| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.11.2012, 23:29
| #16 |
 |  Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr und hier die Extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 23:11:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reggi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 69,46% Memory free
6,49 Gb Paging File | 5,07 Gb Available in Paging File | 78,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,26 Gb Total Space | 256,78 Gb Free Space | 57,67% Space Free | Partition Type: NTFS
Drive D: | 20,49 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: FAT32
Drive J: | 7,23 Gb Total Space | 7,08 Gb Free Space | 97,90% Space Free | Partition Type: FAT32
Computer Name: REGGI-PC | User Name: Reggi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CFCB5C-BB25-471C-92BB-058D02D21B2F}" = lport=445 | protocol=6 | dir=in | app=system |
"{033BEFDB-2DC0-40F7-9145-4C33B726D23B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03F1E380-1644-4004-97C6-8C30152C83A7}" = rport=445 | protocol=6 | dir=out | app=system |
"{16767CD4-EA33-463B-9C78-4AF98CB895C9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1A187859-2FD2-4703-BCBA-1C34B25AA892}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2FBC12C6-257B-45F0-BF22-9BAF5626E9E1}" = lport=58675 | protocol=17 | dir=in | name=pando media booster |
"{3F4F662E-1DED-4400-9FBA-01AAECAB3850}" = lport=58675 | protocol=6 | dir=in | name=pando media booster |
"{3FF64DB2-2DF2-4469-825F-6146C6BBC1AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E187C76-5B70-417C-8F8B-296E9F076A1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5561052D-6917-4A1E-9E1A-55AB827F0210}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D98F3D2-7871-429E-9BE6-AD26767DA05A}" = lport=8995 | protocol=6 | dir=in | name=8995 |
"{657F00B8-0263-4D2B-BAC0-CA8D8A303FA8}" = lport=58525 | protocol=17 | dir=in | name=pando media booster |
"{677EE25B-4676-4A35-9303-1470128498F2}" = lport=56396 | protocol=6 | dir=in | name=pando media booster |
"{6D24A80E-3D83-4456-84B5-63CB4D522F8D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FDFC99B-AA10-4950-AFE2-DE3AD11B264A}" = lport=56396 | protocol=6 | dir=in | name=pando media booster |
"{8434D368-4F54-4B14-85B0-371BE60671C9}" = lport=58675 | protocol=6 | dir=in | name=pando media booster |
"{89D2F855-ABBC-4D43-813A-3780668C7914}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D453342-D78D-4E9D-8ED7-AE3AD7F5E45F}" = lport=137 | protocol=17 | dir=in | app=system |
"{91C3EE17-5C1A-452C-8E99-E6908CA40AF1}" = lport=58525 | protocol=6 | dir=in | name=pando media booster |
"{992F0756-94CE-4005-ACBE-D05BB04AF32E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A4BF16D3-1181-4358-95B9-5A0F28F2D5FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6B7CF9B-9726-4166-A6E8-9E5F8A28E84B}" = lport=80 | protocol=6 | dir=in | name=port 80 |
"{ABBCF551-290A-45DE-A231-E42F99B59053}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC9289D3-CDB9-45C0-8AB3-3D40E495C424}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B233AE43-2B73-40D1-8B5A-9B34BEA3B04D}" = lport=58525 | protocol=6 | dir=in | name=pando media booster |
"{BA08A7C8-3D2B-4D70-88D5-8DBC93783721}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BAC40A3B-B850-4675-B876-6E49399D6B70}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2E3AE41-B15F-4C0F-A1B8-F6D878A8AF5C}" = lport=56396 | protocol=17 | dir=in | name=pando media booster |
"{C36326EB-458E-448D-B45C-026A352E1877}" = lport=138 | protocol=17 | dir=in | app=system |
"{C80749B6-1F1A-4E0B-834E-8D43E4E10FAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CDEF131E-F4B9-4598-A38A-64B351AA5207}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D56C429F-BA83-47DA-98B7-49EAAD61AE71}" = lport=58525 | protocol=17 | dir=in | name=pando media booster |
"{D60E045B-4DA9-4837-AA38-CD12216AC117}" = lport=58675 | protocol=17 | dir=in | name=pando media booster |
"{DA15FB5B-8F78-489F-B282-37F14B4ACDF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB6BB271-6261-454C-B812-E72F502B83C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE7CCDC3-766F-4976-9CCB-736318F14E8D}" = lport=56396 | protocol=17 | dir=in | name=pando media booster |
"{EAED5240-A122-4FC7-820B-25F34DF64374}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03906A3A-6AFF-4939-BB30-31357CBA84D4}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{045FEEFA-A483-4328-8802-742F1EF3BEE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{0CF9E24C-14BF-41F8-9C9B-6B3DADA20210}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12690F9C-5EFA-4F26-B208-F405AB212626}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15897755-7A1B-4792-A04B-22010443C4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{1DDDE606-248C-46BC-91D3-68F8BDDD121A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{2C4DF3D6-C8A7-4ACB-933B-E0650E0CFAE8}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{319C7A01-1D21-4B1A-8867-A6EE206488B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3B70761D-0595-412D-94FE-26CD7F244364}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C7FB89F-D206-4BE4-927E-8658E1268A15}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{403EBCA1-A606-4DC9-A111-DD707F2AD577}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45CFCD0D-99E9-486B-8E34-416663BEB4C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4637BBBF-BEC8-47BE-85F2-EBC33F3BAC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4AB4B3F1-C4FF-4CAF-8398-F29C993ADE83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E24B8AB-A095-4578-BA76-43882E807068}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{4FF458DE-4EA7-4468-BF4F-4A02AB508EAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5290AC4F-64CA-480D-BA4F-20E287FD0325}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{5BC56523-CF87-4E24-8CCE-CDD55A415884}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5F2A960C-21DD-4230-9A7F-81D323B74B68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{5FE821A4-CA95-47E0-BFA4-253271D9A964}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{64E996F6-D2F9-49EE-8C1B-4036B911725A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6AFF4083-6A51-467C-9408-8D6C36964082}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6C8D853E-E2A1-4BC1-9976-80F241191176}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DE2F091-8CAC-4E48-B27F-6F9EC5CED1FD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7B99D733-F24B-46B2-8F79-A66A7CCE0E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7CFA3FBE-0848-4C40-AFCB-A2F93565F72D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7DAE6F05-CC17-4E59-8697-1FA2FE567FA2}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{88ED9DE0-9635-4382-8386-B6E19B8C43BA}" = protocol=6 | dir=out | app=system |
"{8CB9C1FF-D39D-4AC1-A28A-DCC7A434572B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8E5C1DA0-DCB5-46F4-9A09-9EF5C8875228}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{93FE4ED0-7080-49C3-8404-92AE60438A86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94562CEC-7AD1-49A3-8BEE-7F16C89CDCE5}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{965588E2-4427-4931-99A8-01BA10D757F5}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe |
"{97761D84-5940-44E8-B37A-865468772516}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EF60153-F532-4CD2-941C-4F93C8392C38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A50F209B-9C0A-4713-92B8-6CC8847E73AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A6B74B10-05B9-429C-A2AC-1CCF4526531F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6C32B44-3C8A-4B15-91FE-F416A8D702BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{AAF3AC1D-8885-4CEE-955C-4E9715AA05C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B3CED66B-90AA-4E69-8745-C341104B365A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7EDC5BF-1A24-4878-BEDF-D17CDF2E547D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BA326F90-F7F9-4DC0-B9ED-2ED2D5398D96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BC1D2A53-4525-49CD-8087-21E605F41D4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC4CF580-302E-47AC-9568-72705829E488}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{BCAF7528-9DDB-4515-9838-B3550144643C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C4DD2180-A66D-4E92-9998-E5CC69529864}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C697FBA1-EC8E-406E-915A-757545CA71FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C91DBA57-3AAD-452B-8175-1562B44168EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA061344-FD9E-445E-8A6B-35DE7FC744FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CAA209EE-115F-4797-A584-657D28BC7948}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CBB1ECEE-5413-4CC3-B69F-A9A1BCAB08D0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D1E0C1AC-AE07-4330-B5F2-1DE4201FB35C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{D42A10E1-0B12-49B1-91C3-8B9CE9BD73B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{D47597A1-E85A-46F3-B9F0-92D833100DCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D52A771B-7B6E-4970-81B2-DA7A427EB8E9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D5918751-4FBB-4053-8889-0111D677F553}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{D61D2D71-DE39-4E38-801D-E10D304EDB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{D92FAAB3-C707-4B32-AEA5-3D6756BDA9C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E4C7CB8A-6DD5-4C45-95E7-A015D5349FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{F343079E-3C18-4A02-ABC8-0D2C465B24C8}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F4F5FC7C-7DE0-4535-873A-973EFC973240}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F87F623E-AA0D-4CF7-8E98-71773E29523F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{FCA084D5-BDE8-4AF4-994F-632262990FF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0574ECFA-20E7-4693-99A2-04AAC12D2839}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{087FF9CE-7B6E-49E2-A260-D2396D20370C}C:\games\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\games\aoe2\empires2.exe |
"TCP Query User{17BF7967-F313-42A4-BFF7-C80DEAA8CB6B}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{2B029C5A-A42F-4101-AD01-6EA20ECBA1BB}C:\games\border\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\games\border\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{2DCB3DF8-80AC-4025-85EC-6E28A258729B}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{455BF2EF-6F36-4C19-A76C-8961C6C8B0F7}C:\games\star trek\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\games\star trek\star trek online\live\gameclient.exe |
"TCP Query User{A36F0BA7-6AB5-4301-A88A-4C00813FEA0E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{ACE63398-3C30-4917-B990-22E15AAAE058}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{AFEE91D3-0D3B-4663-911F-0AD37F709550}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{B261BE83-ED54-4048-B1F5-1E936444AA9E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{D2A87DE7-BFEA-4128-9CDA-F50ECF368EC9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D390B5F5-3945-48C0-8FCD-BDD5086B6A75}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{F69DAF46-A345-4B3D-BAAE-85545FBB1110}C:\users\reggi\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\reggi\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{10DD05E2-C674-43F5-80A1-F668E427BB17}C:\games\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\games\aoe2\empires2.exe |
"UDP Query User{23725291-0B44-4A90-AEA8-52E364E16E91}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{3142D2B4-9D94-4F65-B77D-35D9ED5A8EDD}C:\games\border\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\games\border\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{33D1CDF9-F4A1-494D-9333-807934EAD06A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{47CF8F97-8091-44D7-BAEB-EEA10D834108}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{58FC5D32-96C8-42F4-8FB5-B7AFC5EE0B31}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{65866ACD-AE2A-45F3-9C76-0FA9B854D6C0}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{7A62394D-D73E-4A35-ADE4-3E3E04CE8C71}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{8F5709D8-4656-437F-91D3-2BBEE64A2E42}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{9AD4DFBC-EE47-432C-893F-1417EAC119C9}C:\games\star trek\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\games\star trek\star trek online\live\gameclient.exe |
"UDP Query User{B3B218A7-F63B-4F2D-9FA7-49B7D7BA1BC6}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{B6FF4286-36DC-4CB6-A12F-5EAEFE545A8B}C:\users\reggi\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\reggi\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{F3A91EE2-E85C-42A1-AEB5-8734F7503E6F}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E79D81A0-60B6-44FF-B297-EC315D0F1031}" = Nero 7 Premium
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.03.8026
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.96
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Morphyre" = Morphyre
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"Star Trek Online" = Star Trek Online
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 43110" = Metro 2033
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.98.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.10.2012 06:37:01 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3dc Startzeit: 01cda6d310e04640 Endzeit: 2 Anwendungspfad: C:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 6b1e3940-12c6-11e2-a62a-001d92002593
Error - 11.10.2012 12:56:27 | Computer Name = Reggi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,
Zeitstempel: 0x4eb75fb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000781a4 ID des fehlerhaften
Prozesses: 0xb20 Startzeit der fehlerhaften Anwendung: 0x01cda7ae6aaea451 Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 989a615e-13c4-11e2-9c07-001d92002593
Error - 16.10.2012 09:02:34 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002
Description = Programm lotroclient.exe, Version 3.8.0.8026 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 12a0 Startzeit: 01cdab8425e70c42 Endzeit: 1423 Anwendungspfad:
C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe Berichts-ID:
Error - 28.10.2012 12:14:53 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002
Description = Programm ts3client_win64.exe, Version 3.0.1.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1060 Startzeit: 01cdb4f3e351b020 Endzeit: 65 Anwendungspfad:
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe Berichts-ID: 90200bcf-211a-11e2-b0e4-001d92002593
Error - 30.10.2012 13:08:34 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002
Description = Programm lotroclient.exe, Version 3.8.0.8029 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: da8 Startzeit: 01cdb6b64304bab3 Endzeit: 201 Anwendungspfad:
C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe Berichts-ID:
Error - 01.11.2012 14:06:30 | Computer Name = Reggi-PC | Source = Windows Backup | ID = 4104
Description =
Error - 19.11.2012 16:15:23 | Computer Name = Reggi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
Zeitstempel: 0x50882871 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fd56 ID des fehlerhaften
Prozesses: 0x156c Startzeit der fehlerhaften Anwendung: 0x01cdc6929a0efd21 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d910f37a-3285-11e2-b52e-001d92002593
Error - 20.11.2012 16:53:36 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c20 Startzeit:
01cdc760f1d3706b Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
58103e22-3354-11e2-a4ca-001d92002593
Error - 22.11.2012 12:30:54 | Computer Name = Reggi-PC | Source = System Restore | ID = 8210
Description =
Error - 23.11.2012 16:45:21 | Computer Name = Reggi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Reggi\Downloads\SoftonicDownloader_fuer_format-factory.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ System Events ]
Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%2
Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
< End of report >
|
|
23.11.2012, 23:54
| #17 |
| /// TB-Ausbilder  | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Ich muss mich da erstmal intern kurzschliessen, du hast eine ziemlich komplizierte Infektion. Ich denke mal Morgen solltest du hier eine Antwort von mir haben.
__________________
__________________ |
|
23.11.2012, 23:56
| #18 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr ohh man so schlimm?
__________________Ok ich danke dir schonmal für die Hilfe und wenn es zu kompliziert wird dann hilft wohl nur ein komplettes Neuaufsetzen nehm ich mal an? |
|
24.11.2012, 00:05
| #19 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Nicht unbedingt, wir müssen nur schauen, dass wir alles auch restlos entfernen.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.11.2012, 15:09
| #20 | |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Okay. Schon mal eine Bitte. Den Infected-Ordner auf dem USB-Stick bitte nicht anrühren, den brauchen wir später noch. Schritt 1: Fix mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.11.2012, 15:24
| #21 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr kann ich den stick noch an anderen pc benutzen? Code:
ATTFilter Error: Unable to interpret <OTL EXTRAS Logfile: |
|
24.11.2012, 15:29
| #22 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Im Moment bitte nicht. Jetzt aber Schritt 1 RICHTIG ausführen! Und bitte nicht doppelte CODE-Tags setzen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.11.2012, 15:38
| #23 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr ok habe schritt eins nochmal ausgeführt. Der computer wurde neugestarter aber ich komme mit dem infizierten pc nicht mehr ins internet um die log datei zu posten |
|
24.11.2012, 15:43
| #24 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Hm kann mal passieren.
Berichte ob du jetzt wieder Internetzugriff hast.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.11.2012, 15:50
| #25 | |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr ok internet geht wieder aber nur mit dem normalen browser nich mit firefox hier die datei nach dem fix Zitat:
|
|
24.11.2012, 18:11
| #26 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Mache bitte noch einen Customscan mit OTL statt dem alten Schritt 2 bevor wir weiter machen können: Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
25.11.2012, 17:55
| #27 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr ok alles gemacht aber habe nur eine datei zum kopieren Code:
ATTFilter OTL logfile created on: 25.11.2012 17:40:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reggi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,63% Memory free 6,49 Gb Paging File | 5,00 Gb Available in Paging File | 76,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,26 Gb Total Space | 259,30 Gb Free Space | 58,24% Space Free | Partition Type: NTFS Drive D: | 20,49 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: FAT32 Computer Name: REGGI-PC | User Name: Reggi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Reggi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\Reggi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 EF DE 8F 91 9A CC 01 [binary data] IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20121022 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Reggi\AppData\Roaming\5053 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 19:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Extensions [2012.10.24 16:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions [2012.09.23 17:23:31 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.10.24 16:47:59 | 002,290,783 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\nasanightlaunch@example.com.xpi [2012.10.12 12:34:34 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.27 21:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 21:19:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.26 15:33:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 17:42:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.26 15:33:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 15:33:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 15:33:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 15:33:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D708A31-5936-4F72-9C6E-C9C41C34E7FB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.24 15:26:49 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.23 23:05:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe [2012.11.22 22:22:01 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.20 22:03:46 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Roaming\Malwarebytes [2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.20 22:03:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.20 22:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.14 18:24:16 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{73FB583C-771A-4177-96F1-116A2FB049DE} [2012.11.11 13:45:05 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{A8FE49B8-161A-477F-8AA5-73CB06CB2F10} [2012.10.29 01:15:04 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{9517472E-5D60-45FD-9D44-60770351836D} [2012.10.27 21:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 14:29:12 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{8E60A42F-C2C3-45E7-84C2-09758DEA2791} [2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.25 17:35:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.24 15:55:04 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 15:55:04 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 15:51:54 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.24 15:51:54 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.24 15:51:54 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.24 15:51:54 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.24 15:51:54 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.24 15:47:36 | 2615,803,904 | -HS- | M] () -- C:\hiberfil.sys [2012.11.23 23:05:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe [2012.11.20 22:04:46 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.20 21:32:06 | 000,022,535 | ---- | M] () -- C:\Users\Reggi\Desktop\Steckbrief.odt [2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.20 22:03:20 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 20:25:40 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll [2012.10.09 20:25:40 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll [2012.10.09 20:25:40 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll [2012.10.09 20:25:40 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll [2012.10.09 20:25:40 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll [2012.10.09 20:25:40 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll [2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.15 05:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.12.07 00:52:52 | 000,000,036 | ---- | C] () -- C:\Users\Reggi\AppData\Roaming\blckdom.res [2011.11.16 19:48:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.11.16 19:07:08 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.11.06 17:59:13 | 000,000,093 | ---- | C] () -- C:\Users\Reggi\AppData\Local\fusioncache.dat [2011.11.06 17:57:48 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.06 10:24:31 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.04 03:46:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.04 01:49:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-4293284574-4106077085-2191208304-1000\$46a71d9b1f14aa218d4d5b222b53bba7\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.17 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.minecraft [2012.05.20 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.spoutcraft [2012.06.22 14:01:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\BANDISOFT [2012.09.23 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoft [2011.11.15 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Garmin [2011.11.10 20:30:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Jens Lorek [2012.09.27 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\LolClient [2011.11.08 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\OpenOffice.org [2012.08.12 22:21:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Origin [2012.07.04 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Samsung [2012.07.16 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-updater [2012.07.16 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-zsync [2012.07.16 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\SplitMediaLabs [2011.11.07 00:30:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\TS3Client [2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\UAs [2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\xmldm [2012.06.24 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\XnView ========== Purity Check ========== ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /S > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters /S > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters /S > < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /S > < %SystemRoot%\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < > [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT < > < End of report > |
|
25.11.2012, 20:18
| #28 | ||
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Gut danke, dann jetzt bitte Combofix ausführen: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
25.11.2012, 20:47
| #29 |
| | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr ok ich hoffe ich habe alles richtig gemacht Code:
ATTFilter ComboFix 12-11-25.01 - Reggi 25.11.2012 20:28:58.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3326.2367 [GMT 1:00]
ausgeführt von:: c:\users\Reggi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Reggi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Reggi\AppData\Roaming\AcroIEHelpe.txt
c:\users\Reggi\AppData\Roaming\i52wg2jy.default.tmp
c:\users\Reggi\AppData\Roaming\srvblck2.tmp
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-25 bis 2012-11-25 ))))))))))))))))))))))))))))))
.
.
2012-11-24 14:27 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E44E2A59-3556-448C-B852-4BD4023A3E2B}\mpengine.dll
2012-11-24 14:26 . 2012-11-24 14:26 -------- d-----w- C:\_OTL
2012-11-22 21:22 . 2012-11-22 21:22 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-11-20 21:03 . 2012-11-20 21:03 -------- d-----w- c:\users\Reggi\AppData\Roaming\Malwarebytes
2012-11-20 21:03 . 2012-11-20 21:03 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 21:03 . 2012-11-20 21:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-20 21:03 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-04 10:34 . 2011-11-06 09:24 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-04 10:34 . 2011-11-04 03:09 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-04 10:33 . 2011-11-06 09:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-24 17:57 . 2012-09-24 17:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-24 17:57 . 2012-05-10 12:41 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 17:57 . 2011-11-08 14:33 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-09 09:38 . 2012-01-10 17:46 62134624 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-25 20568]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Reggi\AppData\Roaming\Mozilla\Firefox\Profiles\i52wg2jy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-25 20:41:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-25 19:41
.
Vor Suchlauf: 13 Verzeichnis(se), 277.955.153.920 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 277.803.663.360 Bytes frei
.
- - End Of File - - 29A45B6EB8EB9D7C4E8CA78FBB146422
|
|
25.11.2012, 20:48
| #30 |
| /// TB-Ausbilder | Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr Ja bestens! Dann weiter ... ich hab da schon ein gutes Gefühl  Scan mit MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr |
| abgesicherten, anti-malware, association, bild, brauche, desktop, freund, gelöscht, gestartet, installiert, interne, internetverbindung, kein zugriff, malwarebytes, modus, neustart, problemlos, rechner, scan, schonmal, unbedingt, update, verbindung, virus, win, zugriff |
Textbox.
Linear-Darstellung
