| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Funde von Malwarebytes (5 REgistry Keys, 2 Files)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2012, 20:43
| #16 |
 |  Funde von Malwarebytes (5 REgistry Keys, 2 Files) Mist ich fürchte ich habe es versaut  Bei dem Code, bei dem ich aus "Mein Name" meinen richtigen Namen machen sollte habe ich vergessen zwei Zeilen umzubenennen  Code:
ATTFilter :Files
C:\Users\"Mein Name"\Documents\MBR.dat
C:\Users\"Mein Name"\Punkbuster.*
Das Log sieht so aus: Code:
ATTFilter All processes killed
========== OTL ==========
Service XDva370 stopped successfully!
Service XDva370 deleted successfully!
File C:\Windows\system32\XDva370.sys File not found not found.
Service StarOpen stopped successfully!
Service StarOpen deleted successfully!
File File not found not found.
Registry value HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:FA5F15C4 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
File\Folder C:\Users\"Hier steht auch im Log: Mein Name"\Documents\MBR.dat not found.
File\Folder C:\Users\"Hier steht auch im Log: Mein Name"\Punkbuster.* not found.
C:\e74359119baa189018d3c0110d143279 folder moved successfully.
C:\ProgramData\sysqcl1129139270.dat moved successfully.
C:\Users\"Mein Name"\AppData\Roaming\inst.exe moved successfully.
C:\Users\"Mein Name"\random.dat moved successfully.
C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat moved successfully.
C:\Users\"Mein Name"\AppData\Local\ismxydep.bat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\"Mein Name"\Desktop\Logs\cmd.bat deleted successfully.
C:\Users\"Mein Name"\Desktop\Logs\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56509 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: "Mein Name"
->Temp folder emptied: 463862 bytes
->Temporary Internet Files folder emptied: 25682452 bytes
->Java cache emptied: 48066240 bytes
->Google Chrome cache emptied: 243536882 bytes
->Apple Safari cache emptied: 117760 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 58012 bytes
User: Public
->Temp folder emptied: 0 bytes
User: "Name 2"
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 167616615 bytes
->Java cache emptied: 1118768 bytes
->FireFox cache emptied: 38691829 bytes
->Apple Safari cache emptied: 11947008 bytes
->Flash cache emptied: 27904 bytes
User: "Name 1"
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 45973744 bytes
->Java cache emptied: 63565756 bytes
->FireFox cache emptied: 19458775 bytes
->Apple Safari cache emptied: 21298176 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1527046 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182244 bytes
RecycleBin emptied: 96325945 bytes
Total Files Cleaned = 750,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12172012_202538
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.12.2012, 23:02
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Das Script muss mit komplett richtigem Namen ablaufen, also bitte RICHTIG wiederholen
__________________
__________________ |
|
18.12.2012, 17:27
| #18 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Zweiter Versuch. Das da steht not found bei manchen sachen ist ok denke ich weil ich es ja zwei mal gemacht (einmal teilweise falsch und jetzt noch einmal) habe.
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named XDva370 was found to stop!
Service\Driver key XDva370 not found.
File C:\Windows\system32\XDva370.sys File not found not found.
Error: No service named StarOpen was found to stop!
Service\Driver key StarOpen not found.
File File not found not found.
Registry value HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:FA5F15C4 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
========== FILES ==========
C:\Users\"Mein Name"\Documents\MBR.dat moved successfully.
C:\Users\"Mein Name"\Punkbuster.Got.Busted.v1.5-NoBS-UTDM.exe moved successfully.
File\Folder C:\e74359119baa189018d3c0110d143279 not found.
File\Folder C:\ProgramData\sysqcl1129139270.dat not found.
File\Folder C:\Users\"Mein Name"\AppData\Roaming\inst.exe not found.
File\Folder C:\Users\"Mein Name"\random.dat not found.
File\Folder C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat not found.
File\Folder C:\Users\"Mein Name"\AppData\Local\ismxydep.bat not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\"Mein Name"\Desktop\Logs\cmd.bat deleted successfully.
C:\Users\"Mein Name"\Desktop\Logs\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: "Mein Name"
->Temp folder emptied: 108924 bytes
->Temporary Internet Files folder emptied: 3309897 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 129160840 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 458 bytes
User: Public
->Temp folder emptied: 0 bytes
User: "Name 3"
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: "Name 2"
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70913 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 127,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12182012_162537
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
18.12.2012, 23:03
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.12.2012, 23:13
| #20 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Name OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.12.2012 19:34:32 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\"Mein Name"\Desktop\Logs Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,55% Memory free 7,69 Gb Paging File | 6,18 Gb Available in Paging File | 80,33% Paging File free Paging file location(s): c:\pagefile.sys 9000 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 7,48 Gb Free Space | 1,64% Space Free | Partition Type: NTFS Drive D: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive J: | 732,42 Gb Total Space | 178,35 Gb Free Space | 24,35% Space Free | Partition Type: NTFS Drive R: | 199,09 Gb Total Space | 30,18 Gb Free Space | 15,16% Space Free | Partition Type: NTFS Computer Name: "Mein Name" | User Name: "Mein Name" | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\"Mein Name"\Desktop\Logs\OTL.exe (OldTimer Tools) PRC - C:\Users\"Mein Name"\Documents\Xfire\Xfire.exe (Xfire Inc.) PRC - J:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe () PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - J:\HiPatchService.exe (Hi-Rez Studios) PRC - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () PRC - C:\Program Files\MOUSE Editor\MouseEditor.exe () PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) PRC - J:\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - J:\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\Program Files\MySecurityCenter\Programs\Service.exe () PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe () PRC - C:\Windows\ModLEDKey.exe (Chicony) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Program Files\MOUSE Editor\MouseEditor.exe () MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cccf9e783368088a6d357cc45f446478\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_Wheel4D.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll () MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_MouseDeviceManager.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll () MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE\imageformats\qgif4.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_ZoomControl.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_ScrollbarControl.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - J:\ATI\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () ========== Services (SafeList) ========== SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe File not found SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SelfUpdateService) -- C:\Program Files\Freetec\SystemStore\SelfUpdate.exe () SRV - (MBAMService) -- J:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- J:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (FreemiumSelfUpdateService) -- C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe () SRV - (HiPatchService) -- J:\HiPatchService.exe (Hi-Rez Studios) SRV - (SystemStore) -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (UserAccess7) -- C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) SRV - (MySecurityCenter License Service) -- C:\Program Files\MySecurityCenter\Programs\Service.exe () SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TVECapSvc) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (TVESched) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe () SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (sony_ssm.sys) -- C:\Users\NIKOLA~1\AppData\Local\Temp\sony_ssm.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\NIKOLA~1\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (dvdfab) -- C:\Windows\System32\drivers\dvdfab.sys (Fengtao Software Inc.) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (CSCrySec) -- C:\Windows\System32\drivers\CSCrySec.sys (Infowatch) DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (KLBG) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (SLEE_15_DRIVER) -- C:\Windows\System32\drivers\sleen15.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc) DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron ) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_de IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 17:42:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012.04.30 18:15:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\"Mein Name"\Program Files\DNA [2009.08.28 14:43:16 | 000,000,000 | ---D | M] [2012.12.16 18:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.06.16 17:50:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.21 15:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.30 17:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 19:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 22:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 13:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.22 19:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.03.12 16:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.30 18:18:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Free Studio (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ O1 HOSTS File: ([2012.12.18 16:25:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe () O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony) O4 - HKLM..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe (MySecurityCenter) O4 - HKLM..\Run: [StartCCC] J:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe () O4 - Startup: C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Users\"Mein Name"\Documents\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://asp04.photoprintit.de/microsite/5372/defaults/activex/IPSUploader.cab (IPSUploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58A9C5FC-1915-4D77-B2E2-566E50F1BDA9}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.17 20:25:38 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.14 20:13:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.14 20:13:04 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\temp [2012.12.14 19:31:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.14 19:31:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.14 19:31:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012.12.14 19:31:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.14 19:31:00 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.12.14 19:30:54 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.14 19:28:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.14 19:23:05 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\"Mein Name"\Desktop\ComboFix.exe [2012.12.14 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\Logs [2012.12.14 07:28:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\"Mein Name"\Desktop\aswMBR.exe [2012.12.13 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Documents\4A Games [2012.12.13 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\4A Games [2012.12.13 12:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.12.13 08:09:25 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\.minecraft [2012.12.12 18:09:19 | 000,100,864 | ---- | C] (GMER) -- C:\pwldikog.sys [2012.12.08 20:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.08 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.12.08 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.11.30 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Malwarebytes [2012.11.30 23:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.30 23:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.30 23:27:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.30 23:06:22 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2012.11.30 18:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.11.27 21:24:59 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.11.23 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\info 2012 [2012.11.19 09:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software [2012.11.19 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\MOUSE Editor [2010.08.26 20:54:36 | 096,962,344 | ---- | C] (Apple Inc.) -- C:\Users\"Mein Name"\iTunesSetup try.exe [2010.08.26 19:02:09 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx40_Full_setup.exe [2010.08.26 18:57:38 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx35setup.exe [2009.12.06 21:42:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.12.18 19:35:09 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4A3E76D0-E68C-4A21-B28E-86BC8A6BF4F3}.job [2012.12.18 19:35:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D01088-7933-438B-8322-599140E753AE}.job [2012.12.18 19:35:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E7C662E-039E-4B71-9DDE-3A534EAA7812}.job [2012.12.18 19:32:02 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005UA.job [2012.12.18 19:05:48 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.18 19:05:48 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.18 18:50:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.18 17:20:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0e3e4e232715.job [2012.12.18 17:05:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.18 17:05:39 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2012.12.18 16:25:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.12.18 09:00:39 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2012.12.17 18:07:32 | 000,547,175 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe [2012.12.16 18:52:38 | 000,764,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.16 18:52:38 | 000,712,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.16 18:52:38 | 000,166,684 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.16 18:52:38 | 000,142,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.15 13:32:30 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl [2012.12.14 19:27:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005Core.job [2012.12.14 15:14:12 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\"Mein Name"\Desktop\ComboFix.exe [2012.12.14 10:30:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.12.13 22:31:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\"Mein Name"\Desktop\aswMBR.exe [2012.12.13 12:13:11 | 000,002,087 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Google Chrome.lnk [2012.12.12 18:09:19 | 000,100,864 | ---- | M] (GMER) -- C:\pwldikog.sys [2012.12.12 18:04:28 | 000,302,592 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\3ti9jgqo.exe [2012.12.12 17:54:29 | 000,000,234 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Metro 2033.url [2012.12.12 14:47:36 | 000,848,794 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\SCAN0102.JPG [2012.12.11 18:23:55 | 000,053,131 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Logfiles.zip [2012.12.09 14:02:12 | 000,211,968 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.09 01:26:18 | 000,007,808 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat [2012.12.09 01:03:09 | 000,000,020 | ---- | M] () -- C:\Users\"Mein Name"\defogger_reenable [2012.12.08 20:09:07 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.12.08 19:19:09 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.07 21:40:40 | 000,042,440 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2012.12.02 14:53:19 | 000,219,266 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG [2012.12.02 14:09:06 | 000,191,691 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG [2012.12.02 14:08:52 | 000,190,784 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG [2012.12.02 10:17:50 | 000,102,169 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG [2012.12.02 10:17:28 | 000,194,171 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG [2012.11.30 23:36:34 | 000,000,576 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.30 18:45:33 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 15:32:09 | 000,187,830 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\lol bug.JPG [2012.11.27 21:25:00 | 000,000,506 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk [2012.11.23 16:26:15 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.11.19 09:51:47 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Editor.lnk ========== Files Created - No Company Name ========== [2012.12.17 18:07:47 | 000,547,175 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe [2012.12.14 19:31:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.14 19:31:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.14 19:31:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.14 19:31:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.14 19:31:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.12 18:11:44 | 000,302,592 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\3ti9jgqo.exe [2012.12.12 17:54:28 | 000,000,234 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Metro 2033.url [2012.12.12 17:40:32 | 000,848,794 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\SCAN0102.JPG [2012.12.11 18:23:54 | 000,053,131 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Logfiles.zip [2012.12.09 13:59:31 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl [2012.12.09 01:02:47 | 000,000,020 | ---- | C] () -- C:\Users\"Mein Name"\defogger_reenable [2012.12.08 20:09:07 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.12.08 19:19:09 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.07 21:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012.12.06 12:21:41 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys [2012.12.02 14:53:16 | 000,219,266 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG [2012.12.02 14:09:03 | 000,191,691 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG [2012.12.02 14:08:44 | 000,190,784 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG [2012.12.02 10:17:47 | 000,102,169 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG [2012.12.02 10:17:25 | 000,194,171 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG [2012.11.30 23:27:53 | 000,000,576 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.30 18:45:33 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 15:31:59 | 000,187,830 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\lol bug.JPG [2012.11.27 21:25:00 | 000,000,506 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk [2012.11.19 09:51:47 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Editor.lnk [2012.06.05 00:27:31 | 000,000,053 | ---- | C] () -- C:\Users\"Mein Name"\jagex_cl_runescape_LIVE.dat [2012.04.30 18:18:23 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.04.30 18:18:23 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.01.15 19:25:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.11 18:01:33 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe [2012.01.02 23:34:23 | 000,000,600 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\winscp.rnd [2011.12.26 17:53:00 | 000,000,000 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\{194E177D-9D30-4CF7-B8D9-C1E24D923C40} [2011.07.05 19:28:11 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2011.06.19 09:07:37 | 000,000,102 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\fusioncache.dat [2011.04.27 10:36:05 | 117,342,208 | ---- | C] () -- C:\Users\"Mein Name"\kavkis.msi [2011.02.08 20:06:45 | 000,006,274 | ---- | C] () -- C:\Users\"Mein Name"\.recently-used.xbel [2011.01.23 17:52:05 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe [2010.10.23 19:49:20 | 000,000,458 | ---- | C] () -- C:\Users\"Mein Name"\NWT.lnk [2010.04.04 17:04:03 | 000,021,504 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\WebpageIcons.db [2009.12.26 15:11:24 | 000,138,904 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\PnkBstrK.sys [2009.12.06 21:47:45 | 000,001,041 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\vso_ts_preview.xml [2009.12.06 21:42:04 | 000,007,887 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.cat [2009.12.06 21:42:04 | 000,001,144 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.inf [2007.08.30 21:08:32 | 000,211,968 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.30 15:55:13 | 000,000,552 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d8caps.dat [2007.04.21 09:51:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.04.16 11:38:11 | 000,007,808 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat [2007.04.14 19:37:42 | 000,005,526 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\wklnhst.dat [2007.04.14 18:46:40 | 000,001,346 | RHS- | C] () -- C:\Users\"Mein Name"\ntuser.pol ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.09.17 19:01:38 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.08.27 01:18:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.13 08:09:25 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"y\AppData\Roaming\.minecraft [2010.04.26 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Canneverbe Limited [2010.05.30 13:10:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Chilirec [2012.12.08 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DAEMON Tools Lite [2010.12.07 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Dev-Cpp [2011.12.18 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DiskAid [2010.04.06 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Disney Interactive Studios [2009.08.28 14:35:28 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DNA [2012.01.07 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DocumentsToGoDesktop [2011.12.16 22:44:32 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Dropbox [2012.01.14 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDFab [2012.11.17 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoft [2012.11.17 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.16 22:51:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FileZilla [2010.01.05 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FreeFLVConverter [2012.05.15 14:46:49 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Freemium [2009.11.03 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FreeVideoConverter [2010.01.05 12:04:03 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\fretsonfire [2010.12.26 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\GARMIN [2011.02.08 20:06:45 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\gtk-2.0 [2010.01.08 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\IcoFX [2011.06.02 16:45:34 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\ICQ [2008.11.14 19:28:41 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\InterTrust [2010.12.12 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\iTSfv [2011.08.05 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Jens Lorek [2010.05.16 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Leadertech [2010.05.10 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Leawo [2011.10.18 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\LolClient [2012.05.24 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\LolClient2 [2011.12.24 15:26:54 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\MAGIX [2010.05.10 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\MPEG Streamclip [2011.04.04 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Notepad++ [2009.10.07 16:20:06 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\OCS [2009.12.01 12:52:49 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Opera [2012.08.09 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Origin [2012.09.19 20:25:14 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\redsn0w [2009.01.29 18:39:36 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Serif [2010.10.01 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\SharePod [2010.04.04 17:16:41 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Similarity [2011.12.16 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\smc [2010.01.15 18:28:05 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Soldat [2009.12.20 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\streamripper [2011.09.18 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\TCXConverter [2009.04.26 15:57:12 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Template [2009.09.10 07:28:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\TubeBox [2011.05.10 15:55:04 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Uploader.6A755FBD4A9495E76557F9D696C5965FE7FBEA15.1 [2012.12.08 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Vso [2012.06.16 18:22:30 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\wargaming.net [2010.01.05 13:40:57 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Wormux [2012.05.17 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\X-Chat 2 [2009.03.22 17:15:42 | 000,000,000 | ---D | M] -- C:\Users\"Name 3"\AppData\Roaming\Serif [2011.07.03 19:26:45 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\DVDVideoSoft [2009.11.28 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\FreeVideoConverter [2008.09.14 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\Image Zone Express [2010.03.07 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\Leadertech [2009.12.12 18:27:29 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\Opera [2008.07.23 11:04:51 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\Printer Info Cache [2010.01.24 13:21:35 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\SanDisk [2009.05.22 13:43:47 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\Serif [2008.11.08 16:02:52 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\Steganos [2007.08.16 14:43:31 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\Template [2007.04.10 18:05:02 | 000,000,000 | ---D | M] -- C:\Users\"Name 2"\AppData\Roaming\TVG ========== Purity Check ========== < End of report > |
|
18.12.2012, 23:21
| #21 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Und Extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.12.2012 19:34:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\"Mein Name"\Desktop\Logs
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,55% Memory free
7,69 Gb Paging File | 6,18 Gb Available in Paging File | 80,33% Paging File free
Paging file location(s): c:\pagefile.sys 9000 9000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 7,48 Gb Free Space | 1,64% Space Free | Partition Type: NTFS
Drive D: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 732,42 Gb Total Space | 178,35 Gb Free Space | 24,35% Space Free | Partition Type: NTFS
Drive R: | 199,09 Gb Total Space | 30,18 Gb Free Space | 15,16% Space Free | Partition Type: NTFS
Computer Name: "Mein Name"-PC | User Name: "Mein Name" | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine Penny Fotowelt.exe] -- "C:\Program Files\REWE\Meine Penny Fotowelt\Meine Penny Fotowelt.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2965953352-1890760225-2496969144-1005]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043E40BA-290B-4C21-A664-6B45572849C6}" = lport=137 | protocol=17 | dir=in | app=system |
"{050D349C-75E2-45BC-AF9E-B7A00B8CC9DE}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{09EFEA52-E3E9-4A74-9FEC-4A59648B4EDD}" = lport=12346 | protocol=6 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe |
"{1B6D9331-19BB-452E-848A-DFBBF225AF76}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{1D933372-5D65-41A0-AE00-40C52E83BBB8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2A4F895E-5EED-4466-9324-4F403E4DC7B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{3037CF33-BE15-441A-8AA6-4BE77FC056C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3300A8DA-4C76-4273-84FC-177BAE197550}" = lport=12345 | protocol=17 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe |
"{42EA98FE-6860-4086-8FC2-6360D9A06F71}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5AF9F806-5AA5-46D3-8246-6385D3068214}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5C8468F9-20BA-4157-A14F-D9E3B5C9B3DA}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{5EBF7A75-CACF-4AFE-94A0-7015F7E45ACD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{61F8D555-721C-41D0-B986-D21A35E2EA18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62339E9B-4735-4684-9489-C68C94EA332F}" = rport=138 | protocol=17 | dir=out | app=system |
"{6292115B-3765-45A5-8C60-0282ECB8AD71}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{647B2CA7-3E95-4716-B966-95E0C4E6A4CC}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{67D761CB-9447-489E-AD20-9E4AAE39AD5C}" = rport=139 | protocol=6 | dir=out | app=system |
"{82DBAA61-D562-4D3C-8E03-D32EEF2F3A1B}" = lport=139 | protocol=6 | dir=in | app=system |
"{912D93F7-56B6-4884-A34E-078B41AF6649}" = rport=445 | protocol=6 | dir=out | app=system |
"{9ACA33DE-4EAE-4048-8F0E-106A2221997C}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{B9C197B6-5DA4-4BFD-BECE-E980A60BF06E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBBB30C4-B077-4B61-A1B7-E09532BBE345}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{CAD414E1-614D-44AC-ACF3-799CBD5AD68E}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{E3C30A12-1323-4393-8308-2594A014F1EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{F7914D80-6DCC-4097-92C2-C9647A5245BA}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A2492-0065-4D41-907D-A3AEE1C46C73}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{01579CA4-FE10-4FFA-8F35-95539AD22DF3}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\u3\0877020a28931f0e\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe |
"{04E156A1-BFEA-4FE7-A170-929ACE45C9A3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0D596B76-14F2-4C56-9E2F-8ABDC3A365B5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0FACF4D4-972D-4D65-B8C9-FA873308E081}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{13751A64-C0C9-4E57-ABF1-0F39A79AE807}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1B184E09-E7D3-4CC0-869B-F79D463B7170}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142-demo\bf2142.exe |
"{1D064B2F-91EA-4C17-887F-42F6D5FC74A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1D4FB092-64CB-47F9-BD9B-33D34F13596C}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\dropbox\bin\dropbox.exe |
"{1F47FE55-F6A5-432A-A225-03ACE4FC0E88}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{2896CB9F-C7B9-4A7B-B725-1C058C0207E5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{29F1940C-25B3-44F7-A0F0-6BC051996F37}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{31986909-E370-4E0F-A7C8-414A7582D6EF}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\metro 2033\metro2033.exe |
"{333D55BB-9E71-4141-9507-D4CFBEB3CF0D}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{336D1A4B-58AD-4D39-8C23-BAA75E786913}" = protocol=17 | dir=in | app=j:\mass effect 3\battlefield 1942\bf1942.exe |
"{33FC5D3F-52E0-4414-A0F9-BBED90E3652B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{389F2BD8-D4D6-404A-80C8-965EC39A8678}" = protocol=6 | dir=in | app=j:\mass effect 3\battlefield 1942\bf1942.exe |
"{3AFED1C3-3D0E-4DF5-B0DA-E4395F10677F}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{3FB9D87A-DADD-442B-B191-87928BA809EE}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\snowboundonline\run.exe |
"{475AF2A6-C880-49CB-82A7-1C5E543BA0E3}" = protocol=17 | dir=in | app=j:\bf2142\bf2142.exe |
"{4772B36F-1447-447D-9452-86840A543652}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4811B5DA-0EB2-4740-B961-AB10D35B4027}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\cod4\call of duty 4\iw3mp.exe |
"{4CE01849-D520-433D-B883-933E22620FBF}" = dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{4E21C7DC-2287-4545-8A33-EB614CDB127F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4E93362E-0D55-4A8D-B065-A54333BED1EE}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{56BFB906-DB16-4D49-AE34-93193AD1240C}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\swarm.exe |
"{5F091766-5C2E-4D36-BF4C-31CA2AB69C6E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{612AD058-ADFD-4840-A8D1-B8DCD65300EF}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\cod4\call of duty 4\iw3mp.exe |
"{61E96254-C0E5-4FB6-B2CF-B153244AAB42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{634C018E-9750-48AE-A1FB-434814D53992}" = protocol=6 | dir=in | app=j:\bf2142\bf2142.exe |
"{63C0C541-A9C7-4183-BE67-28E02FFC1FDA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{63D55AC9-3C99-4BE2-A031-668E24A1105E}" = protocol=17 | dir=in | app=j:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe |
"{64969770-7192-474A-AD89-E3EA61D14CEA}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{673341BD-1D80-4D31-80B1-7DB3F03343DC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6A68C287-FEF5-4C31-BE0D-A8A4DC6BDE5C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{6D8AEC5D-0C6B-4643-ACA3-7CAF913E4C5B}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\bullet run\launchpad.exe |
"{6EF54516-8CC6-480E-9E0B-9975CAB98041}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\srcds.exe |
"{6F4178A6-1790-437B-8E66-CE6E87050F2B}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\srcds.exe |
"{7383D51E-0CF2-40B5-BB8F-BD337483B885}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{741AC322-C212-447B-9054-37270CC09916}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7D0BE409-9AC1-4D46-BCF0-2348E7006BD4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{86D94FB9-83B7-4257-840C-6E97A4CB6BF1}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{8B64B647-7D5B-4360-BA76-A1CFA2FFC1B2}" = protocol=17 | dir=in | app=j:\battlefield bad company 2 installation\installation\bfbc2updater.exe |
"{9554D44E-52B0-4699-8978-7125091BF9BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9648B1D8-055A-4A7C-BD40-969D0F32E87B}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\snowboundonline\run.exe |
"{9A2BA966-8815-43D1-8F6F-6B282479EFB4}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{9B8FF9E9-A6FF-4002-9022-9347CD9DA994}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\dropbox\bin\dropbox.exe |
"{A6AAD251-65DC-4A9F-B432-C9B8708421A9}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steam.exe |
"{AA0119C2-8546-40A8-8BD2-889CB7E937ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AD99BBAE-1CB3-41B1-9940-43B5A0EB8FC3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{B2C836D1-4270-40A1-9E75-F57422E414D3}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{B59224AC-256C-4A39-8850-E1E4DCBB4652}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B60A1A0B-CE95-4543-84EE-21E8B66903AE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142-demo\bf2142.exe |
"{B938BEBA-7526-4486-90B0-D09B65641106}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\swarm.exe |
"{BA7A24F0-2C3F-445A-907F-566EA5AE170B}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{BCA223DD-3731-4E34-91B1-47B8B4470EFB}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{BD8A7EDE-C644-40EC-A26F-D6B2678A93A7}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{BE2FB613-DC7D-466D-926E-2D8A48A92275}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{BEB5A006-B708-4A0F-95E6-96E121338565}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BEC86453-AD6E-49ED-A2A4-C7B771244744}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{C4E18CAE-58BB-43CD-AC0F-36DFAC6D5531}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{C89B0DB3-ADD6-4966-B71E-1EA6B36351F0}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{C97B6629-96B4-4AFA-AA8E-8491E229D032}" = protocol=6 | dir=in | app=j:\battlefield bad company 2 installation\installation\bfbc2updater.exe |
"{CA6BD48D-CEDE-4D6E-90F6-6A29AFFA01AC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{CB983A37-8226-4FC1-A370-64468FE2D5A1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{D18D99CC-E680-41F8-B621-0536099A1F33}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steam.exe |
"{D23FBF07-E105-41FF-8C8D-7B636F9C46E4}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{D57833E9-7C6E-48CB-BC81-694D573F3741}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{D99382CB-8319-4589-B2C5-2173ACF3CC1A}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{DA741759-8F1D-48FF-966B-D85F95BACD01}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E0597B26-C6D9-45FE-8EB3-9BC34583CDEC}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{E41C3E88-62F0-4300-8912-0AC17F3C9912}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\u3\0877020a28931f0e\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe |
"{E610BA98-922A-4101-895D-5E7F8F4DB51A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E869332F-242D-47B8-9484-34D31447FC99}" = dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{EDC8972E-994B-4DE7-A875-F15CEA735F8A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{EE5A97FD-BF8E-4606-A216-9D55A8198567}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F16004F0-A467-4F9A-BF6F-9E10A9137446}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3338F92-AFA6-4135-AF4F-827C3F291EAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F34BAB6D-0B40-45F7-911B-32E4553C1DAA}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{F3700F4B-FCBC-4340-A41C-FB4FF58E2AB5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{F8A677DA-BAD8-4BFF-8B18-791485AA77A6}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\bullet run\launchpad.exe |
"{FAACBDC6-23C9-4E1F-9E9A-9A15EA58F400}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD321891-A361-4527-ABCD-FDD50C9F8603}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\metro 2033\metro2033.exe |
"{FD732187-1938-43AD-A857-169979224063}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{FE2C0635-2C57-45CD-89F5-9545B0CD7E32}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{FF3509B2-B5C1-4B06-9E6B-31E8990F2FBD}" = protocol=6 | dir=in | app=j:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{03D33879-E3AA-4425-BECC-704636108403}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{06EDE779-C0A7-423D-A439-AC91BF725ED4}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{0F96FE42-65E2-499B-B71F-CFF9ED281BA4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1348F152-A572-4878-983F-4256B827AE16}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{1AB91DBF-EA0E-4B2D-95F0-BA81FC5FB37A}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"TCP Query User{2ABA0EB1-C48B-47A3-8A33-E96E0A6D7731}C:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\kingdoms.exe |
"TCP Query User{304F9A74-5FE8-4E6F-B368-5F6182377E19}C:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{33CD4190-123C-44FD-8F4C-F97C44973892}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe |
"TCP Query User{396C7825-604B-4569-A87F-EFBA69A4B70B}C:\users\"Mein Name"\downloads\lt2.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\lt2.exe |
"TCP Query User{44972D24-599F-4A4E-BC81-041CE26FBA63}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{49757D71-DD69-4DEF-B5D2-FB672CD845BF}C:\users\"Mein Name"\desktop\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\icq6\icq.exe |
"TCP Query User{4CFC4B1A-2974-4CB0-A923-92F827924253}C:\users\"Mein Name"\documents\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\xfire\xfire.exe |
"TCP Query User{51C3D57E-86F7-4243-AF5B-E18FF9F1B140}C:\program files\electronic arts\need for speed 2142\bf2142.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed 2142\bf2142.exe |
"TCP Query User{5220CD32-8958-4517-989A-8B111F5E7147}C:\users\"Mein Name"\desktop\wolf\etded.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\etded.exe |
"TCP Query User{57C508FA-5A2F-41C0-B9FB-961461BDA7DD}C:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe |
"TCP Query User{5F92C5E0-49BB-4F8A-B1CA-0234E8C28BDE}J:\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=j:\battlefield 2\bf2.exe |
"TCP Query User{646CFE34-F136-4D98-81B3-059A6C2471B9}C:\users\"Mein Name"\downloads\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\warcraft iii\war3.exe |
"TCP Query User{68962E6F-C6C1-49B9-8A22-866295A326AB}C:\users\"Mein Name"\saved games\medieval_tw.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\medieval_tw.exe |
"TCP Query User{689F6D71-E1F1-42D2-A5BA-166D633B2C4A}C:\users\"Mein Name"\downloads\enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\etded.exe |
"TCP Query User{6C0900B0-CF0A-4114-A0FD-38A3B1932FDB}J:\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=j:\microsoft games\age of mythology\aom.exe |
"TCP Query User{7932B87C-1958-4E22-956E-A5417C315923}C:\users\"Mein Name"\desktop\wolf\et.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\et.exe |
"TCP Query User{87B0E21E-0D7C-4944-8677-CF1482DCAB50}C:\program files\metin2_germany\zoom.nebel.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\zoom.nebel.exe |
"TCP Query User{93079E9F-415B-48B5-9C4C-1285D146ED99}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{97CDC3DE-D4EB-4A67-9D23-5A765EC0E94E}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=6 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"TCP Query User{AFC2FCDD-3F35-4FCD-B9D7-D1AAAB6D5770}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{BA7220BB-D13E-4E6D-87D9-EBDCCE9B6FCB}J:\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=j:\call of duty 2\cod2mp_s.exe |
"TCP Query User{C3DE0B48-C340-4EFE-B5D0-B648C72BE420}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"TCP Query User{C69183A1-BBD4-46CF-A4D6-2E1C306B21EC}C:\users\"Mein Name"\desktop\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\icq6.5\icq.exe |
"TCP Query User{C883CE68-10E8-42F4-954E-DB94FC5646AE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{CF33721D-264B-42C4-A710-CB872B269610}C:\users\"Mein Name"\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\program files\dna\btdna.exe |
"TCP Query User{D21D26C6-F907-4DCF-A9E8-25CB6BAA5332}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D2CB94A2-EBEE-418F-A7D9-FCB0DD0BBBC6}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{D4DEBAF2-DA52-4E03-8CA8-7AD39B156076}C:\users\"Mein Name"\downloads\enemy territory\et.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\et.exe |
"TCP Query User{D8CBD838-3C84-4BBC-AB58-303BA2D3DF5A}C:\program files\vr-networld\onlupd04.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"TCP Query User{D8E033B5-B008-4C0C-8E58-23E889B07AB5}C:\program files\ea sports\fifa 08\fifa08.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 08\fifa08.exe |
"TCP Query User{F6E12003-13A5-434D-A5FA-B263130B3C3C}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{0C0D690E-F99F-4DA4-890D-6D9C8CEDDEFA}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{107EEF0C-CFBE-461A-A832-0EE7081E28BA}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{19F2C2CE-717D-4A90-A4B5-7A767B98BE65}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{1AB22088-2A1A-4F36-B9C4-CBAB40991D97}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{1CBF49BA-8D4C-41A7-A455-A60C4C060B93}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{27E87F2B-7500-488C-B285-45E1384EFDA5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{2809C715-5B06-46B1-91C9-0C2058BF31AD}J:\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=j:\call of duty 2\cod2mp_s.exe |
"UDP Query User{2FB7BAE5-9D0D-43EE-AD3E-930827C6F036}C:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\kingdoms.exe |
"UDP Query User{33F3464D-97E7-424A-99FA-A41F0D7BA165}C:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{3A78D58A-A596-41E8-A45C-EBF247AFC79A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3C197361-5E89-40A4-ACE0-9DAB5606835C}C:\users\"Mein Name"\downloads\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\warcraft iii\war3.exe |
"UDP Query User{458F72FD-3FAB-4624-9A3C-08C654CA74FD}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=17 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"UDP Query User{479518A2-2254-4236-9602-1E210D996940}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{4A319CA3-9CA3-420E-8A26-FCC8A6E7D8E7}C:\users\"Mein Name"\documents\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\xfire\xfire.exe |
"UDP Query User{57123135-B37B-4279-BE31-638E79544ED4}C:\program files\vr-networld\onlupd04.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"UDP Query User{77B992A8-8701-4CD0-84B2-77A3F4E42FE1}C:\program files\metin2_germany\zoom.nebel.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\zoom.nebel.exe |
"UDP Query User{7FACA5C7-C559-47A2-9F02-68A367299ACE}C:\users\"Mein Name"\saved games\medieval_tw.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\medieval_tw.exe |
"UDP Query User{88985996-6974-4D4C-A54B-4CE9CDAD28CA}C:\users\"Mein Name"\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\program files\dna\btdna.exe |
"UDP Query User{929DE895-4CEB-4E2C-B5DE-06D378875361}C:\users\"Mein Name"\downloads\enemy territory\et.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\et.exe |
"UDP Query User{9B75E4FE-0490-48F1-A8C4-D382993E2BD5}C:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe |
"UDP Query User{9D416AF1-ABA9-4DFD-9A20-26D57731924C}C:\users\"Mein Name"\desktop\wolf\et.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\et.exe |
"UDP Query User{9DD0867B-0EB0-43C7-8371-36C47FF0A0F8}C:\users\"Mein Name"\downloads\enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\etded.exe |
"UDP Query User{A0617B1A-0D69-47BC-A698-81478813B6E1}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{A08232B3-619C-497C-B77F-49F6803C5758}C:\program files\ea sports\fifa 08\fifa08.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 08\fifa08.exe |
"UDP Query User{A53AEEC9-637F-4CFC-9D49-E6F398D69D1C}C:\users\"Mein Name"\desktop\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\icq6\icq.exe |
"UDP Query User{AB580111-DC9E-420F-84D3-C136C54C585A}J:\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=j:\battlefield 2\bf2.exe |
"UDP Query User{AF16AA90-D274-49FA-8FC1-505B2CBAD3BA}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{BA96268C-BA5C-4181-A903-DC90931290E9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{C28E026C-AD95-419E-806A-946CA64FD002}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"UDP Query User{D4EBB88D-A56D-45D8-9724-508F175F70DC}C:\users\"Mein Name"\downloads\lt2.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\lt2.exe |
"UDP Query User{D5B045A6-DF06-4911-B625-975909D269AF}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe |
"UDP Query User{D7F79F11-1A42-4B48-A096-E3199A85CBC5}C:\program files\electronic arts\need for speed 2142\bf2142.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed 2142\bf2142.exe |
"UDP Query User{E09C0CD6-EEF7-4C72-AFC1-7F88EFB8D012}C:\users\"Mein Name"\desktop\wolf\etded.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\etded.exe |
"UDP Query User{E0C84730-9955-466D-9B30-83D62422BDA3}J:\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=j:\microsoft games\age of mythology\aom.exe |
"UDP Query User{E5175B33-EE39-4972-9587-5DBC6DBDCDBC}C:\users\"Mein Name"\desktop\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\icq6.5\icq.exe |
"UDP Query User{EDB774BA-079A-4E50-A547-3FE6CA4520CE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02909B43-867E-4774-BB8B-9840D89D72EF}" = Medieval - Total War (TM)
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{0740E89E-9162-4BE2-9C4E-D9CFE33CB67A}" = i-Clickr
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FCEE1FB-C48F-421C-B4C1-B952F1B67617}" = Actio multimedial
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2B54B4B6-5834-494D-81E6-79AC3955EEE5}_is1" = SnowBound Online
"{2BE6CDFB-9037-4FE5-93D4-6CFB4BE84958}" = TubeBox
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Games
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Foto 2006 Standard Edition Editor
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FB66B14-DB8D-770D-D66F-5243AB27B604}" = Catalyst Control Center Graphics Previews Vista
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{581CE7EA-A30D-0000-A215-088635773309}" = Atheros AR5007 Wireless LAN - USB
"{58a26b11-1507-4461-bb28-9c2be3a0dff1}" = TubeBox
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD SPIELE Game-Center
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}" = Targa VFD Display
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6786926E-661B-F38F-4A02-27864C2CC290}" = Trainingstagebuch Uploader
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72376EB6-0189-45B3-A4F6-823F549697C3}" = MOUSE Editor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F5A4EAD-FAB1-48BE-9EDF-A975FF7D1031}" = Nero 7 Essentials
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.206
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{948B09C2-16EF-41DC-8E24-5C90B9D8360F}" = Sun VirtualBox
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{9F74B6DE-B89C-4532-AFED-5AB0CCAAC1DF}_is1" = TCX Converter 2.0.24
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 9.0.600.0
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 3.085
"{D719F7E4-9280-410B-97D6-79F18306D29C}" = Similarity 1.1.0
"{DA08DB77-8603-96AC-ED7D-399D7304D079}" = Catalyst Control Center Localization German
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EDC66A92-4603-4D72-B28C-570075B55DF0}" = USB Wireless Keyboard Driver
"{EE246B64-54FC-42A6-8384-B61546B0C7F8}" = Steganos Safe Home 2007
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA630728-674D-F321-A9CE-C6DF1ED4EB50}" = CCC Help German
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FD347316-609E-4149-983C-84B40338D38A}" = Battlefield 2142-Demo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.57
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Mythology 1.0" = Age of Mythology
"Aladdin_is1" = Aladdin
"Alldj DVD Ripper Platium_is1" = Alldj DVD Ripper Platium 4.0
"AnyDVD" = AnyDVD
"AOL Deinstallation" = AOL Deinstallation
"Audacity_is1" = Audacity 1.2.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Custom AOM Multiplayer+AI Maps by KillZaw" = Custom AOM Multiplayer+AI Maps by KillZaw
"Defraggler" = Defraggler
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DiskAid_is1" = DiskAid 5.08
"DivX Codec" = DivX Codec
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DTGDesktop" = Documents To Go Desktop for iPhone
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"easyshare" = devolo EasyShare
"ESET Online Scanner" = ESET Online Scanner v3
"Fallout New Vegas_is1" = Fallout New Vegas
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.811
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.23.324
"Free Studio_is1" = Free Studio version 5.3.3
"Free Video Converter" = Free Video Converter
"Free Video Converter_is1" = Free Video Converter V 2.3
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"Free YouTube Uploader_is1" = Free YouTube Uploader version 2.3
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"iLyrics_is1" = iLyrics 1.1.1.2 BETA
"ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter
"InstallShield_{02909B43-867E-4774-BB8B-9840D89D72EF}" = Medieval - Total War (TM)
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{72376EB6-0189-45B3-A4F6-823F549697C3}" = Mouse Editor
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"iPhone_Backup_Switch_1.0" = iPhone Backup Switch
"IrfanView" = IrfanView (remove only)
"ismxydep" = Favorit
"iTSfv_is1" = iTSfv 5.60.25 BETA
"LetsTrade" = LetsTrade Komponenten
"MAGIX_{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"MAGIX_{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"MAGIX_{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaInfo" = MediaInfo 0.7.39
"Medieval Total War" = Medieval - Total War (TM)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Notepad++" = Notepad++
"NSSSetup.{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Origin" = Origin
"Palringo" = Palringo
"Picasa 3" = Picasa 3
"PictureItPrem_v12" = Microsoft Foto 2006 Standard Edition
"Security Task Manager" = Security Task Manager 1.8d
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.2.4
"ST4UNST #1" = Peck's Power Join
"Steam" = Steam
"Steam App 211880" = Bullet Run
"Steam App 22350" = Brink
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TDMaker_is1" = iTSfv 5.60.25.1 BETA
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Uploader.6A755FBD4A9495E76557F9D696C5965FE7FBEA15.1" = Trainingstagebuch Uploader
"VLC media player" = VLC media player 1.0.0
"Voobly_is1" = Voobly Game Data
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"xampp" = XAMPP 1.8.1
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.2.1.6
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"StationRipper" = StationRipper 2.93B
"Vietcong 2" = Vietcong 2
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2012 04:27:16 | Computer Name = "Mein Name"-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.12.2012 04:27:16 | Computer Name = "Mein Name"-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14571
Error - 18.12.2012 04:27:16 | Computer Name = "Mein Name"-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14571
Error - 18.12.2012 11:03:44 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0x152c, Anwendungsstartzeit 01cddd30dbd2b3c0.
Error - 18.12.2012 12:06:23 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = Die Protokollscannummer (103:184:1), die an den Protokollscan in der
'msdb'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen,
dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei
(MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist,
müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank
von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten
führt.
Error - 18.12.2012 12:06:23 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 3414
Description = Fehler bei der Wiederherstellung. Die 'msdb'-Datenbank (Datenbank-ID
4) kann daher nicht neu gestartet werden. Diagnostizieren und beheben Sie die Wiederherstellungsfehler,
oder führen Sie eine Wiederherstellung von einer als fehlerfrei bekannten Sicherung
aus. Falls die Fehler nicht behoben werden oder unerwartete Fehler auftreten, wenden
Sie sich an den technischen Support.
Error - 18.12.2012 12:06:38 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 8355
Description = Service Broker ist in MSDB deaktiviert, oder MSDB konnte nicht gestartet
werden. Ereignisbenachrichtigungen auf Serverebene können nicht übermittelt werden.
Ereignisbenachrichtigungen mit FAN_IN in anderen Datenbanken können ebenfalls davon
betroffen sein.
Error - 18.12.2012 12:27:47 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0xc70, Anwendungsstartzeit 01cddd3c9af9e1fb.
Error - 18.12.2012 13:22:34 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0x1598, Anwendungsstartzeit 01cddd443893ef8b.
Error - 18.12.2012 14:26:33 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0xd14, Anwendungsstartzeit 01cddd4d3160bd7b.
[ Media Center Events ]
Error - 28.07.2007 11:05:00 | Computer Name = "Mein Name"-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 16.04.2008 08:10:42 | Computer Name = "Mein Name"-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 05.01.2010 05:34:44 | Computer Name = "Mein Name"-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.12.2012 04:21:01 | Computer Name = "Mein Name"-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 18.12.2012 10:38:04 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 18.12.2012 11:25:39 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 18.12.2012 12:04:34 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
15, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.12.2012 12:04:34 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
14, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.12.2012 12:04:34 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
11, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.12.2012 12:04:34 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
12, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.12.2012 12:04:34 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
13, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.12.2012 12:09:13 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 18.12.2012 12:09:14 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
18.12.2012, 23:24
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2012, 01:53
| #23 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Hallo, ich habe den Vorgang erstamls abgebrochen, werde heute nachmittag (es ist gerade 2:00 morgens) Malwarebytes nochmal laufen lassen. Habe abgebrochen als mir auffiel dass Malwarebytes noch nicht einmal ein viertel aller Daten durchsucht hatte, aber schon 2h lief. Mir fiel auf, dass sehr häufig Malwarebytes keine Rückmeldung als Status im Taskmanager hat... Jedenfalls ist hier das Log des abgebrochenen Durchlaufs. Es wurde bis jetzt 1 Infizierung gefunden: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.07 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 "Mein Name" :: "Mein Name"-PC [Administrator] 18.12.2012 23:53:09 mbam-log-2012-12-19 (01-48-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 60116 Laufzeit: 1 Stunde(n), 54 Minute(n), 24 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.12.2012, 02:22
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Das ist nur ein Überrest.... Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2012, 18:47
| #25 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Nun gut ich werde noch einmal versuchen SP1 u 2 zu installieren... Da ich beim SP1 den Error 0x800B0100 bekomme läuft gerade so ein Systemvorbereitungstool... Mal sehen Jedenfalls habe ich heute morgen mit Malwarebytes gescannt. Hier ist das Log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.04 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 "Mein Name" :: "Mein Name"-PC [Administrator] 19.12.2012 09:18:57 mbam-log-2012-12-19 (17-12-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267590 Laufzeit: 18 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt. (Ende) |
|
22.12.2012, 09:32
| #26 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Da der Esetscannner ziemlich lange braucht habe ich es erst beim dritten Mal geschafft ihn nicht abbrechen zu müssen. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=e6fc828e1774b9409ed34948677282f8
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-13 02:12:38
# local_time=2012-12-13 03:12:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6000 NT
# compatibility_mode=1287 16777213 100 100 19546222 114402531 0 0
# compatibility_mode=5892 16776573 100 100 192213 192940687 0 0
# scanned=94009
# found=0
# cleaned=0
# scan_time=10121
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=e6fc828e1774b9409ed34948677282f8
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-19 10:04:55
# local_time=2012-12-19 11:04:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1287 16777214 100 100 20092958 114949267 0 0
# compatibility_mode=5892 16776574 100 100 112355 193487423 0 0
# scanned=233542F
# found=0
# cleaned=0
# scan_time=14363
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=e6fc828e1774b9409ed34948677282f8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-22 04:42:18
# local_time=2012-12-22 05:42:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1287 16777214 100 100 20289601 115145910 0 0
# compatibility_mode=5892 16776574 100 100 52794 193684066 0 0
# scanned=514998
# found=0
# cleaned=0
# scan_time=35609
|
|
| Themen zu Funde von Malwarebytes (5 REgistry Keys, 2 Files) |
| aktion, appdata, dateien, erstell, erstellt, files, gen, hijack, hijack this, infizierte, löschen, malwarebytes, microsoft, ordner, registry, rogue.residue, software, spoiler, system32, temp, this, version, virus, wichtige, windows |
Linear-Darstellung
