| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU - BundestrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.11.2012, 20:31
| #1 |
 |  GVU - Bundestrojaner Hallo an alle, hab mir leider den GVU Bundestrojaner eingefangen. Scan von OTL wollte ich dementsprechend laufen lassen, allerdings zeigt er mir nach mehrmaligen Versuchen immer den gleichen Fehler (siehe Screenshot) Kann mir hier jemand diesbezüglich behilflich sein? |
|
19.11.2012, 21:17
| #2 |
| /// Helfer-Team  | GVU - Bundestrojaner wozu die Muehe, wenn du doch nicht antwortest. http://www.trojaner-board.de/122584-bundestrojaner.html
__________________ |
|
19.11.2012, 21:32
| #3 |
| | GVU - Bundestrojaner Hallo t'john,
__________________wie ich im damaligen Thread erwähnt habe, war dies nicht mein Rechner. Als der Fix durchgeführt wurde und der PC wieder funktionierte, war dies meinem Kollegen genug. Konnte ihn leider nicht vom Gegenteil überzeugen. Dass das "Nicht Antworten" so übel aufstößt ist verständlich und wird mir leider jetzt erst bewusst. Sorry dafür! Über weitere Hilfe freue ich mich Grüße suspect |
|
20.11.2012, 05:22
| #4 |
| /// Helfer-Team | GVU - Bundestrojaner Losche die OTL Version die du hast. Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
|
20.11.2012, 19:11
| #5 |
| | GVU - Bundestrojaner Hi, OTL Scan hat nun funktioniert. OTL.txt: Code:
ATTFilter OTL logfile created on: 20.11.2012 19:04:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\m0\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,93 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 73,73% Memory free 11,86 Gb Paging File | 10,33 Gb Available in Paging File | 87,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1386,27 Gb Total Space | 1117,55 Gb Free Space | 80,62% Space Free | Partition Type: NTFS Computer Name: M0-PC | User Name: m0 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\m0\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1FDBCE12-1BF3-41C7-80F6-68D9628AC2F4} IE:64bit: - HKLM\..\SearchScopes\{1FDBCE12-1BF3-41C7-80F6-68D9628AC2F4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {B8E0BF51-4AD3-4956-87E8-CED1AF1B822E} IE - HKLM\..\SearchScopes\{B8E0BF51-4AD3-4956-87E8-CED1AF1B822E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\..\SearchScopes,DefaultScope = {B8E0BF51-4AD3-4956-87E8-CED1AF1B822E} IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: YPlayer@yummy.net:1.0.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 19:51:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 19:51:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 19:51:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 19:51:18 | 000,000,000 | ---D | M] [2010.07.23 17:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0\AppData\Roaming\mozilla\Extensions [2012.10.24 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0\AppData\Roaming\mozilla\Firefox\Profiles\ea85r2lx.default\extensions [2012.10.16 18:51:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\m0\AppData\Roaming\mozilla\Firefox\Profiles\ea85r2lx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.27 19:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 19:51:18 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files (x86)\mozilla firefox\extensions\YPlayer@yummy.net [2012.10.27 19:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.10.27 19:51:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.27 19:51:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.25 17:19:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.17 17:47:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.25 17:19:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.25 17:19:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.25 17:19:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.25 17:19:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [DriverMax_RESTART] File not found O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [Spotify] C:\Users\m0\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [Spotify Web Helper] C:\Users\m0\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\m0\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\m0\Desktop\PartyPoker.lnk () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF0B0F1-95B3-4B77-89DB-E89C11D33AEA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 19:02:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\m0\Desktop\OTL.exe [2012.11.19 20:08:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.15 21:38:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.15 21:38:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.15 21:35:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.15 21:35:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.15 21:35:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.15 21:35:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.15 21:35:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.15 21:35:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.15 21:35:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.15 21:35:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.15 21:35:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.15 21:35:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.15 21:35:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.15 21:35:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.15 21:35:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.15 21:35:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.15 21:35:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.15 21:34:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.15 21:34:44 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.15 21:34:44 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.15 21:34:44 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 18:00:51 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 18:00:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.04 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\m0\AppData\Roaming\Avira [2012.11.04 15:10:42 | 000,000,000 | ---D | C] -- C:\ts3overlay [2012.11.04 15:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.04 15:09:24 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.04 15:09:24 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.04 15:09:24 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.04 15:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.04 15:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.04 14:59:55 | 000,000,000 | ---D | C] -- C:\Users\m0\AppData\Roaming\16001.007 [2012.11.04 14:58:10 | 000,000,000 | ---D | C] -- C:\Users\m0\AppData\Roaming\xmldm [2012.11.04 14:58:09 | 000,000,000 | ---D | C] -- C:\Users\m0\AppData\Roaming\kock [2012.10.27 19:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.07.06 19:11:19 | 814,143,398 | ---- | C] (GOA ) -- C:\Program Files\loleusetup.exe [2 C:\Users\m0\AppData\Roaming\*.tmp files -> C:\Users\m0\AppData\Roaming\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.20 19:06:50 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 19:06:50 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 19:06:50 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 19:06:50 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 19:06:50 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.20 19:02:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\m0\Desktop\OTL.exe [2012.11.20 19:00:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 19:00:05 | 479,522,815 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 18:59:09 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.11.19 20:30:32 | 000,136,472 | ---- | M] () -- C:\Users\m0\Desktop\OTL.jpg [2012.11.19 20:08:50 | 000,000,800 | ---- | M] () -- C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.19 20:08:49 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.19 13:14:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 13:14:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 18:15:48 | 000,339,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.15 21:16:18 | 000,015,345 | ---- | M] () -- C:\Users\m0\Desktop\pain to power allgemein.jpg [2012.11.15 21:16:03 | 000,018,745 | ---- | M] () -- C:\Users\m0\Desktop\pain to power aa.jpg [2012.11.15 21:14:57 | 000,016,801 | ---- | M] () -- C:\Users\m0\Desktop\Sport.jpg [2012.11.15 21:13:56 | 000,016,843 | ---- | M] () -- C:\Users\m0\Desktop\pain to power arbeit.jpg [2012.11.09 23:35:31 | 001,623,347 | R--- | M] () -- C:\Users\m0\Desktop\WOEmb.rar [2012.11.05 18:04:50 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.05 18:04:50 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.04 15:09:29 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.04 14:59:46 | 000,000,051 | ---- | M] () -- C:\Users\m0\AppData\Roaming\blckdom.res [2 C:\Users\m0\AppData\Roaming\*.tmp files -> C:\Users\m0\AppData\Roaming\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.19 20:30:32 | 000,136,472 | ---- | C] () -- C:\Users\m0\Desktop\OTL.jpg [2012.11.19 20:08:50 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.11.19 20:08:50 | 000,000,800 | ---- | C] () -- C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.15 21:38:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 21:34:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 21:16:18 | 000,015,345 | ---- | C] () -- C:\Users\m0\Desktop\pain to power allgemein.jpg [2012.11.15 21:15:48 | 000,018,745 | ---- | C] () -- C:\Users\m0\Desktop\pain to power aa.jpg [2012.11.15 21:14:57 | 000,016,801 | ---- | C] () -- C:\Users\m0\Desktop\Sport.jpg [2012.11.15 21:13:28 | 000,016,843 | ---- | C] () -- C:\Users\m0\Desktop\pain to power arbeit.jpg [2012.11.09 23:37:19 | 001,623,347 | R--- | C] () -- C:\Users\m0\Desktop\WOEmb.rar [2012.11.04 15:09:29 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.04 14:59:46 | 000,000,051 | ---- | C] () -- C:\Users\m0\AppData\Roaming\blckdom.res [2012.03.03 14:29:21 | 000,007,597 | ---- | C] () -- C:\Users\m0\AppData\Local\Resmon.ResmonCfg [2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.02 18:59:30 | 000,008,297 | ---- | C] () -- C:\Users\m0\AppData\Roaming\UserTile.png [2011.03.29 17:47:20 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.29 17:47:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.08.11 14:37:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2011.11.17 08:14:10 | 000,002,048 | -HS- | M] () -- C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\@ [2011.11.17 08:14:10 | 000,000,000 | -HSD | M] -- C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\L [2012.06.16 16:50:01 | 000,000,000 | -HSD | M] -- C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.04 15:03:08 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\16001.007 [2012.11.04 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\kock [2010.07.06 19:45:37 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\LolClient [2011.03.10 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Miranda [2011.01.10 19:02:43 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\OpenOffice.org [2011.11.11 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Origin [2012.10.01 21:16:16 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Party [2012.03.10 18:57:55 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\pdfforge [2011.10.02 18:59:30 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\PeerNetworking [2010.10.05 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\ProtectDisc [2011.03.29 17:47:04 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\PunkBuster [2011.03.21 21:06:13 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Rift [2012.08.24 00:23:37 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\SoftGrid Client [2012.11.20 18:58:39 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Spotify [2010.10.04 18:17:40 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\TP [2012.11.04 15:03:08 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\TS3Client [2012.05.21 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\ts3overlay [2011.03.29 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Ubisoft [2012.11.04 14:59:48 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 19:04:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\m0\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,93 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 73,73% Memory free
11,86 Gb Paging File | 10,33 Gb Available in Paging File | 87,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1386,27 Gb Total Space | 1117,55 Gb Free Space | 80,62% Space Free | Partition Type: NTFS
Computer Name: M0-PC | User Name: m0 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277341E-183E-4E13-A842-266A4F24DACD}" = lport=137 | protocol=17 | dir=in | app=system |
"{035E09AC-BC4C-4594-A9CD-145FBF8DF5FB}" = lport=6942 | protocol=17 | dir=in | name=league of legends launcher |
"{0391ED4A-273F-4CDB-97E8-8BD3068D54E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{058F7869-EDF3-46D6-874A-BBB37A90E863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0598E703-7C01-46A7-8309-D436A97FE24D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08882CAE-B247-4A49-9862-2A2279D736A0}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
"{09737564-0E03-4E00-A997-20F271B0C329}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{0B22F6D5-FDC8-4368-8101-5641CDF53DE3}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{0B992644-5B75-4E89-A915-971992C050BB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{0CC20AD2-FB68-4F1B-B371-40F8E2C32E79}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{0D5E00E0-F16A-4576-BE00-7D4EDA437B63}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{0ED0E951-0015-4DAD-9809-737BE0BAA317}" = lport=6970 | protocol=6 | dir=in | name=league of legends launcher |
"{12F0B9DD-8855-4732-9E70-E41005F9C351}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher |
"{1309EF8C-FBE8-4A26-B6B8-4C2EEE96ADB3}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
"{1342D56F-6BD3-410D-865B-B84A655454E2}" = lport=6970 | protocol=17 | dir=in | name=league of legends launcher |
"{1608779D-107E-4AA5-A403-A711CF295112}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{1A99646C-B8E8-43FB-AE27-CE846B00E03F}" = lport=6942 | protocol=6 | dir=in | name=league of legends launcher |
"{1CD869CE-C28E-438A-BBA3-30922E3E0974}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{1F082140-2EEC-421F-B0AC-44D1B4683F0E}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher |
"{2057BA5A-F645-4B68-81A3-D0468041D404}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{20AFFF8E-3A7C-4758-9771-356B7B66B8C7}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{21588AB5-7555-4FE4-85B1-58CEE364D8DD}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{24694FC8-F6E9-4968-A893-ACD9682DE58F}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher |
"{266E8054-6B21-4C87-B9B4-2009E1B7A691}" = lport=138 | protocol=17 | dir=in | app=system |
"{29F2E344-3D30-4181-BD4E-D8EC66BAD84A}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{2A23A29C-8CB6-4EE8-AABE-C76C3B2FD55A}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{2A6A2549-2D2D-44C7-91CB-DD4264E47895}" = rport=137 | protocol=17 | dir=out | app=system |
"{2CEAE754-B959-4E47-940D-6E5178281601}" = lport=6970 | protocol=17 | dir=in | name=league of legends launcher |
"{30499FCC-0D21-4D74-B9BC-8260546828B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37A43577-5275-4F7E-8FC1-777138318C23}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{390C32F2-C00A-4ECC-BCDD-F1350E76E229}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{4046C17B-24E0-42E8-844E-9931E6F10492}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |
"{42FA413E-2A7A-42FC-BEBC-12B20A07C626}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{44A5730C-5DD3-4C70-A575-F2EB4D3079D6}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{45E9FC7A-CAA4-46BA-8A99-B4878CE7C1FD}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{4A560F6D-7CA2-4EF2-B91F-402AF80D0B81}" = lport=6931 | protocol=6 | dir=in | name=league of legends launcher |
"{4CF3600E-7271-4106-9FF8-42B415790F9A}" = lport=6970 | protocol=6 | dir=in | name=league of legends launcher |
"{4D7D68D5-09FD-4442-B766-362B64F07A88}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{52604D98-5AB2-4F04-A6AA-976B3B722607}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{54832405-707B-4E40-822B-85B0AE7ED86B}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{57E89C76-D7B3-4600-A132-0517226BD79F}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{5969C4A1-340E-4579-80EF-4EA080896E01}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{5AB304EB-4F41-4063-8C63-D81541C232A3}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher |
"{5DE63646-FE03-4A75-8457-8E01ED0C8359}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{5FBF2AE9-548F-4198-A0CC-4BDF3355D948}" = lport=10243 | protocol=6 | dir=in | app=system |
"{622A122C-B97D-4925-8C30-490A1936E99C}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{62BCAC14-213A-4071-AD6E-2C9060C4DECA}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{633BF8DD-69E6-4155-9E6D-19E1DB5D4A8D}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher |
"{6506391D-759B-4E42-AB8B-1F061DF8BD43}" = rport=138 | protocol=17 | dir=out | app=system |
"{66230879-A4CB-484A-9509-DE9C332CD1B3}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{6B3DAEC9-5BF1-4D64-AA4E-C223C70256C7}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{6B841990-BD13-4C0D-AC8A-390401EB8837}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6BDC1A3B-AED7-4CC3-ABA4-66AED29351B1}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |
"{6DF71E4A-743D-457E-BAAD-7424F3580C95}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{6F684E54-72BB-48C7-8A3D-5EB072696DFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FA0E722-DC61-498F-BB4F-B7B78E8B96F0}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher |
"{70089BE2-86A5-4D06-ADAC-5A93E37A265A}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher |
"{755DC4D6-DEBD-4A26-91C1-E50034D0B9C0}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher |
"{7664E17C-E285-47FE-85DC-0A1CBC83B150}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{7954CCB9-A9F1-4EFB-B001-470140D66EA5}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{7AB247DE-8C0D-4566-B9E0-444A8D0C4667}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{7ACD6459-77CE-44B7-93C1-363FA733A363}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher |
"{7C023302-5C10-43E4-9491-CB9056ACCD28}" = rport=10243 | protocol=6 | dir=out | app=system |
"{808E83F1-0A87-4ED9-A209-090128658B38}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher |
"{8343A277-56D6-473C-BFD7-37994289F670}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{835E39C9-F9F2-476D-9A5E-B782C4F47BC9}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |
"{84DF79F8-8128-4DAE-9984-8E078A51A417}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85ED37D7-BA94-4965-93C2-EB8B0C24AE57}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{8B194616-675A-4084-8D6F-D154D703F980}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher |
"{8CC7CD74-BECA-4707-A112-7926E7B559C6}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher |
"{8F23511A-8B66-4695-86E1-FDEDFD325F0C}" = lport=6941 | protocol=17 | dir=in | name=league of legends launcher |
"{8F906673-A502-4BA7-8898-E847AC01A6A2}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{8FD25186-0B72-417A-A8C9-CE477C08A205}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{9059327B-C899-4D8C-9B2F-76243829623C}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher |
"{91C3ABBA-1CC6-4123-8AB0-74C3E15F60CA}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{961191BC-EBA1-4EA8-A8F5-FEA0D1D30F71}" = lport=445 | protocol=6 | dir=in | app=system |
"{96287789-07C8-41D3-8C5A-74CDABF09FDE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96CEBEB8-0262-46D9-AD00-AACDE34B4967}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{9C95857B-7539-4588-942F-4AECED26A8E0}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{9DFC4407-4FA4-445D-B10B-7BDA24D58782}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher |
"{A02484F7-7F9D-49DD-8D8F-772EE71E7F42}" = rport=445 | protocol=6 | dir=out | app=system |
"{A100074F-D7D2-4E35-9317-C3FAA5B8DAB2}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{A1A74D76-EA85-4BBB-A803-FFC315C0E8B7}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher |
"{A1C5588B-E4E8-4744-A40F-7C4EBF1D0A77}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{A4AE4088-31E3-4E86-B2ED-D58A6134940B}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher |
"{A61947F0-2C7C-46E8-8E9F-C6ADAE76983B}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher |
"{A69D297F-A31B-450A-A8B7-ED4957D28A07}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{A835674C-CE82-414C-973B-0E719BA79540}" = rport=139 | protocol=6 | dir=out | app=system |
"{A974D154-FF20-418B-8A9E-28CC2227A88B}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher |
"{A9AA1DB2-97B4-4E23-B054-229A2AD5CCA9}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher |
"{AACC362A-DEA0-4028-87B3-C2ED6050AD13}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{AAE7EE66-AF2E-4F3C-8C51-9CC5E4CA88AD}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{AB643774-4407-456E-A5AD-B772CB53DEE2}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |
"{ACDB06EE-54B5-403A-8455-3B48CDFCEEAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1D5764D-1E7C-4769-A1BD-ACA236AD29A0}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{B33AC23E-85F1-4FCB-A3BE-3C0D355A60AD}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{B5F98194-2AAB-4BF3-9C20-537F6D43CAE6}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher |
"{B67DA6E8-53E2-4EE6-BEB6-C978DA5B0D69}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{BAA17A64-E776-4197-8C28-4F9A60FB362F}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher |
"{BB593EE8-21AB-4392-A3F5-F010BF353D8F}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
"{BC8DF044-69E5-44FF-8374-5278621A6EAC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1D7CA02-7304-4808-8730-79AE86A4E5EA}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher |
"{C2C4737F-EB85-4BEB-A612-BC4FA0D94BC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C504B20B-EEFA-4DB2-887C-AF13A6BBFF5C}" = lport=6931 | protocol=17 | dir=in | name=league of legends launcher |
"{CAD02FBE-F145-4FF6-A0A2-7851EB2DF276}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher |
"{D82E5413-D50F-4AB0-96D0-2F08372C7633}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{D99633F6-4505-418F-A26E-5A5231DF88C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DE69488C-05A1-45E4-887F-0C0746011F92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4F6E86F-530D-4671-AACD-6C06793B35FA}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher |
"{E5CD96C8-06C7-4E45-9F03-288E1F3134CC}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{E673C5E2-0786-43DA-83CA-D2269180121B}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{E6E22AB2-6024-4AD7-8571-82A664A66663}" = lport=139 | protocol=6 | dir=in | app=system |
"{E88A1F8C-C6F3-421B-B7A3-6BB6D9D4E723}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher |
"{EAE44139-A633-4555-BB3F-EEF460B805EC}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{EB8B8C4E-9BB6-42B6-8678-C3A675E4101F}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{EBFA2FFD-8D0E-4325-AE75-97644D37F814}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{ECC864D9-8018-4335-8D4F-B209B18F97B8}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher |
"{EF970251-BD7A-4F0F-8980-7B2F9D6F2AA7}" = lport=6941 | protocol=6 | dir=in | name=league of legends launcher |
"{F5AB716B-C045-4F12-9496-59D0088B866A}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{F645C657-BA3B-4980-B3D7-AF9245B38D83}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher |
"{F87324DA-7EB4-4FD2-9DB8-2E1925AF6276}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher |
"{F994CFFF-9D70-45C1-89B6-1C15807B19B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB862C0B-80C5-451C-B8B3-C5A3F8769C06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE74217B-D18E-409D-BC54-59C4AA9BE6BC}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{FF5A1043-22CB-4DBB-8DFD-D8B223C6BDA7}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020C8DF2-2A19-4270-BCB8-C27D0998EC12}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{03FD7FCD-5068-4E33-84A3-1CFBB385CF82}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{065DE7F6-91BE-4691-B40B-CA44ED61D85C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{0691F7EB-69BF-48DE-B7BF-8D02A8EDBDD4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{0BE5CEFD-DD0F-454B-ACA7-F6DB78C8FC2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D8F29D4-B0F7-48F5-99A7-5C4675994F50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1162FC16-B6D7-4192-9D68-8108B58DB3B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{11F77002-E77D-4AA5-BBBB-055210E4D837}" = protocol=6 | dir=out | app=system |
"{13A11FFF-A303-474E-84B2-A791D1A1A06D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{14EE56DB-DBCB-4D72-881A-F5527B35500F}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{1534DB62-B076-4065-BC4D-398FBFBF52AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16624475-CB70-495B-9D69-7D7F0E51592D}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{173DB832-94C4-44BB-9C54-E1A716EB043F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{198CFA89-375F-402B-BB25-6620B6847301}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{1AC71392-257A-4D48-B3C9-2628E12CDE19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ambixdextrous89\counter-strike source\hl2.exe |
"{1FCF012E-23C9-4E53-91EC-B373AF674F1C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{22BD153F-8092-484C-8F5A-7ADF56A14713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{231CC129-AA0A-45F1-ADEE-6B4D9695B1F1}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{233D89E3-C8FA-43B7-8E47-6E7B3E822751}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{24971B0F-C507-44E2-B9E4-654BA4D1CFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ambixdextrous89\counter-strike source\hl2.exe |
"{26D579B5-3CCD-4780-9D49-D29093E0BA1A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{28B34D77-182F-4E80-9DE2-95B4D2D5A74F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{29A59924-8B0A-4837-8C85-D9D377003CF9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{317C0C8B-145B-4A84-BFBD-F9DF5EA03BE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe |
"{35D1CCEC-37AE-4671-83BC-6563705C8E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{3A1488D7-F84C-4D14-9E62-10B794EB5F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{3E25A255-1784-440C-A6F6-2039A857988F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42DF9710-42FE-4D16-A6A8-DDD69692AB6F}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{4378378C-26A3-48C6-9C6D-793E58684396}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{43847E2C-5E26-40F3-88CF-454CAAF26235}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe |
"{50E71632-026B-4E1C-A823-8200DED87569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{544F0C8C-46D0-49CA-9EFB-92B8C580640D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{5520D415-E908-4484-AA62-C75F4F46D9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{56BF5AAD-528D-4E13-B23F-43FA0229C76E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{5A5EF913-008D-4973-9940-11E585BDED57}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{5C47B69E-4C11-4E6B-B73B-554B3CAA1141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5ECBCDA6-7A5E-4DA1-9A1D-60D7DD40B556}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60EB9BEF-519D-49FD-8F99-55B31599FA48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{62F58EB1-9F72-49EE-A889-9BAFB4B2D826}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63176C0A-00C0-4595-A9ED-9D93364F5768}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63EA772D-4472-4E1E-BABF-178450E479DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{63F19385-FF89-4948-AB0E-AD7EAAA3B069}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{646AEAB3-9475-4278-9B6E-5D024DE478F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{67BA897A-EC45-4AA6-B70D-C185AAC89671}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6BFA611C-6D60-4095-BDBF-19DB11D998EB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6C81741C-83A0-4ADA-B817-0FAC0C1FC791}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6DDDBA07-1824-42B3-949F-B119255A8707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EE308B4-3655-458C-8EBB-70855A73D828}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{6F232B44-28F4-4FDD-A623-16AD0A2A4F6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6F589925-A0C2-4B33-B07A-415F27F70A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe |
"{71A3EBC0-AE0D-42A3-8E68-7754DC3CEED9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{72EE931E-18F9-4821-B09B-31B509F7B966}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7473113E-4DE7-47FB-8E7C-E409EED38A45}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{7D826F9F-3346-4D3A-9621-6EE598235AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{7D885D94-AE3C-4827-8A7B-E8DA244608FE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{903EF5AC-3FE3-401C-A596-8FF72853A134}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{97A66429-36F1-41D2-A0CC-3B5A0257FD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe |
"{97F280CE-3523-4B11-BE44-042046BF2256}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{9A214B41-FCF0-4A4C-9EDD-DB920C0F98EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{9C14FDA8-F67D-49BB-B14B-D5BCDA3225F9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{9D91DEF0-3CAF-473F-8466-343DA416FFEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9EAB5A2C-0C3C-416A-9056-A3043F02F39F}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{9F4F323C-4315-4406-9B8A-E4F1512D2690}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{9FFF1D16-C223-42D4-AC79-9057AE0B3C2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0BD4A80-060A-493A-A270-BCDD421BE123}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A2E4DC49-02A5-4879-A98C-BC58A922CD43}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AA75B106-93C5-41BF-904C-11A686B19114}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{AAA71BA1-777A-4437-B6E0-55A6CD7F8AA2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{AF16AD5A-9754-47FB-9923-A2D9ED825C36}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{B6C99562-392E-4D04-8AEB-853A2FCC1212}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B9F9ED3A-86EA-4EE4-B062-27F5FC5BA80F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{BCBA5996-172B-464D-A5DA-C77F02049E28}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BCF6A850-1AFB-49C6-8C1A-B291D7819C21}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{C048400B-A891-43D9-8A0C-0262087FB57C}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{C2808D21-A4B5-4FBB-8F4F-75A4739FDF1B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{C450EE28-22C1-40B6-AD7C-EEA33A36662D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{CD4AF1CE-D58C-41F0-B60B-EF0DB1ABC863}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{CE2C1889-DF70-436C-B024-B49CA12D0B5A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{CEB98207-4056-42A9-A05A-B5FB09B37831}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CEF33104-615E-4061-AA38-B0D8E0AA29A2}" = protocol=58 | dir=in | app=system |
"{D244C177-8C3E-4B51-8047-18305C23D17D}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{D37A72F8-81FF-4F94-87CB-B3FF016D419A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D4113478-F522-4780-8774-BF2CBB01E711}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{DAF5BF3A-9E8D-4C59-A6F3-C9DEE5180C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DB807868-84BB-4A52-BE61-3DCA4B4A99E4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E07D1E99-0F95-413D-B083-8928AFF49FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
"{E2EFCC1A-C27E-4CAF-9464-67BB93298D04}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E71D5D8B-7E74-4855-858C-61CEED8CBDB0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{E8567D3F-6460-4854-B99B-E8145B18A2F8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E88DF666-0688-43B2-B31B-01DAE59E42FD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E8E0574D-2CAB-4CF0-9244-1691646E42A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{ECF3BF60-34EB-45CE-86A2-9E5BAA5207BD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F209D34B-A4AE-4FD2-A335-DDE0CB72F20B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
"{F2F5A384-8A4C-4764-A182-795C0C0C929B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F59B88B8-D7AB-424F-8055-A21866C13DCA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F6505FA6-124E-42EB-8021-A4A1779BF56F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{F7991CD3-25BE-440C-9950-0DA47F5524F3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{F7D6E3E8-6DDF-4EF7-BAA9-F64BC6D74CD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{F8891795-069F-42F2-8F16-2DCAD193314E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{FA528623-07FF-4475-8923-8441569CA795}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{FD6D77B2-2A7A-4206-A1C0-47153B1289DF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{FFACEB47-071F-4E91-B74B-F576F3921E72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{6EC38A2A-A71D-4CD9-8D39-031FC22F238C}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{73AAE93B-368C-4FD2-97AE-666091B4405B}C:\users\m0\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\m0\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C32541E6-2A78-4222-BD27-1AE433FFA270}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{591FA81A-57C1-4DE4-85A5-1F23770E477D}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{A15A3BBD-3172-45F8-930C-1F86B2578F71}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{CEF5F955-9802-4F8D-A5A6-02F343275D2F}C:\users\m0\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\m0\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C6B8BF9C-A28E-0219-4E93-DF7925DEA793}" = ccc-utility64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{106F1DCB-F20C-A6B9-A130-4664B9A0F708}" = Catalyst Control Center Graphics Previews Vista
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{167E3C11-FB97-F320-DC34-73A6C5F50E88}" = CCC Help German
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA2AC5F-2B16-A21B-E46D-AE14F5A3E8DB}" = CCC Help Czech
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{29787541-F210-AD16-5B75-AC7CC0968472}" = CCC Help Hungarian
"{299BE3A5-6281-482F-5CB0-BBFE939E5E4F}" = CCC Help English
"{2B3DFAE1-AA77-4901-C4AB-6616D6B1E3DD}" = CCC Help Swedish
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C15B204-0CAF-DADE-1B5B-B5759AE296E9}" = CCC Help Dutch
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EBDD093-09D3-E08C-61DD-B0FF37CF69F7}" = CCC Help Russian
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41894DC2-C8F4-F60A-9518-076D35EF4929}" = Catalyst Control Center InstallProxy
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4314A52E-9094-B391-137E-CEA1536F7484}" = CCC Help Spanish
"{45B612A4-253E-6634-AD5C-42249E420D57}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{641CD0A3-8B54-37CA-ED94-2C1798D69D6F}" = Catalyst Control Center Core Implementation
"{65CCD116-79BD-84B0-C3C3-C6B31BC0D572}" = CCC Help Polish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D5BAF1B-68D7-58D9-29E2-85984483450A}" = CCC Help Norwegian
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7ED42F7A-7F2F-C401-4A91-7F4EB0EF5C10}" = CCC Help Turkish
"{818F867D-1764-9A66-0D8E-33C485380390}" = Catalyst Control Center Graphics Full New
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8843048B-2293-26DE-7941-4903008191C9}" = Catalyst Control Center Graphics Full Existing
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97CC5CA6-F18E-9630-7E19-CC161A65376D}" = CCC Help Greek
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9FD13268-D5D9-DCBD-C5F7-8B1B1D52B36C}" = CCC Help Korean
"{9FF20193-B992-17A0-DB1E-8865399EE534}" = ccc-core-static
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A94C1B62-1FE3-2725-EEC5-F24C1016C650}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BB34F0B3-8CDD-873A-4DB6-3CA826243680}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8637C61-3CC5-2D59-3D6D-B5F180F001AB}" = Catalyst Control Center Graphics Light
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D20FA72C-492D-B478-10BF-4BA756560BA9}" = CCC Help Thai
"{D3A3F5C5-E95B-456D-952B-DDEC3AF68319}_is1" = Metaboli Player
"{D450F41E-2705-36D6-D423-AEA1058D4095}" = Catalyst Control Center Localization All
"{D619FD79-6AE6-18D1-48B9-B03030D2B0D0}" = Skins
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DE2A98B9-D5F8-F508-750E-5AFDC2492D40}" = CCC Help Danish
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E07AE041-06B3-64A7-3C79-A0F8DDE76BB8}" = CCC Help Portuguese
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E19B61A8-F114-7A00-9DF4-18E5BA7A31AA}" = CCC Help French
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED498060-2CB2-5288-23D4-19DFAFF3F1DB}" = CCC Help Italian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBD5D039-FE03-910E-C9E5-3F98B6A6BAB6}" = CCC Help Japanese
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9F797D-1C39-1E96-7030-F5A36A6402C6}" = CCC Help Finnish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Dell Dock" = Dell Dock
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"DMX5_is1" = DriverMax 5
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Guild Wars 2" = Guild Wars 2
"hon" = Heroes of Newerth
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Miranda IM" = Miranda IM 0.9.17
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PartyPoker" = PartyPoker
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"Steam App 214560" = Mark of the Ninja
"Steam App 240" = Counter-Strike: Source
"Steam App 39120" = RIFT
"Steam App 40300" = Risen
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 55100" = HOMEFRONT
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 18:27:18 | Computer Name = m0-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.11.2012 18:27:45 | Computer Name = m0-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 04.11.2012 09:58:10 | Computer Name = m0-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 16.0.2.4680,
Zeitstempel: 0x50882817 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce903 ID des fehlerhaften
Prozesses: 0x15bc Startzeit der fehlerhaften Anwendung: 0x01cdba94577293d4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: aa778370-2687-11e2-ab50-a4badbf8fd91
Error - 04.11.2012 09:58:14 | Computer Name = m0-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1446.623,
Zeitstempel: 0x5004ae1a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x02da57c1 ID des fehlerhaften
Prozesses: 0xab8 Startzeit der fehlerhaften Anwendung: 0x01cdba7dd1de57a2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Steam\Steam.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: ac97d358-2687-11e2-ab50-a4badbf8fd91
Error - 04.11.2012 09:58:16 | Computer Name = m0-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: spotify.exe, Version: 0.8.5.1333,
Zeitstempel: 0x50880be8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce903 ID des fehlerhaften
Prozesses: 0xc10 Startzeit der fehlerhaften Anwendung: 0x01cdba7dd1e0b903 Pfad der
fehlerhaften Anwendung: C:\Users\m0\AppData\Roaming\Spotify\spotify.exe Pfad des
fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: adbe7d59-2687-11e2-ab50-a4badbf8fd91
Error - 04.11.2012 09:58:17 | Computer Name = m0-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.8.5.1333,
Zeitstempel: 0x50880bf7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce903 ID des fehlerhaften
Prozesses: 0xc20 Startzeit der fehlerhaften Anwendung: 0x01cdba7dd1e31a63 Pfad der
fehlerhaften Anwendung: C:\Users\m0\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ae9a88b1-2687-11e2-ab50-a4badbf8fd91
Error - 04.11.2012 09:58:18 | Computer Name = m0-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbamgui.exe, Version: 1.62.0.1, Zeitstempel:
0x4fe2300f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec49d10 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce903 ID des fehlerhaften Prozesses:
0xff8 Startzeit der fehlerhaften Anwendung: 0x01cdba7dd2c694f6 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe Pfad des
fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: af2d7c08-2687-11e2-ab50-a4badbf8fd91
Error - 04.11.2012 09:58:20 | Computer Name = m0-PC | Source = Application Error | ID = 1000
Error - 04.11.2012 09:58:28 | Computer Name = m0-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 16.0.2.4680, Zeitstempel: 0x50882817
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce903
ID des fehlerhaften Prozesses: 0xe18
Startzeit der fehlerhaften Anwendung: 0x01cdba7e1438a3e5
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: b4cd14bd-2687-11e2-ab50-a4badbf8fd91
Error - 04.11.2012 09:59:36 | Computer Name = m0-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: spotify.exe, Version: 0.8.5.1333, Zeitstempel: 0x50880be8
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce903
ID des fehlerhaften Prozesses: 0xdb4
Startzeit der fehlerhaften Anwendung: 0x01cdba949b8532ff
Pfad der fehlerhaften Anwendung: C:\Users\m0\AppData\Roaming\Spotify\spotify.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: dd630c58-2687-11e2-a3c1-a4badbf8fd91
Error - 04.11.2012 09:59:43 | Computer Name = m0-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: ShwiconXP9106.exe, Version: 2.1.0.17, Zeitstempel: 0x4a60315c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3c6
ID des fehlerhaften Prozesses: 0xe58
Startzeit der fehlerhaften Anwendung: 0x01cdba949ba712ef
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: e1c9455b-2687-11e2-a3c1-a4badbf8fd91
Error encountered while reading event logs.
< End of report >
|
|
21.11.2012, 03:48
| #6 |
| /// Helfer-Team | GVU - Bundestrojaner Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - Startup: C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
[2012.11.19 20:08:50 | 000,000,800 | ---- | M] () -- C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.04 14:59:55 | 000,000,000 | ---D | C] -- C:\Users\m0\AppData\Roaming\16001.007
[2012.11.04 14:59:46 | 000,000,051 | ---- | M] () -- C:\Users\m0\AppData\Roaming\blckdom.res
[2012.11.04 14:59:48 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\xmldm
[2012.11.04 14:58:09 | 000,000,000 | ---D | C] -- C:\Users\m0\AppData\Roaming\kock
[2012.11.20 18:59:09 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.11.19 20:08:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2011.11.17 08:14:10 | 000,002,048 | -HS- | M] () -- C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\@
[2011.11.17 08:14:10 | 000,000,000 | -HSD | M] -- C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\L
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\m0\*.tmp
C:\Users\m0\AppData\Local\Temp\*.exe
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ --> GVU - Bundestrojaner |
|
21.11.2012, 23:09
| #7 |
| | GVU - Bundestrojaner Hi, habe Malwarebytes zweimal durchlaufen lassen, da beim ersten Scan eine veraltete Version benutzt wurde OTL Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\lsass.exe moved successfully.
File C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\Users\m0\AppData\Roaming\16001.007\components folder moved successfully.
C:\Users\m0\AppData\Roaming\16001.007 folder moved successfully.
C:\Users\m0\AppData\Roaming\blckdom.res moved successfully.
C:\Users\m0\AppData\Roaming\xmldm folder moved successfully.
C:\Users\m0\AppData\Roaming\kock folder moved successfully.
C:\ProgramData\0tbpw.pad moved successfully.
File C:\ProgramData\lsass.exe not found.
C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\@ moved successfully.
C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\L folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\m0\*.tmp not found.
C:\Users\m0\AppData\Local\Temp\DEL1.EXE moved successfully.
C:\Users\m0\AppData\Local\Temp\EADDFD5.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\Gw2.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\InstallFlashPlayer.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\rootsupd.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\Setup.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\sonarinst.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\ubi1B02.tmp.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\vcredist_x64.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\vcredist_x86.exe moved successfully.
C:\Users\m0\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\m0\Desktop\cmd.bat deleted successfully.
C:\Users\m0\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: m0
->Temp folder emptied: 630463858 bytes
->Temporary Internet Files folder emptied: 467144368 bytes
->FireFox cache emptied: 84899276 bytes
->Flash cache emptied: 3320767 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 456588692 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36067250 bytes
RecycleBin emptied: 829459834 bytes
Total Files Cleaned = 2.392,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11212012_184537
Files\Folders moved on Reboot...
C:\Users\m0\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.11.21.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 m0 :: M0-PC [Administrator] Schutz: Aktiviert 21.11.2012 18:55:54 mbam-log-2012-11-21 (18-55-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 411462 Laufzeit: 1 Stunde(n), 1 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Program Files (x86)\TERA\Client\Binaries\TERA.exe (VirTool.Vbcrypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\m0\Desktop\borderlands\land\BordL2+28Tr-LNG.exe (VirTool.Obfuscator) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\m0\Downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.21.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 m0 :: M0-PC [Administrator] 21.11.2012 21:34:10 mbam-log-2012-11-21 (21-34-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 406477 Laufzeit: 1 Stunde(n), 13 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.008 - Datei am 21/11/2012 um 23:02:59 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : m0 - M0-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\m0\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\m0\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\m0\AppData\Roaming\Mozilla\Firefox\Profiles\ea85r2lx.default\prefs.js
C:\Users\m0\AppData\Roaming\Mozilla\Firefox\Profiles\ea85r2lx.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1004 octets] - [21/11/2012 23:02:59]
########## EOF - C:\AdwCleaner[S1].txt - [1064 octets] ##########
|
|
22.11.2012, 06:50
| #8 |
| /// Helfer-Team | GVU - Bundestrojaner Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
22.11.2012, 19:56
| #9 |
| | GVU - Bundestrojaner Hallo, der Rechner läuft stabil und sogar schneller als vorher. Kann Emisoft leider nicht installieren, er sagt mir, ich müsse das Service Pack 1 installieren. Allerdings wurden bei mir regelmäßig die Win 7 Updates draufgespielt, sollte doch normalerweise mit dabei sein. Oder täusche ich mich da? |
|
23.11.2012, 01:19
| #10 |
| /// Helfer-Team | GVU - Bundestrojaner Alles Windows Updates einspielen, inkl. Service Pack! |
|
23.11.2012, 21:15
| #11 |
| | GVU - Bundestrojaner Hallo, SP 1 ist nun drauf. Hier der Scan von Emisoft: Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0
Letztes Update: 23.11.2012 19:48:42
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\
Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 23.11.2012 19:50:03
C:\Users\m0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk gefunden: Trace.File.PartyPoker (A)
C:\Users\m0\Desktop\PartyPoker.lnk gefunden: Trace.File.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 1 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 10 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 2 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 4 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 5 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 6 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 7 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> 9 gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> AdsLastKnownState gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> AppPath gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> id gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> InitialPort gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> InstallState gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> SL gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> TableType gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming\partypoker -> useCount gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming -> AutoLoginToOtherGames gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming -> CFDialogShown gefunden: Trace.Registry.PartyPoker (A)
Value: hkey_users\s-1-5-21-873282114-2901205279-3470080578-1001\software\partygaming -> FreshInstall gefunden: Trace.Registry.PartyPoker (A)
C:\_OTL\MovedFiles\11212012_184537\C_Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\3c6c86e2-2febab35 -> report/Generator.class gefunden: Java.Exploit.CVE-2010-0840.P (B)
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN (A)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5382eae6.qua -> (Quarantine-8) -> (INFECTED_JS) gefunden: PDF:Exploit.PDF-JS.ID (B)
Gescannt 524590
Gefunden 24
Scan Ende: 23.11.2012 21:08:31
Scan Zeit: 1:18:28
|
|
23.11.2012, 21:45
| #12 |
| /// Helfer-Team | GVU - Bundestrojaner Sehr gut! Lasse die Funde in Quarantaene verschieben, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
25.11.2012, 21:29
| #13 |
| | GVU - Bundestrojaner Hallo, Log von ESET wie folgt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8365ca65b1dd734089b55a28a44e4fbf
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-25 07:57:09
# local_time=2012-11-25 08:57:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1832898 1832898 0 0
# compatibility_mode=5893 16776573 100 94 176070 105497311 0 0
# compatibility_mode=8192 67108863 100 0 3714 3714 0 0
# scanned=227620
# found=4
# cleaned=4
# scan_time=5968
C:\Users\m0\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11212012_184537\C_Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\153b50d3-342624c1 a variant of Java/Exploit.CVE-2011-3544.AW trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11212012_184537\C_Users\m0\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6f60c6de-25620508 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11212012_184537\C_Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk Win32/Reveton.J trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
26.11.2012, 03:32
| #14 |
| /// Helfer-Team | GVU - Bundestrojaner Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
29.11.2012, 19:18
| #15 |
| | GVU - Bundestrojaner Hallo, sorry - hatte etwas um die Ohren in den letzten Tagen 1. Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 16.0 ist aktuell
Flash 11,0,1,152 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!
Java (1,7,0,9) ist aktuell.
Adobe Reader 9,1,0,163 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0
Code:
ATTFilter
Firefox 16.0 ist aktuell
Flash 11,0,1,152 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!
Java ist nicht Installiert oder nicht aktiviert.
Adobe Reader 9,1,0,163 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0
|
|
| Themen zu GVU - Bundestrojaner |
| bundes, bundestrojaner, fehler, heuristics.reserved.word.exploit, laufe, laufen, screenshot, versuche, virtool.obfuscator, virtool.vbcrypt |
Linear-Darstellung
