| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - ReatogoWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2013, 22:04
| #46 |
 |  GVU Trojaner - ReatogoCode:
ATTFilter OTL logfile created on: 24.01.2013 21:16:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19393) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,14% Memory free 4,24 Gb Paging File | 2,51 Gb Available in Paging File | 59,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 277,50 Gb Total Space | 78,44 Gb Free Space | 28,27% Space Free | Partition Type: NTFS Drive D: | 20,57 Gb Total Space | 12,62 Gb Free Space | 61,35% Space Free | Partition Type: FAT32 Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.24 21:16:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Downloads\OTL.exe PRC - [2013.01.23 16:57:44 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.11 12:39:32 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 12:39:19 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.12.11 12:39:18 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 12:39:17 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.31 07:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Programme\LOLReplay\LOLRecorder.exe PRC - [2012.08.10 23:15:41 | 003,093,624 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.07 07:22:16 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.29 10:47:40 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe PRC - [2012.05.29 10:46:42 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe PRC - [2012.02.16 16:16:58 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.233\deploy\LolClient.exe PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.04.05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007.12.17 10:55:41 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmsdmon.exe PRC - [2007.12.05 10:18:59 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe PRC - [2007.12.05 10:18:53 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe PRC - [2007.05.10 16:10:06 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.03.29 14:20:22 | 000,786,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe PRC - [2006.11.29 10:58:14 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.01.23 16:57:43 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.01.09 17:22:18 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e67c93130bccca9ecab38df6cd2e60cb\System.ServiceModel.Web.ni.dll MOD - [2013.01.09 17:19:21 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013.01.09 17:01:24 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c40efd2328e271920f4b4eda38c0125\System.ServiceModel.ni.dll MOD - [2013.01.09 17:00:30 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\895899bb8c1772f2043de17305d7eb35\System.Runtime.Serialization.ni.dll MOD - [2013.01.09 17:00:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.09 17:00:18 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bb8af3cf69f1337efda4e810b6751b89\SMDiagnostics.ni.dll MOD - [2013.01.09 17:00:16 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.09 16:59:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.09 16:59:36 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.09 16:59:07 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll MOD - [2013.01.09 16:59:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 16:59:01 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll MOD - [2013.01.09 16:58:41 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll MOD - [2013.01.09 16:58:23 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll MOD - [2013.01.09 16:58:15 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.09 16:57:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.10.31 07:35:50 | 000,156,160 | ---- | M] () -- C:\Programme\LOLReplay\Air.dll MOD - [2012.10.31 07:35:36 | 000,311,808 | ---- | M] () -- C:\Programme\LOLReplay\LOLUtils.dll MOD - [2012.09.01 12:40:36 | 000,411,648 | ---- | M] () -- C:\Programme\LOLReplay\Compression.dll MOD - [2012.09.01 12:10:38 | 000,052,224 | ---- | M] () -- C:\Programme\LOLReplay\Launcher.dll MOD - [2012.08.10 23:15:41 | 003,093,624 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe MOD - [2012.07.07 07:22:15 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.05.29 10:47:40 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe MOD - [2012.05.29 10:46:42 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.18 19:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2007.12.17 10:55:41 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmsdmon.exe MOD - [2007.12.07 22:36:27 | 000,036,864 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.monitor.core.dll MOD - [2007.12.07 22:36:27 | 000,028,672 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.monitor.common.dll MOD - [2007.12.07 22:35:14 | 000,061,440 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll MOD - [2007.11.22 17:55:48 | 000,011,776 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2006.10.26 22:30:12 | 000,131,072 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll MOD - [2004.07.26 16:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2013.01.23 16:57:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.11 12:39:32 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 12:39:18 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.07 07:22:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.12.05 10:18:59 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device) SRV - [2007.12.05 10:18:53 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\videX32.sys -- (videX32) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SjyPkt.sys -- (SjyPkt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.12.11 12:39:34 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.11 12:39:34 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.14 14:18:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.12.25 21:33:35 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV - [2007.06.16 13:11:00 | 007,566,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.06.13 11:09:44 | 000,017,280 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ViPrt.sys -- (ViPrt) DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ViBus.sys -- (ViBus) DRV - [2007.02.08 18:46:44 | 000,211,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2007.01.08 17:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.12.02 05:53:32 | 000,015,360 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.06.08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{13B38ED5-F6AA-4833-B2CA-5ACEF200FF0D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\..\SearchScopes\{36F34217-D85C-470D-AAA9-3D323196344C}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6DE5C561-9D4A-42E7-ABD8-59A0A2E804CE}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{9B761C77-D9FA-4494-9223-3721ADF89ACC}: "URL" = hxxp://search.avg.com/route/?d=4bb3325b&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKCU\..\SearchScopes\{AC5C341E-007C-447F-872D-D24E79D5EBB0}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{E1D88547-1E03-4A0E-92C0-2AF16353879D}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.4 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.24 19:47:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.23 17:04:18 | 000,000,000 | ---D | M] [2009.05.06 14:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2013.01.24 19:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions [2012.10.20 12:14:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.03 22:28:20 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.04.01 10:23:41 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} [2013.01.10 21:24:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.09.13 18:42:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.01.08 19:26:14 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\s6hv9myc.default\extensions\firefox@ghostery.com [2013.01.04 17:14:47 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\autopager@mozilla.org.xpi [2013.01.18 13:28:33 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\toolbar@gmx.net.xpi [2012.02.11 17:52:57 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2011.04.14 19:57:50 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013.01.05 17:15:03 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.11.23 19:24:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.13 16:19:44 | 000,000,855 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\1und1-suche.xml [2011.11.28 15:15:22 | 000,001,283 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\amazondotcom-de.xml [2011.11.28 15:16:14 | 000,002,366 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\eBay-de.xml [2011.11.03 10:32:05 | 000,002,419 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\englische-ergebnisse.xml [2011.10.13 16:01:56 | 000,010,507 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\gmx-suche.xml [2010.06.24 14:25:09 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-10.xml [2010.06.27 18:54:10 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-11.xml [2010.07.22 17:43:23 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-12.xml [2010.07.22 18:58:17 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-13.xml [2010.09.03 12:37:07 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-14.xml [2010.09.19 11:04:52 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-15.xml [2010.10.22 00:29:48 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-16.xml [2010.10.26 14:36:43 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-17.xml [2010.12.11 12:44:59 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-18.xml [2010.12.23 10:07:54 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-19.xml [2011.03.13 09:54:22 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-20.xml [2011.03.30 19:39:24 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-21.xml [2011.05.01 11:58:22 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-22.xml [2011.06.23 11:42:18 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-23.xml [2011.06.30 17:49:22 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-24.xml [2011.08.18 22:55:04 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-25.xml [2011.09.02 09:20:35 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-26.xml [2011.09.07 18:46:00 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-27.xml [2011.09.27 18:35:52 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-28.xml [2011.10.02 18:32:14 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-29.xml [2011.11.09 22:05:03 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-30.xml [2011.12.08 17:34:14 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-31.xml [2011.12.23 18:02:23 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-32.xml [2012.01.02 14:20:00 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-33.xml [2009.07.24 17:25:30 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-4.xml [2009.07.24 18:25:05 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-5.xml [2009.07.24 18:37:28 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-6.xml [2009.07.24 22:10:55 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-7.xml [2009.07.24 22:43:02 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-8.xml [2009.08.05 08:43:39 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\icqplugin-9.xml [2011.11.28 16:00:56 | 000,002,387 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\lastminute.xml [2011.10.13 16:34:10 | 000,002,248 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\mailcom-search.xml [2012.05.06 11:21:08 | 000,005,489 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\webde-suche.xml [2013.01.23 17:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.05.06 14:53:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.07 07:22:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.02.11 17:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.11 17:52:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.11 17:52:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.11 17:52:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.11 17:52:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.11 17:52:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s File not found O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe () O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C88F9EE-6C50-453A-80AF-FC4A3072BB9A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2373DAED-E0A9-47BB-8A61-45D8AABBC563}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5547983-0077-4DBC-8F95-3A51E6352F32}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\ICQ [2013.01.23 17:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.01.23 17:34:48 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.01.23 17:34:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.01.23 17:34:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.01.23 17:34:17 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.01.23 16:57:44 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.23 16:57:44 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.23 13:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.01.22 19:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.22 19:30:50 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.22 19:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.22 18:43:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.22 18:33:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.22 18:13:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.22 18:13:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.22 18:13:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.22 18:13:10 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.22 18:12:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.22 18:11:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.22 18:11:00 | 005,025,054 | R--- | C] (Swearware) -- C:\Users\PC\Gimp\Desktop\ComboFix.exe [2013.01.22 01:37:05 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.15 14:03:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.01.11 17:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.11 17:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.11 17:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.11 17:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.11 17:40:38 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.01.09 13:35:47 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.09 13:35:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.12.31 13:07:59 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\LOLReplay [2012.12.31 13:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay [2010.09.02 15:05:30 | 002,736,736 | ---- | C] (Conduit Ltd.) -- C:\Program Files\tbsoft.dll ========== Files - Modified Within 30 Days ========== [2013.01.24 20:59:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.24 20:03:23 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job [2013.01.24 20:03:20 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 20:03:20 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 20:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 19:38:27 | 000,574,315 | ---- | M] () -- C:\Users\PC\Gimp\Desktop\adwcleaner(1).exe [2013.01.23 17:39:57 | 000,000,047 | ---- | M] () -- C:\Windows\WinInit.Ini [2013.01.23 17:39:54 | 000,088,777 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf [2013.01.23 17:39:04 | 000,000,941 | ---- | M] () -- C:\Windows\uninst.ini [2013.01.23 17:34:00 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.01.23 17:33:58 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.01.23 17:33:58 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.01.23 17:33:58 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.01.23 17:33:58 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.01.23 17:33:58 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.01.23 17:11:26 | 000,000,025 | ---- | M] () -- C:\Windows\SIERRA.INI [2013.01.23 17:04:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.01.23 16:57:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.23 16:57:44 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.23 13:13:21 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.01.22 19:30:52 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.22 18:10:57 | 000,173,568 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.22 17:08:30 | 005,025,054 | R--- | M] (Swearware) -- C:\Users\PC\Gimp\Desktop\ComboFix.exe [2013.01.13 17:43:32 | 000,681,680 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.13 17:43:32 | 000,640,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.13 17:43:32 | 000,148,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.13 17:43:32 | 000,122,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.11 17:49:29 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.09 16:55:04 | 003,729,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.03 19:34:26 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.31 13:07:45 | 000,001,782 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.12.31 13:07:45 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk ========== Files Created - No Company Name ========== [2013.01.24 19:38:12 | 000,574,315 | ---- | C] () -- C:\Users\PC\Gimp\Desktop\adwcleaner(1).exe [2013.01.23 17:39:57 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini [2013.01.23 17:39:04 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini [2013.01.23 17:04:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.01.23 17:04:18 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.01.23 16:57:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.23 13:13:21 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.01.22 19:30:52 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.22 18:13:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.22 18:13:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.22 18:13:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.22 18:13:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.22 18:13:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.11 17:49:29 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.31 13:07:45 | 000,001,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.12.31 13:07:45 | 000,001,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk [2012.12.31 13:07:45 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.10.05 13:12:36 | 005,618,768 | ---- | C] () -- C:\Users\PC\com.android.vending_3.8.16.apk [2012.08.10 21:28:01 | 000,000,051 | ---- | C] () -- C:\ProgramData\osdtngrmymcyfto [2012.01.23 11:43:19 | 000,144,772 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.11.25 18:09:27 | 000,000,090 | ---- | C] () -- C:\Users\PC\AppData\Local\fusioncache.dat [2010.09.02 15:05:30 | 000,006,836 | ---- | C] () -- C:\Program Files\UNWISE.INI [2010.08.29 18:53:20 | 000,000,000 | ---- | C] () -- C:\Users\PC\AppData\Local\prvlcl.dat [2010.04.28 19:40:44 | 000,008,576 | ---- | C] () -- C:\Users\PC\.recently-used.xbel [2009.07.24 13:18:43 | 000,000,680 | ---- | C] () -- C:\Users\PC\AppData\Local\d3d9caps.dat [2009.03.12 16:07:58 | 000,000,030 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Default.PLS [2009.03.10 17:49:00 | 000,173,568 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 21:16:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,14% Memory free
4,24 Gb Paging File | 2,51 Gb Available in Paging File | 59,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 277,50 Gb Total Space | 78,44 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive D: | 20,57 Gb Total Space | 12,62 Gb Free Space | 61,35% Space Free | Partition Type: FAT32
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0427D948-DF45-42C3-A773-E5DCF4F978A9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{14B97494-2731-4BBB-8484-071F2B479F35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F68E4CE-EAEB-4B07-B2BA-27A2E19845A1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4C922C27-27BE-4645-AE04-E7F2FAD52906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F05053A-5FF5-4AE2-B279-567EB1AA9369}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE1DC206-4B38-431A-B40D-E0E4DE642DCD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DD08943B-9F3E-4DC4-861A-3581751EDB0D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E605B4E7-AE2C-45E8-BA61-9820FC4E3AD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1051E893-5B6C-4A98-8F1D-41EA01B47162}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{147A938C-1E74-45F9-8A97-0621C9EE580F}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{1CB7D9F9-8633-4BAC-B88E-8F27A84C37C8}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{1ED8FBB2-F796-4B44-98AD-38DC1B8665C7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{2524609D-9ED6-4983-BDB3-59EFC95F927F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31EF03E7-E382-414E-AC97-16DEEBD76EDB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{34025260-FECE-49FC-B6E8-47BBFCD5DA37}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{446FD513-D99B-4306-B370-07E081B1C51F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{46B48FA1-0DA9-48D2-B4F5-82B202E7832E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{48AA5ED3-F0C5-4AED-9D8E-F808818CAB65}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4B37919C-2017-4457-959F-305E63FE459E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{4E7B7B94-08CD-4260-8632-C1523A02B0B2}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{56D2AB86-4E24-439F-96D9-132A3A13D1E7}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{6E38B364-A3B2-4B41-87D1-A7B794FD9445}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{74035061-A957-44AA-A608-3AC9AB7EAF2B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{778CEB29-88A9-48F5-9C1D-3C80579C0938}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{84E6AEBD-7E82-408D-A32F-6655240C5BD5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{855ADAB8-84AA-4508-8A70-C858DBB6399A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8B7425AA-72BB-4FDC-9D9F-DCA3E3B72E15}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9443DD48-A193-453B-98FB-2E05008A8342}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{97ABC2AB-CDB8-4A67-9A00-2658DEB3105E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{99C385EA-44A9-4565-834B-8119F9A0FA19}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"{A2B5409E-9872-4ACD-8EA4-4B929BC96097}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{A9C74460-945A-4C0E-8FD2-B706B1ABAD1E}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{ACCFFE4E-0DEC-4DF1-99AC-18FD11FE53FF}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{B7E05870-063E-4503-AB64-4CD1EFE8F9C4}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{C363FBCE-302E-4682-8EEE-A302F7FFA4C3}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{CE0D546F-C8EC-412B-B9EF-6CC8192390E3}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{DB027967-794C-4D0B-9136-ED304C4506D9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DBCA5814-543E-4718-A8C9-FD2870566B36}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"{DF08E080-E92C-4DDC-86C6-ED96A0BACF5F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{E168A49C-95C6-416B-9BAC-71556E3E8F75}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{E1B2B661-47C6-44C1-8E0F-A4E6EE93D2EA}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{F357E73D-7EE1-4C39-AAC9-C388D5D3B03C}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{F45BD94A-BA3C-4800-B058-0BC3236EE95D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0B17056A-7B12-4515-A7AB-D06D3DF15437}C:\users\pc\spiele\battelfield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\battelfield vietnam\bfvietnam.exe |
"TCP Query User{0D918CD5-0DAA-46AA-9361-0D0BC8C5B191}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{12123A3A-FD27-4F5F-9B10-C429E67DA407}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1533F918-39E9-458E-9A96-ADE09D5BE449}C:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe |
"TCP Query User{21104C88-EC56-4A35-999C-8569BA6105DC}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{2285F3D7-162A-4ABB-A764-F6C557853A6F}C:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{2508E41B-A4D2-40E8-95C3-7499BC85E94E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{29F2DDB7-20E4-4D16-B3FF-0D59CFBAA794}C:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe |
"TCP Query User{34CF8E16-93B1-4D25-B70D-620FAA62F02F}C:\program files\rapidsolution\audials tv\bin\audialstv.exe" = protocol=6 | dir=in | app=c:\program files\rapidsolution\audials tv\bin\audialstv.exe |
"TCP Query User{42CFC478-5B12-4EC0-9B0E-4D3B78E299C8}C:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe" = protocol=6 | dir=in | app=c:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe |
"TCP Query User{4DF32E65-A794-4003-913E-3FA344470DCB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{518AAC6F-2298-490A-A825-28E8D4BBE6D4}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{5B0003A5-C91C-43DE-BFC9-CDCC0C879AD6}C:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe |
"TCP Query User{69B9BC84-A72C-4D1F-A3AE-B7F40849DEF5}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{6A895DDB-0AF3-400D-84E7-D169AE1C8692}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{6BA3205C-3220-43D1-BDD2-C8A162FE1273}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{784B5906-C441-4094-A7B4-E4AC001F9503}C:\users\pc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\call of duty 2\cod2mp_s.exe |
"TCP Query User{7CC9A123-19DC-45B4-93BB-734FBA2ADC0D}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{7E61C7AC-2D43-44C3-BB6A-AA02DEFFD191}C:\users\pc\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{81F5D36E-2EDE-4950-A8F7-EF57A4F7E0B1}C:\users\pc\spiele\fucksteamcss\hl2.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\fucksteamcss\hl2.exe |
"TCP Query User{8465216C-699C-4049-970C-AA252E8341B5}C:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{920F2AEE-1B6C-4F3A-B00C-C13F8F936F1B}C:\users\pc\desktop\fucksteamcss\hl2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\fucksteamcss\hl2.exe |
"TCP Query User{959D0B6A-C1F0-45C1-89E6-B56C75786E23}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9EF45619-B7F4-4B5F-AF8E-B7A7F64127C0}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{A611F459-4995-40B7-A660-362C4B85BED8}C:\users\pc\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\pc\spiele\left 4 dead 2\left4dead2.exe |
"TCP Query User{A7BBA9BA-0EC2-41D9-969C-CC66B2566484}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{B6F8011B-7536-4D49-853B-2AF3F5A9106F}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"TCP Query User{E05F25E3-6B06-4EEC-82CC-9144ADEB6C9B}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{F5CF5851-3BFA-4B78-B040-EC4C3657DD26}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{0D02B197-1151-41AF-A8F2-699D090C09A7}C:\users\pc\spiele\battelfield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\battelfield vietnam\bfvietnam.exe |
"UDP Query User{0EBAEA22-DD04-4B74-80FF-9A8873CF80EB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{176C23F7-32B9-4B06-9574-D806360B5B09}C:\users\pc\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{297FF978-7849-44B1-B893-A2A7A3E7DEBF}C:\program files\rapidsolution\audials tv\bin\audialstv.exe" = protocol=17 | dir=in | app=c:\program files\rapidsolution\audials tv\bin\audialstv.exe |
"UDP Query User{37040FD9-34D4-4806-B7BD-8E017BCA84CF}C:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex01.426\ipcurve\ipcurve.exe |
"UDP Query User{4256BC2A-16C0-438B-BED3-62BCCEC887DD}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{4348FC16-EDE1-4F24-B192-CA12491D079B}C:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{44B1703E-C882-4E8D-8E8C-E2C97F341E13}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{4DCE5682-917E-4ED0-9315-C4FB55DC0385}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{582F68BC-6C45-4575-B534-1CE080867DB0}C:\users\pc\desktop\fucksteamcss\hl2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\fucksteamcss\hl2.exe |
"UDP Query User{5E342AD0-C2AD-4F8F-8C9D-19ECFE274435}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{686018BA-06CA-412A-BC11-5F90A2D2DFC7}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{6A78DFD5-8875-428F-80EF-4BEC23563388}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{713ED677-C9A2-435D-96DF-9A97A9E43F45}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7734F37D-02E6-4D65-9251-1AC447F9B3B4}C:\users\pc\spiele\fucksteamcss\hl2.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\fucksteamcss\hl2.exe |
"UDP Query User{7DF903A5-1DF3-4591-99E7-A47C621F6F4F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{8772A69B-CF8F-4AF2-A61B-BB5B60F3CBF9}C:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex00.080\ipcurve\ipcurve.exe |
"UDP Query User{93B821B7-8ED8-4F31-9EB0-333D12EDF036}C:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\pc\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{A8CBF5E0-1B40-49C7-9F01-C3FB743B5E88}C:\users\pc\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\pc\spiele\left 4 dead 2\left4dead2.exe |
"UDP Query User{ACC0E1E7-F932-4963-8F1D-E6501A50B989}C:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe" = protocol=17 | dir=in | app=c:\users\pc\downloads\eligium_0_92_21_13_en_dl.exe |
"UDP Query User{BE997DEB-0796-42BD-8037-C699B34B7786}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{C0000B8B-BD03-4DE5-B1C5-32E85AC2704E}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{D10FE592-804C-47A9-A441-71A8896D7302}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{D445D4DE-D1EA-430A-A6A4-AF8CD7003E6D}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{D800D083-26BB-48A8-84BA-EBB3A082F0C0}C:\users\pc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\call of duty 2\cod2mp_s.exe |
"UDP Query User{DAE3A862-E41B-4347-8C4D-CA550E73BAAC}C:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\temp\rar$ex05.173\ipcurve\ipcurve.exe |
"UDP Query User{ED9A1B5F-44F0-4470-A583-003EAC4B5D4D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F776F89F-B245-46C7-97CA-F78182552896}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F9B53CE1-95CE-47DC-AAFD-F0485A146C88}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B973521-269F-11E1-8ED3-F04DA23A5C58}" = MSVCRT Redists
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30D3D974-A770-4EF7-83EC-D56081450FFA}" = Lernwerkstatt 5
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}" = Borland Delphi 6
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"4StoryDE_is1" = 4Story 3.4
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Derive5" = Derive 5
"DivX Setup" = DivX-Setup
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HyperCam 3" = HyperCam 3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"VLC media player" = VLC media player 1.1.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2013 13:19:16 | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 23.01.2013 13:19:16 | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 23.01.2013 13:21:07 | Computer Name = PC-PC | Source = VSS | ID = 8194
Description =
Error - 23.01.2013 13:21:08 | Computer Name = PC-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 24.01.2013 14:47:13 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.01.2013 14:47:37 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 23.01.2013 11:59:16 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 23.01.2013 11:59:16 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.01.2013 13:41:24 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.01.2013 13:41:24 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.01.2013 14:31:42 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 24.01.2013 14:31:42 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.01.2013 14:51:13 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 24.01.2013 14:51:13 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.01.2013 15:03:53 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 24.01.2013 15:03:53 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
25.01.2013, 12:21
| #47 |
| /// Malware-holic   | GVU Trojaner - Reatogo hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}src={referrer:source?}
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}src=IE-SearchBoxFORM=IE8SRC
IE - HKCU\..\SearchScopes\{13B38ED5-F6AA-4833-B2CA-5ACEF200FF0D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=382950p={searchTerms}
IE - HKCU\..\SearchScopes\{36F34217-D85C-470D-AAA9-3D323196344C}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6DE5C561-9D4A-42E7-ABD8-59A0A2E804CE}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{9B761C77-D9FA-4494-9223-3721ADF89ACC}: "URL" = hxxp://search.avg.com/route/?d=4bb3325bv=6.10.6.4i=23tp=chromeq={searchTerms}lng={language}iy=ychte=us
IE - HKCU\..\SearchScopes\{AC5C341E-007C-447F-872D-D24E79D5EBB0}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{E1D88547-1E03-4A0E-92C0-2AF16353879D}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}origin=tb_splugin_ie
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_fftype=382950ilc=12"
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.4
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1ei=utf-8ilc=12type=382950p="
[2013.01.18 13:28:33 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\toolbar@gmx.net.xpi
[2011.10.13 16:19:44 | 000,000,855 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\1und1-suche.xml
[2011.11.03 10:32:05 | 000,002,419 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\englische-ergebnisse.xml
[2011.10.13 16:01:56 | 000,010,507 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\gmx-suche.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ |
|
25.01.2013, 21:11
| #48 |
| | GVU Trojaner - Reatogo All processes killed
__________________========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13B38ED5-F6AA-4833-B2CA-5ACEF200FF0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13B38ED5-F6AA-4833-B2CA-5ACEF200FF0D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36F34217-D85C-470D-AAA9-3D323196344C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36F34217-D85C-470D-AAA9-3D323196344C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6DE5C561-9D4A-42E7-ABD8-59A0A2E804CE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DE5C561-9D4A-42E7-ABD8-59A0A2E804CE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B761C77-D9FA-4494-9223-3721ADF89ACC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B761C77-D9FA-4494-9223-3721ADF89ACC}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC5C341E-007C-447F-872D-D24E79D5EBB0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC5C341E-007C-447F-872D-D24E79D5EBB0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1D88547-1E03-4A0E-92C0-2AF16353879D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D88547-1E03-4A0E-92C0-2AF16353879D}\ not found. Prefs.js: "chr-greentree_fftype=382950ilc=12" removed from browser.search.param.yahoo-fr Prefs.js: toolbar@gmx.net:2.4 removed from extensions.enabledAddons Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1ei=utf-8ilc=12type=382950p=" removed from keyword.URL C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\extensions\toolbar@gmx.net.xpi moved successfully. C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\1und1-suche.xml moved successfully. C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\englische-ergebnisse.xml moved successfully. C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\s6hv9myc.default\searchplugins\gmx-suche.xml moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FaxCenterServer deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: PC ->Flash cache emptied: 58784 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: PC ->Temp folder emptied: 15222804 bytes ->Temporary Internet Files folder emptied: 10425027 bytes ->Java cache emptied: 24270659 bytes ->FireFox cache emptied: 460441442 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 163623 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1063532062 bytes RecycleBin emptied: 75399 bytes Total Files Cleaned = 1.501,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01252013_210232 Files\Folders moved on Reboot... C:\Windows\temp\MpSigStub.log moved successfully. File\Folder C:\Windows\temp\TMP0000001016552078B617BF1F not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
28.01.2013, 16:30
| #49 |
| /// Malware-holic | GVU Trojaner - Reatogo Hatte sich das mit dem Internet wieder geregelt? läuft jetzt alles?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner - Reatogo |
| desktop, doppel, fenster, folder, frage, gvu trojaner, gvu virus, icon, klick, otlpe, reatogo, reatogo-x-pe, registry, remote, system, troja, trojaner, virus, öffnet |
Linear-Darstellung
