-9DA8A3836D78}" = rport=445 | protocol=6 | dir=out | app=system | "{184856B5-2E34-4268-9E7A-4BBC5726E451}" = lport=139 | protocol=6 | dir=in | app=system | "{1867FA94-85A9-4BA1-943D-579F3D96A87B}" = lport=138 | protocol=17 | dir=in | app=system | "{1AB1E152-07D3-4FAC-901B-DC941B15BA28}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2451CD9D-806E-4F5D-8609-EECBDADBC717}" = lport=2869 | protocol=6 | dir=in | app=system | "{26E5C2EE-6A29-4FB7-B340-A0294B639BAE}" = lport=137 | protocol=17 | dir=in | app=system | "{35411528-D639-4443-97DB-2B38AF1F570B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{36204FF9-5842-4281-8DC3-6BDF31F43F44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{476BB649-578E-42A1-AB18-095300358027}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{481785CA-6A2D-41F6-956B-27BA723A41BA}" = rport=139 | protocol=6 | dir=out | app=system | "{75BFD49E-5065-45D3-B33F-3790068E934F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{769B04B2-F429-4FC6-8011-351991F4960F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E7CD164-C43D-4558-AB14-885B197931A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7EFFEE1D-C551-47DF-A2C8-563A4A4F13B1}" = lport=445 | protocol=6 | dir=in | app=system | "{8214203B-8BF3-4F2B-8052-330C3CF3D481}" = lport=10243 | protocol=6 | dir=in | app=system | "{881E8401-5B1D-457F-A81B-E9DE0FA2C581}" = rport=138 | protocol=17 | dir=out | app=system | "{8CEDEDF8-19CA-48A5-A648-A3D5E6D160BF}" = rport=10243 | protocol=6 | dir=out | app=system | "{ACABEAB1-C331-4201-ACA3-AE867AA29C66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C44FE259-E3B1-420E-AF7F-6B7D2092F26D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D5965002-566A-4AD8-BF34-418A10B15721}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED80E9E0-23B6-49BC-B0E7-5052A134922F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F4AB5526-1AB3-4BF6-914A-C769DFF83E17}" = rport=137 | protocol=17 | dir=out | app=system | "{F4CE9A1C-478D-4A97-A1F5-54DD5EFF1B16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{017FEF5D-0EEE-4808-AEB7-C68FB105DC8B}" = protocol=6 | dir=in | app=d:\program files (x86)\batman\binaries\win32\batmanac.exe | "{0599349A-3178-495D-B500-7BE4B53BEF7C}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe | "{07AA4A66-03BE-487F-BCCC-4699332E13C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{094181E0-0BA2-45FA-AD97-7DB552EAA022}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{0B68DD19-5141-449C-B3DD-1763A15B2343}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{0E6935FB-60A6-4D2F-9727-5F06FAECED0D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | "{0ED3CA84-DF65-4F7F-BC53-049D6C8FB202}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe | "{0F719768-7312-4217-B5DB-9D27E366F9EA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | "{10E3ACB8-309A-4F94-96CE-D3F8F316DC06}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe | "{1397EAD2-D55A-4509-A451-CE1FBC043D7D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{14399D51-84C1-4601-8A73-99B080932FF3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\napoleonfelix\dark messiah singleplayer demo\mm.exe | "{14A8CE24-EBD1-4670-8A5A-00C57DDDE0F8}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | "{151BC341-3E5E-4065-86CF-47C045235FA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{17620EE1-D817-421D-A44A-985E129768E5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{1776166E-6C96-4CB9-8C92-0AA6C4BA2E89}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{1B5F3019-6DFE-4D83-B8F2-572BB64E4130}" = protocol=17 | dir=in | app=d:\program files (x86)\prince of persia.exe | "{1BCC81F6-AF95-4905-9327-97C711B17CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{1DACB546-AC8C-4E09-91EE-E2C6C6233AB2}" = protocol=6 | dir=in | app=d:\program files (x86)\reliccoh.exe | "{1E6EB656-C56C-4948-B411-9C4516354703}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{20414D0B-0893-4D65-A8B7-B3881D366DB9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe | "{20B7E816-7B9C-4AEB-9046-3D4AA1623FF2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{20C28C22-E934-491D-A2F6-DBC2DC14985D}" = protocol=6 | dir=in | app=d:\program files (x86)\nwn2server.exe | "{20D4CD77-CEB6-457D-8920-18BA5532B851}" = protocol=58 | dir=in | app=system | "{22C738DD-0EB1-444B-AF57-51C2B7EA22F2}" = protocol=17 | dir=in | app=d:\program files (x86)\nwn2main_amdxp.exe | "{22D764E8-7B07-4FF4-8B50-B81166E56015}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{25102260-DB87-460D-BCCA-5FF2D43A4C6D}" = protocol=17 | dir=in | app=d:\program files (x86)\princeofpersia_launcher.exe | "{2742C5EB-E734-40D2-81F8-D4FC315ACB03}" = protocol=6 | dir=in | app=d:\games\bohemia interactive\arma2.exe | "{27616C3E-7E49-4558-B6B0-2427CDBCC1D1}" = protocol=6 | dir=in | app=d:\program files (x86)\nwn2main.exe | "{285FF3DE-352D-4CCE-9BEE-675E9961DA96}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | "{28E14172-B1C4-4D74-9030-29A10360C497}" = protocol=17 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatar.exe | "{2B79CB9D-1493-4C47-91FB-044EDCF1F1D1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{2B7A8DBF-7C2B-44F8-BDBA-B8CE627B261D}" = protocol=6 | dir=in | app=d:\program files (x86)\nwupdate.exe | "{2ED499D2-2E51-432A-98FE-467DEAF32A17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{307FF339-76E3-41E0-9F37-6ACE8E64A913}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{31209010-1ED5-42B0-A02A-9D5A221EFD45}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | "{314114BB-C09C-44E2-9457-576778206FBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{315D3FC1-4B42-4AAB-AA9D-8F5EA73D010D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | "{32BC3982-2746-41E6-A1F3-4953FE06A334}" = protocol=6 | dir=in | app=d:\program files (x86)\nwn2main_amdxp.exe | "{33100070-B30D-4012-AE5F-F60D1E1CB24B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{3405B051-A24F-4006-9024-2A1A26B46FE2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{346EC2B2-DF69-4719-B3B1-0DFEE6D20474}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{34B971E4-2A91-4B01-B2ED-6AB36FE3AB2D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | "{3506676C-25D3-4776-8FC7-BF37EC4E175C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{353D1DE8-420B-4623-ABA5-AB978215209B}" = protocol=17 | dir=in | app=d:\program files (x86)\relicdownloader\relicdownloader.exe | "{36FFED7B-D33A-45C2-91C2-80C25CC39B78}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{381E2B3F-7E99-45B8-92DA-E3CAF43DCFF4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{398C0151-F407-4DE3-9F3A-C3F39E411568}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{3A507DE0-9377-4CBB-A649-8CCB96250567}" = protocol=6 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatarlauncher.exe | "{3CB0FFBB-9C6A-4215-B115-E328F195C720}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3ED3D319-A50D-46F5-98F0-0C47DEFCF90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{41731009-C399-4316-A793-2621CDAACC64}" = protocol=6 | dir=out | app=system | "{4191A327-A4B1-427C-8CFD-E4ADB5C185AF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{4308B158-5735-4F74-ACDD-0AD85BEF32EC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{431F011E-862E-480A-A508-BE41BAFE2730}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{4498656D-8232-4851-BDCD-9A4106E3E361}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | "{44E3FBEF-7871-47C3-BB15-97B58E4D199E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{451A26F2-B8C8-43E0-8540-65E9867C0FB5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{45635423-3743-48B6-97AC-3C4470893ED4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{45D88B9A-F7B4-48EC-A3E7-3E524650722E}" = protocol=17 | dir=in | app=d:\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe | "{47A7C8E1-B178-456A-8012-43D13E011CEB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{489EAC27-F74C-40DE-BDE9-138D9A99DC1D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{48D2A044-087E-472F-A446-4F3633014E34}" = protocol=17 | dir=in | app=d:\program files (x86)\nwupdate.exe | "{4A5DDCE8-76B0-48E7-828C-9E552D02C5DD}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe | "{4A924369-0E07-4D10-9E25-F298387A91AF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | "{4EAD5255-9929-4BCE-BB87-0D83E2F2F4A7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\specops_theline_demo\binaries\win32\specopstheline.exe | "{4F9FD687-99E2-48DA-80C8-99BEDF0204BF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{5235A84E-404D-462B-BFD4-72F0540A548E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{529E8CEC-CFF2-4F46-969F-658633A6D2BC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | "{5348D54F-6129-4781-9506-222BE0C9DE9C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{538BAB32-0A69-4011-B2B4-9042B19C2848}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | "{56266D4F-09F9-4272-9190-D749ED7714AB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{5630BAE4-3FD1-40A9-A571-55007F31138B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{58B40181-20DD-4DA3-BA70-FFF908047C45}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | "{58D1CEC5-E4B0-49CD-ADF2-59C773D4DC4F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | "{5989FB7A-A2B8-4F8C-8362-7E08A0498B53}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{5B39D45B-1DDF-4A71-A59E-94B7AA91D4AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5B892F50-D4EE-4944-A405-B0B359562B0E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | "{5C6B7002-3911-4A95-AAA9-92EB06199BF3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{5DCDA3AA-F7DC-45B8-8C45-738D2C4A2203}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{5DD9C901-92D8-4384-9DF9-6E77B1FA7496}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{5EA1C30A-A7BD-4878-BF85-1E06501835BF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{606B5FEA-47EB-49DE-8D9A-98173F435FAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{64A07D07-FD36-4D9C-8EB7-3C70FEA604D4}" = protocol=6 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatar.exe | "{65F75CFE-9667-4F2A-B66A-916BA9AACB98}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{66D09644-CAAF-461C-B306-F02FE1B44026}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel - demo\fuel.exe | "{66E0441E-F58E-441A-B887-997DC9B2B959}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | "{6A22532A-D195-486C-9EE9-FFF7ABB7A30C}" = protocol=6 | dir=in | app=d:\program files (x86)\princeofpersia_launcher.exe | "{6C9D82ED-C2D4-4E30-973C-87FFCC9D50EE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | "{6D2BA4F2-807A-4D84-A698-E175AF772BD4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | "{700A701C-96A7-40A1-9195-B21CE38C5317}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{70B05887-0959-49DE-B0B2-F37FC1436AF6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | "{72499D69-0EB0-49A2-A2A9-93DE312E30EB}" = protocol=17 | dir=in | app=d:\program files (x86)\batman\binaries\win32\batmanac.exe | "{72610B4F-CC7A-4F13-A322-FE9B2F34AAB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{735D801A-F40A-4307-90AD-0488D36EAC4E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{757E1A9D-651E-4E8E-82E6-5600CE505F65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{765926BB-686B-40B1-9B5F-42D95B9CBF3B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{7978EFCD-69DC-475E-9FCC-9F1EB4D22597}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{7A1189D6-B8EE-41CD-9BC5-5470F2ABF4FD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe | "{7A6C03EF-241E-42D7-A046-0D80C5A40C35}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{816BB5F4-BC00-4FC1-9835-17A821E82F8D}" = protocol=17 | dir=in | app=d:\program files (x86)\binaries\shippingpc-bmgame.exe | "{820A8AB2-4460-4A26-995B-42C9A9E0215C}" = protocol=6 | dir=in | app=d:\program files (x86)\relicdownloader\relicdownloader.exe | "{8250C3FE-1799-4264-99C5-FD838329E215}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{82A3659C-FA13-44F6-A50C-56F0432BFF6C}" = protocol=17 | dir=in | app=d:\program files (x86)\nwn2main.exe | "{84C1506F-133C-42B6-AC8E-B69A1D8634D0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | "{851C587D-53D6-4BD4-BF47-F635C301C685}" = protocol=17 | dir=in | app=d:\games\bohemia interactive\arma2.exe | "{8B3D5B60-1F60-4444-8DB5-653019127721}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8C4394DD-43CB-41E6-941A-4A833F6A50C4}" = protocol=6 | dir=in | app=d:\ubisoft\die abenteuer von tim und struppi - das geheimnis der einhorn\tintin.exe | "{8DD32F15-8899-4F7F-9C80-26489F12FB8B}" = protocol=17 | dir=in | app=d:\program files (x86)\reliccoh.exe | "{93FB5ABB-1D32-4D4A-BE2B-A371EB128A8A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe | "{984FE0AF-D350-4484-B64A-5436275E6461}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9BC30C94-CC12-4953-A259-C559E222B23D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | "{9F2F6681-3601-41AD-9CE8-9035E3563B9E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\napoleonfelix\dark messiah singleplayer demo\mm.exe | "{9FCBCC9C-881F-42BA-8C2E-5E1E63A3B7EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A05E394B-CCF2-49A5-B288-BBFEBC57DA0A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | "{A2A1BD9E-FDD4-4298-AC16-DF6EE4CFF265}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A8152B75-FBBF-4DF8-9F5F-B60ACA3B1A7E}" = protocol=17 | dir=in | app=d:\program files (x86)\nwn2server.exe | "{AB631882-79F0-4045-9A74-50FB73C513EC}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe | "{AB678383-EB66-4C7B-B622-5EC336C17DA7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{AC266917-A9DA-41BD-90B7-4C3244FA8D22}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{ACE91E78-339A-48B8-A467-A141C28AFFA0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | "{AF917915-4D13-42C9-B2DE-B2B7A67E8565}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{B236EC61-21C6-46CD-93B9-317A6536B80D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B2C6F154-5BF7-4215-8B35-517B93DD12CD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B78379DF-0A1A-4236-BDA1-CF26BB7CE5A5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | "{BB40E1F1-70AE-42A8-975F-CB4D529DD15C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{BEBB90B6-1095-46D2-8E81-6111E73305D9}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe | "{BF197B8D-D546-4013-8D35-FE7E1AEC5B28}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{C1977A33-3775-41FC-842F-7927B76FB306}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{C1F883E9-AA59-4AB5-9204-C0B9B67EC539}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{C4BF95D2-B639-4A0D-A88C-74AFA0FBA70C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{C4E2281A-4B9F-4E8C-BD21-E1322C2DFA93}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{C537C892-CDA6-4307-BC8C-F12C847D905D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | "{C5A37F34-D5AD-41E0-83F5-EDC0B208CC90}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | "{C647386F-4690-4A1C-99E1-ECAA7FE3356F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | "{C88BB608-4272-4068-A12A-4EFA9147FD7C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | "{C99FB48F-DCDE-47D7-B6AC-1A66B5174A65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CAE03A5A-4B51-4E86-98E4-B0940C965FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{CC3A51CA-89F1-4400-ABC9-A82EEEE80F3D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{CFA3F636-6F12-4CE1-89A3-140637EA750D}" = protocol=17 | dir=in | app=d:\program files (x86)\james cameron's avatar - das spiel\bin\avatarlauncher.exe | "{CFEC1969-37C9-4984-B10E-3EB2E2A7351B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D06FD029-8FF2-40DE-9520-B2B2F05AD3CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D50A4670-6D4D-4263-B153-CD0030006447}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\dmrengine.exe | "{D5A91B41-F367-4074-B4B4-D85BBDBFE6B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D7AC2C6E-3B18-4F09-993B-8D9EB988B1AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC1519CF-A815-4037-A98C-00DE3653C4BB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{DC449160-FDD9-4BE7-B799-8BDFD925B0AF}" = protocol=6 | dir=in | app=d:\program files (x86)\prince of persia.exe | "{DF34E71C-AB8A-4886-8C9A-49DEED0CC802}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{E3D020EE-6C9A-4784-9B51-859FEBE082AA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | "{E5A07C73-DD2B-47C5-8F0F-0A4FCFD98940}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | "{E62E0965-5E24-4A97-98D7-268E652C4FD1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{E7A7341D-81C2-46FB-8907-66F6EFE6519B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{E7B28322-9712-4793-8D94-580231C0C9BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E85570FE-228B-4452-BBDB-68A17410C057}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E904552E-5227-4ECD-970D-F0AE91FA3B91}" = protocol=6 | dir=in | app=d:\program files (x86)\binaries\shippingpc-bmgame.exe | "{E980274B-CBEE-4802-AC0F-5C8391474423}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2demo.exe | "{E9EF0E96-C318-4ACB-B901-08DC42E23979}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{EB82B2BA-0A9C-47B9-8297-E2F4A6402EAB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | "{ED1A31F0-9FE8-4EF2-8479-94817125571E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe | "{F01C3DAA-D084-42F8-A20D-095423C1E2E2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | "{F2C7EA0C-80CD-48EC-9793-C3A1C940A045}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{F43463E9-CF7D-4AF5-909A-361824490085}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | "{F4611276-2F83-4509-86FD-5C907874F03C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arx fatalis\arx.exe | "{F627CA33-5349-4D38-A04B-39838C72C7CD}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fuel - demo\fuel.exe | "{F8686951-A452-4CD0-A83D-50DFFCF020E2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | "{FA59C4FE-FCB7-4892-8294-3D0635398A91}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis sp demo\bin32\crysis.exe | "{FE2D6118-6922-4D6E-95D0-AD95C12F0AA7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon "{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}" = Nail'd "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3CC49D98-2914-4444-88F1-6739EBBD140E}_is1" = Die Abenteuer von Tim und Struppi - Das Geheimnis der Einhorn "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07 "{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes jagt Jack the Ripper "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{4DD88500-1EAB-4D87-8079-88214668B699}_is1" = Alpha Polaris German Demo Version 1.0.0 "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{52B94500-1782-411F-BFA5-EBAC312964DE}" = The Witcher Demo "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™ "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{675279fe-598d-43e8-8bea-b71e68a7a5cc}" = Nero 9 Essentials "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{74027A70-698F-49B4-969D-AA64BE2A8D8B}_is1" = Metro 2033 Demo "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia "{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): DAS SPIEL "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM) "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAFD160A-2333-40D8-AA25-42D1989CA0F2}" = Toy Story 3 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D227E95D-C9E6-4B09-BC4C-F5A96D08A1CE}" = Patrizier IV Demo "{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBC8C5A1-7745-419F-B6C6-B0DD87F24D52}" = LogMeIn Hamachi "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within "{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2 "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "7-Zip" = 7-Zip 9.20 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Adventskalender" = Interaktiver Adventskalender "ArmA 2" = ArmA 2 Uninstall "Audacity 1.3 Beta_is1" = Audacity 1.3.12 "Battlelog Web Plugins" = Battlelog Web Plugins "BattlEye for A2" = BattlEye Uninstall "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Company of Heroes" = Company of Heroes "CycoreFX HD 1.7 for After Effects" = CycoreFX HD 1.7 for After Effects "Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis "Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015 "Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21 "GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "HighwayNights" = Cobra 11 - Highway Nights (remove only) "Hotkey Utility" = Hotkey Utility "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM) "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "LAME_is1" = LAME v3.99.3 (for Windows) "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Memento Mori_is1" = Memento Mori "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Origin" = Origin "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "Satinav Demo" = Das Schwarze Auge - Satinavs Ketten Demo "Security Task Manager" = Security Task Manager 1.8d "StarCraft II" = StarCraft II "Steam App 105400" = Fable III "Steam App 108710" = Alan Wake "Steam App 12850" = FUEL - Demo "Steam App 15100" = Assassin's Creed "Steam App 1700" = Arx Fatalis "Steam App 17410" = Mirror's Edge "Steam App 19900" = Far Cry 2 "Steam App 202480" = Creation Kit "Steam App 204030" = Fable - The Lost Chapters "Steam App 219850" = Torchlight II Demo "Steam App 24240" = PAYDAY: The Heist "Steam App 34030" = Napoleon: Total War "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad "Steam App 35720" = Trine 2 "Steam App 40800" = Super Meat Boy "Steam App 43110" = Metro 2033 "Steam App 440" = Team Fortress 2 "Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl "Steam App 48000" = LIMBO "Steam App 48190" = Assassin's Creed Brotherhood "Steam App 55100" = Homefront "Steam App 55280" = Homefront Dedicated Server "Steam App 620" = Portal 2 "Steam App 644" = Portal 2 Publishing Tool "Steam App 6980" = Thief: Deadly Shadows "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 730" = Counter-Strike: Global Offensive "Steam App 745" = Counter-Strike: Global Offensive - SDK "Steam App 8930" = Sid Meier's Civilization V "Steam App 8980" = Borderlands "Steam App 98200" = Frozen Synapse "The Lost Crown_is1" = The Lost Crown "The Moment of Silence_is1" = The Moment of Silence "Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1214886623-3929896450-3179004277-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CT2625848" = DVDVideoSoftTB DE Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.08.2012 14:43:11 | Computer Name = Felix-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ACBSP.exe, Version: 0.0.0.0, Zeitstempel: 0x4d90ac83 Name des fehlerhaften Moduls: ACBSP.exe, Version: 0.0.0.0, Zeitstempel: 0x4d90ac83 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0183c849 ID des fehlerhaften Prozesses: 0x15e0 Startzeit der fehlerhaften Anwendung: 0x01cd7c991344ca46 Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\ACBSP.exe Pfad des fehlerhaften Moduls: D:\Program Files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\ACBSP.exe Berichtskennung: 648c3323-e89b-11e1-b705-1078d2e8e303 Error - 18.08.2012 07:05:26 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 20.08.2012 13:46:59 | Computer Name = Felix-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: T3Main.EXE, Version: 1.0.0.1, Zeitstempel: 0x40c8a4da Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e211319 Ausnahmecode: 0x80000003 Fehleroffset: 0x0001280c ID des fehlerhaften Prozesses: 0x324 Startzeit der fehlerhaften Anwendung: 0x01cd7efba97db981 Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\Steam\steamapps\common\Thief Deadly Shadows\system\T3Main.EXE Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 09e42614-eaef-11e1-8b25-1078d2e8e303 Error - 20.08.2012 19:38:10 | Computer Name = Felix-PC | Source = Application Hang | ID = 1002 Description = Programm Amnesia.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 994 Startzeit: 01cd7f2ba2d39e02 Endzeit: 38 Anwendungspfad: d:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\Amnesia.exe Berichts-ID: Error - 24.08.2012 16:50:03 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 26.08.2012 10:06:18 | Computer Name = Felix-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PlayMovie.exe, Version: 9.0.7110.0, Zeitstempel: 0x4cda7c7e Name des fehlerhaften Moduls: CLNavX.ax, Version: 8.1.0.2108, Zeitstempel: 0x4c87828a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005c952 ID des fehlerhaften Prozesses: 0x131c Startzeit der fehlerhaften Anwendung: 0x01cd83933d45b931 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\PlayMovie.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\NavFilter\CLNavX.ax Berichtskennung: 346da322-ef87-11e1-9a66-1078d2e8e303 Error - 30.08.2012 09:33:46 | Computer Name = Felix-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.2.0, Zeitstempel: 0x50369de7 Name des fehlerhaften Moduls: libgegl-0.2-0.dll, Version: 0.0.0.0, Zeitstempel: 0x4ff66ab2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002c56f ID des fehlerhaften Prozesses: 0xc24 Startzeit der fehlerhaften Anwendung: 0x01cd86b20aafb17b Pfad der fehlerhaften Anwendung: C:\Program Files\GIMP 2\bin\gimp-2.8.exe Pfad des fehlerhaften Moduls: C:\Program Files\GIMP 2\bin\libgegl-0.2-0.dll Berichtskennung: 52650b59-f2a7-11e1-9d3e-1078d2e8e303 Error - 30.08.2012 12:52:36 | Computer Name = Felix-PC | Source = MsiInstaller | ID = 1013 Description = Error - 05.09.2012 08:58:21 | Computer Name = Felix-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1058 Startzeit: 01cd8b64175a5df4 Endzeit: 50 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 05.09.2012 11:10:25 | Computer Name = Felix-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c68 Startzeit: 01cd8b73c378e431 Endzeit: 50 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 05.09.2012 11:13:38 | Computer Name = Felix-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: T3Main.EXE, Version: 1.0.0.1, Zeitstempel: 0x40c8a4da Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e211319 Ausnahmecode: 0x80000003 Fehleroffset: 0x0001280c ID des fehlerhaften Prozesses: 0x7a0 Startzeit der fehlerhaften Anwendung: 0x01cd8b78eaf99947 Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\Steam\steamapps\common\Thief Deadly Shadows\system\T3Main.EXE Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 449a82d3-f76c-11e1-b22b-1078d2e8e303 [ Media Center Events ] Error - 21.10.2011 16:08:58 | Computer Name = Felix-PC | Source = MCUpdate | ID = 0 Description = 22:08:58 - Fehler beim Herstellen der Internetverbindung. 22:08:58 - Serververbindung konnte nicht hergestellt werden.. Error - 21.10.2011 16:09:29 | Computer Name = Felix-PC | Source = MCUpdate | ID = 0 Description = 22:09:08 - Fehler beim Herstellen der Internetverbindung. 22:09:08 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 16.11.2012 14:57:39 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 16.11.2012 14:58:02 | Computer Name = Felix-PC | Source = bowser | ID = 8003 Description = Error - 16.11.2012 14:59:19 | Computer Name = Felix-PC | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 5.182.18.197 registriert werden. Der Computer mit IP-Adresse 5.149.106.184 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 16.11.2012 17:52:18 | Computer Name = Felix-PC | Source = DCOM | ID = 10005 Description = Error - 16.11.2012 17:52:18 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Personal Firewall erreicht. Error - 16.11.2012 17:52:18 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 16.11.2012 21:09:06 | Computer Name = Felix-PC | Source = DCOM | ID = 10005 Description = Error - 16.11.2012 21:09:06 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Personal Firewall erreicht. Error - 16.11.2012 21:09:06 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 17.11.2012 10:39:13 | Computer Name = Felix-PC | Source = bowser | ID = 8003 Description = < End of report > |
18.11.2012, 02:11 | #4 |
/// Helfer-Team | "Programm kann Website nicht anzeigen" Trojaner Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL MOD - C:\Users\Papa\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Papa\*.tmp C:\Users\Papa\AppData\Local\{*} C:\Users\Papa\AppData\Local\Temp\*.exe C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ipconfig /flushdns /c :Commands [emptytemp]
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Scan mit Malwarebytes' Anti-Rootkit Download: Download - Malwarebytes Anti-Rootkit BETA Anleitung: Anleitung: Malwarebytes Anti-Rootkit danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
18.11.2012, 02:32 | #5 |
| "Programm kann Website nicht anzeigen" Trojaner Ehm, ich kann den Rechner jetzt nurnoch im abgesichertem Modus starten, im normalen bleibt der Bildschirm nach der Anmeldung schwarz... Weitermachen oder ist das ein Problem? Edit: Aufjedenfall sind hier schonmal die LogFiles: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. ========== FILES ========== C:\ProgramData\FullRemove.exe moved successfully. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. C:\ProgramData\Temp\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21} folder moved successfully. C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully. C:\ProgramData\Temp\{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3} folder moved successfully. C:\ProgramData\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761} folder moved successfully. C:\ProgramData\Temp folder moved successfully. File\Folder C:\Users\Papa\*.tmp not found. File\Folder C:\Users\Papa\AppData\Local\{*} not found. C:\Users\Papa\AppData\Local\Temp\AutoRun.exe moved successfully. C:\Users\Papa\AppData\Local\Temp\COMAP.EXE moved successfully. C:\Users\Papa\AppData\Local\Temp\eauninstall.exe moved successfully. C:\Users\Papa\AppData\Local\Temp\FIFA Manager 07_uninst.exe moved successfully. C:\Users\Papa\AppData\Local\Temp\ose00000.exe moved successfully. C:\Users\Papa\AppData\Local\Temp\ose00002.exe moved successfully. C:\Users\Papa\AppData\Local\Temp\sonarinst.exe moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Papa\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Papa\Desktop\cmd.bat deleted successfully. C:\Users\Papa\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 400807 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Felix ->Temp folder emptied: 577709472 bytes ->Temporary Internet Files folder emptied: 1259910651 bytes ->Java cache emptied: 550507 bytes ->Google Chrome cache emptied: 322020781 bytes ->Flash cache emptied: 111640 bytes User: Papa ->Temp folder emptied: 25035822 bytes ->Temporary Internet Files folder emptied: 501384164 bytes ->Flash cache emptied: 1609 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1000617 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2352045871 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 279744 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 79856 bytes Total Files Cleaned = 4.807,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11182012_021654 Und der Log von OTL erhielt noch folgende Ergänzung: Code:
ATTFilter Files\Folders moved on Reboot... C:\Users\Papa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X0GJRF5F\imp[1].htm moved successfully. C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NX1FZCDY\screen[1].css moved successfully. C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFTV2DVS\ads[1].htm moved successfully. C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WID6DA9\127140-programm-website-anzeigen-trojaner[1].htm moved successfully. C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WID6DA9\imp[1].htm moved successfully. C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Mache nun den Rest, und danke schonmal Sooo, dann hier der für Malwarebytes Anti-Rootkit... Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.18.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Papa :: FELIX-PC [administrator] 18.11.2012 11:40:19 mbar-log-2012-11-18 (11-40-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27974 Time elapsed: 9 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v2.008 - Datei am 18/11/2012 um 11:45:56 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Papa - FELIX-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Papa\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\Papa\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Papa\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848 Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[S1].txt - [1029 octets] - [18/11/2012 11:45:56] ########## EOF - C:\AdwCleaner[S1].txt - [1089 octets] ########## |
18.11.2012, 12:08 | #6 |
/// Helfer-Team | "Programm kann Website nicht anzeigen" Trojaner Sehr gut! Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> "Programm kann Website nicht anzeigen" Trojaner |
18.11.2012, 15:13 | #7 |
| "Programm kann Website nicht anzeigen" Trojaner Also, der Rechner läuft auch wieder über meinen Account Malware Scan läuft grade. Ist es nicht seltsam, dass der Trojaner nur ein Benutzer gesperrt hat oder ist das normal? Also, der Scan hat nichts ergeben, hier der (hoffentlich richtige) LogFile: Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0 Letztes Update: 18.11.2012 14:16:46 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 18.11.2012 15:09:07 Gescannt 690966 Gefunden 0 Scan Ende: 18.11.2012 19:43:00 Scan Zeit: 4:33:53 |
19.11.2012, 03:47 | #8 |
/// Helfer-Team | "Programm kann Website nicht anzeigen" Trojaner Ja das ist normal. Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
03.12.2012, 22:47 | #9 |
| "Programm kann Website nicht anzeigen" Trojaner Hallo, sorry dass ich nicht solange geantwortet habe, nunja jedenfalls habe ich den Online Scanner durchgeführt, und er hat am Ende tatsächlich zwei Sachen gefunden, die er dann glaube ich auch löschte. Als ich das Programm aber beendet hatte und in den besagten Ordner ging, war dieser leer O.o Ist es möglich, dass sich das Programm irgendwie selbst nach dem Beenden deinstalliert hat? Deswegen kann ich hier auch leider keinen Log posten, wie schlimm ist das und was kann ich noch tun? Ist der Rechner so weit clean oder hat sich das Virus möglicherweise eine Art Hintertür geschaffen? Auf jedenfall sagt mir Windows immer beim Herunterfahren, dass noch eine "Task Host Window" geschlossen werden muss... Dies war vorher nicht der Fall... |
04.12.2012, 20:09 | #10 |
/// Helfer-Team | "Programm kann Website nicht anzeigen" Trojaner 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
05.12.2012, 21:48 | #11 |
| "Programm kann Website nicht anzeigen" Trojaner Was ist hier los O.o Bin ich zu dumm? Habe mit dem Programm einen Vollscan gemacht, eine Sache gefunden, alles wunderbar, hab runnergefahren den PC, und beim Neustart wollte ich den LogFile öffnen... Aber da war nur einer eines Quick-Scans ohne Ergebnisse Der andere war nicht mehr da... Wahrscheinlich musstest du noch nie so einem Volldepp helfen |
06.12.2012, 17:35 | #12 |
/// Helfer-Team | "Programm kann Website nicht anzeigen" Trojaner |
12.02.2013, 08:13 | #13 |
/// Helfer-Team | "Programm kann Website nicht anzeigen" Trojaner Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu "Programm kann Website nicht anzeigen" Trojaner |
2 infizierte dateien, adminrechte, admins, antimalware, anzeige, anzeigen, benutzer, dateien, dieses programm kann webseite nicht anzeigen, direkt, erscheint, fenster, funktioniert, helft, heute, infizierte, infizierte dateien, laufen, lösch, malware, malwarebytes, morgen, problem, programm, rechte, rechten, troja, trojaner, website |