| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Virus Computer wurde gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.01.2013, 15:53
| #1 |
 |  GVU Virus Computer wurde gesperrt Hallo, ich habe mich bereits im Forum umgeschaut und keine Lösung gefunden. Ich habe wie ich herrausgefunden habe den GVU trojaner mit webcam der mir sagt das 100 Euro per Paysafecard bezahlt werden sollen damit mein Computer wider entsperrt wird. Ich kann nicht im abgesicherten Modus starten weil dort genau das selbe passiert. Das bedeutet auch das ich keine möglichleit habe irgendwie verbindung zum Internet herzustellen. Ich wolte mal fragen ob ihr noch eine Lösung wisst. Mein PC besitzt Windows XP. Geändert von HandyChip (23.01.2013 um 16:21 Uhr) |
|
23.01.2013, 16:23
| #2 |
| /// TB-Ausbilder   | GVU Virus Computer wurde gesperrt Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld.  Funktioniert denn der "abgesicherte Modus mit Eingabeaufforderung" noch oder geht der auch nicht mehr?
__________________ |
|
23.01.2013, 16:29
| #3 |
| | GVU Virus Computer wurde gesperrt Vielen Dank, das du mir helfen möchtest. Der Modus mit Eingabeaufforderung funktioniert sodas ich das cmd.exe fenster auf dem bildschirm habe.
__________________Vielen Dank für deine Hilfe. Der Modus mit Eingabeaufforderung funktioniert sodas ich das cmd.exe fenster auf dem bildschirm habe. Vielen Dank für deine Hilfe. Der Modus mit Eingabeaufforderung funktioniert sodas ich das cmd.exe fenster auf dem bildschirm habe. Ich weis nicht wieso aber bei mir wird angezeigt das ich eine antwort 3 mal abgegeben habe fals dies bei euch auch so ist entschuldige ich mich dafür. Geändert von HandyChip (23.01.2013 um 17:01 Uhr) |
|
24.01.2013, 11:40
| #4 |
| /// TB-Ausbilder | GVU Virus Computer wurde gesperrt Hallo HandyChip und Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Suchen wir den Störenfried: Schritt 1 Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
24.01.2013, 16:20
| #5 |
| | GVU Virus Computer wurde gesperrt Ich habe noch 2 Fragen. 1. Soll an meinen Infizierten Pc dauerhaft verbindung zum Internet stehen oder soll ich das Internet Kabel rausziehen ? 2. Nachdem die OLT.txt und Extras.txt auf meinen USB-Stick sind soll ich den USB-Stick dann an meinen 2 sauberen Pc anschliesen und über den posten ? |
|
24.01.2013, 16:24
| #6 |
| /// TB-Ausbilder | GVU Virus Computer wurde gesperrt 1. Der infizierte PC braucht im Moment keine Internetverbindung. 2. Ja, genau wie du schreibst: Zuerst auf dem sauberen PC OTL herunterladen und auf den USB-Stick kopieren. Dann den Stick an den infizierten PC einstecken und den Scan durchführen. Und zum Schluss über den sauberen PC die beiden Logfiles, die dann auf dem USB-Stick erstellt worden sind, hier posten.
__________________ --> GVU Virus Computer wurde gesperrt |
|
24.01.2013, 16:51
| #7 |
| | GVU Virus Computer wurde gesperrt Sollen die beiden Datein OTL.txt und Extras.txt als anhang geschickt werden ? Oder wie schicke ich die richtig ? |
|
24.01.2013, 17:00
| #8 |
| /// TB-Ausbilder | GVU Virus Computer wurde gesperrt Das ist nicht so wichtig. Am liebsten ist es mir, wenn du sie innerhalb von code-Tags einfügst, also so: [code] Hier Inhalt des Logfiles einfügen. [/code] Aber Hauptsache ist, dass ich sie sehe, egal wie. 
__________________ cheers, Leo |
|
24.01.2013, 17:16
| #9 |
| | GVU Virus Computer wurde gesperrt OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.01.2013 16:36:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 92,45% Memory free 5,09 Gb Paging File | 5,04 Gb Available in Paging File | 99,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 361,33 Gb Total Space | 111,37 Gb Free Space | 30,82% Space Free | Partition Type: NTFS Drive D: | 104,06 Gb Total Space | 32,97 Gb Free Space | 31,68% Space Free | Partition Type: NTFS Drive F: | 680,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,97% Space Free | Partition Type: FAT32 Computer Name: ZOCKER | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.24 16:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2008.04.14 03:22:38 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.01.23 14:44:30 | 000,182,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Dokumente und Einstellungen\Lutz\1515765.dll -- (winmgmt) SRV - [2013.01.11 23:35:46 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\AeriaGames\TribesAscendDE\HiPatchService.exe -- (HiPatchService) SRV - [2013.01.09 19:41:02 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.16 18:37:24 | 005,124,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.12 19:50:16 | 004,539,712 | ---- | M] () [Auto | Stopped] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.07.29 15:41:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011.02.02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\NlsSrv32.exe -- (nlsX86cc) SRV - [2005.12.09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva401.sys -- (XDva401) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva399.sys -- (XDva399) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva396.sys -- (XDva396) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva389.sys -- (XDva389) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Lutz\LOKALE~1\Temp\dbustrcm.sys -- (dbustrcm) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.12.27 19:29:52 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2011.12.08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.12.08 05:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.10.24 17:39:54 | 000,042,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV - [2011.07.26 18:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010.11.01 05:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.03.18 10:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2009.11.23 16:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 16:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2007.11.14 16:14:02 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.09.19 14:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.01.12 11:16:32 | 000,113,152 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86) DRV - [2006.12.28 05:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2006.07.01 22:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005.12.09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv) DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon) DRV - [2005.12.09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap) DRV - [2005.12.06 04:28:38 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2005.12.06 04:28:33 | 001,103,488 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2005.12.06 04:26:54 | 002,010,240 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2005.12.06 04:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.05.17 13:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.05.16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2857d4dd0000000000000019666ed8c8&tlver=1.4.19.19&affID=17160 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Sony Online Entertainment\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2012.11.09 18:13:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff\ [2012.12.18 18:40:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.29 15:41:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.09 17:24:53 | 000,000,000 | ---D | M] [2012.03.18 11:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 10:07:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.29 15:41:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.15 14:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll [2012.07.18 23:18:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.04 23:20:05 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.07.18 23:18:05 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.18 23:18:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.18 23:18:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.23 13:09:22 | 000,002,497 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\SearchResults.xml [2011.12.14 22:36:19 | 000,002,515 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml [2012.07.18 23:18:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.18 23:18:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (The Wisdom-Soft Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (The Wisdom-Soft Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (The Wisdom-Soft Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Aeria Ignite] C:\Programme\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LCore] C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-448539723-436374069-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80861876-3763-4C22-AB33-E7CBFC79E0C6}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.15 21:18:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.08.16 21:25:01 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.24 16:32:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Eigene Dateien [2013.01.24 16:31:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Anwendungsdaten\Macromedia [2013.01.24 16:31:58 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Anwendungsdaten\Microsoft [2013.01.24 16:31:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\SendTo [2013.01.24 16:31:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Anwendungsdaten [2013.01.24 16:31:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Startmenü\Programme\Zubehör [2013.01.24 16:31:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Startmenü [2013.01.24 16:31:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Startmenü\Programme\Autostart [2013.01.24 16:31:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Cookies [2013.01.24 16:31:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Vorlagen [2013.01.24 16:31:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Recent [2013.01.24 16:31:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Netzwerkumgebung [2013.01.24 16:31:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Lokale Einstellungen [2013.01.24 16:31:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Druckumgebung [2013.01.24 16:31:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Lokale Einstellungen\Anwendungsdaten\Microsoft [2013.01.24 16:31:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Favoriten [2013.01.24 16:31:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Desktop [2013.01.19 14:18:34 | 000,000,000 | ---D | C] -- C:\Dump [2013.01.14 19:43:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AeriaGames [2013.01.14 19:43:27 | 000,000,000 | ---D | C] -- C:\Programme\Aeria Games [2013.01.13 20:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dragonica [2013.01.13 15:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TERA [2013.01.13 15:38:33 | 000,000,000 | ---D | C] -- C:\Programme\TERA [2013.01.11 21:54:41 | 000,000,000 | ---D | C] -- C:\e092f77f73bfc68cff [2013.01.05 04:54:13 | 000,000,000 | ---D | C] -- C:\Nexon [2013.01.02 18:04:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SEVENCORE [2013.01.01 20:57:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Gameforge Live [2013.01.01 20:57:05 | 000,000,000 | ---D | C] -- C:\Programme\GameforgeLive [2012.12.30 19:27:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\gPotato.eu [2010.06.02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.24 16:33:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.24 16:31:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.24 13:18:56 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.pad [2013.01.24 13:18:09 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job [2013.01.24 13:18:07 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.24 13:18:07 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.01.24 13:18:07 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job [2013.01.24 13:17:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2013.01.23 18:33:57 | 000,002,778 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.js [2013.01.23 15:27:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.23 14:44:51 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7816834.pad [2013.01.22 23:00:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.22 22:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.22 21:06:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-436374069-725345543-1003UA.job [2013.01.22 21:03:33 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.01.22 18:06:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-436374069-725345543-1003Core.job [2013.01.19 13:47:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.01.14 19:43:27 | 000,001,725 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Aeria Ignite.lnk [2013.01.13 20:55:21 | 000,000,647 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dragonica.lnk [2013.01.12 11:42:10 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.12 04:57:44 | 000,517,548 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.12 04:57:44 | 000,494,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.12 04:57:44 | 000,101,446 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.12 04:57:44 | 000,084,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.10 23:37:28 | 000,001,609 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AION Free-to-Play.lnk [2013.01.10 23:35:53 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Gameforge Live.lnk [2013.01.09 19:40:58 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 19:40:58 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.05 04:54:13 | 000,000,235 | ---- | M] () -- C:\WINDOWS\System32\nxEuUninstall.bat [2013.01.05 04:54:12 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe [2013.01.03 04:47:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.02 18:04:45 | 000,001,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SEVENCORE.lnk [2012.12.30 19:27:19 | 000,001,628 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.24 16:31:59 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Startmenü\Programme\Remoteunterstützung.lnk [2013.01.24 16:31:59 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.ZOCKER.003\Startmenü\Programme\Windows Media Player.lnk [2013.01.23 14:54:24 | 000,002,778 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.js [2013.01.23 14:44:31 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7816834.pad [2013.01.23 14:44:31 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.pad [2013.01.14 19:43:27 | 000,001,725 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Aeria Ignite.lnk [2013.01.13 20:55:21 | 000,000,647 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dragonica.lnk [2013.01.10 23:37:28 | 000,001,609 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AION Free-to-Play.lnk [2013.01.03 23:18:32 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job [2013.01.03 01:21:45 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013.01.02 18:04:45 | 000,001,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SEVENCORE.lnk [2013.01.01 20:57:11 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Gameforge Live.lnk [2012.12.30 19:27:18 | 000,001,628 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk [2012.08.22 15:15:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2012.08.08 19:30:08 | 000,282,296 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2012.07.30 11:41:34 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe [2012.07.24 01:03:03 | 000,000,040 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cmeepkzlndauaot [2012.01.25 20:04:10 | 001,912,710 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-448539723-436374069-725345543-1003-0.dat [2012.01.25 20:04:09 | 000,326,318 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.01.10 21:31:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011.12.28 14:03:25 | 000,126,453 | ---- | C] () -- C:\WINDOWS\System32\Snounin.exe [2011.12.26 11:42:34 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.12.20 22:30:50 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011.12.20 22:25:08 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2011.08.07 14:01:00 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat [2011.06.29 14:51:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.06.21 16:48:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2011.06.15 18:17:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011.06.03 00:05:11 | 000,057,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.05.22 15:11:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.05.22 15:06:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.02 13:27:37 | 000,000,151 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI [2011.04.03 13:01:53 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2011.01.31 19:39:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab [2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab [2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab [2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab [2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab [2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab [2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab [2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab [2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab [2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab [2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x64.cab [2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x86.cab [2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x86.cab [2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x64.cab [2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Programme\Jun2010_XACT_x64.cab [2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Programme\Jun2010_XACT_x86.cab [2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x86.cab [2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x64.cab [2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x86.cab [2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x64.cab [2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x86.cab [2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x64.cab [2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x86.cab [2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x64.cab [2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab [2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab [2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab [2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab [2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab [2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab [2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2010.06.02 05:22:02 | 001,801,048 | ---- | C] () -- C:\Programme\dsetup32.dll [2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2010.06.02 05:22:02 | 000,537,432 | ---- | C] () -- C:\Programme\DXSETUP.exe [2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2010.06.02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Programme\dxupdate.cab [2010.06.02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab [2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab [2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab [2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab [2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab [2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab [2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab [2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab [2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab [2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab [2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab [2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab [2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab [2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab [2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab ========== ZeroAccess Check ========== [2010.09.15 22:15:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 16:36:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 92,45% Memory free
5,09 Gb Paging File | 5,04 Gb Available in Paging File | 99,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 361,33 Gb Total Space | 111,37 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 104,06 Gb Total Space | 32,97 Gb Free Space | 31,68% Space Free | Partition Type: NTFS
Drive F: | 680,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
Computer Name: ZOCKER | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57102:TCP" = 57102:TCP:*:Enabled:Pando Media Booster
"57102:UDP" = 57102:UDP:*:Enabled:Pando Media Booster
"56230:TCP" = 56230:TCP:*:Enabled:Pando Media Booster
"56230:UDP" = 56230:UDP:*:Enabled:Pando Media Booster
"56815:TCP" = 56815:TCP:*:Enabled:Pando Media Booster
"56815:UDP" = 56815:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57102:TCP" = 57102:TCP:*:Enabled:Pando Media Booster
"57102:UDP" = 57102:UDP:*:Enabled:Pando Media Booster
"56230:TCP" = 56230:TCP:*:Enabled:Pando Media Booster
"56230:UDP" = 56230:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56815:TCP" = 56815:TCP:*:Enabled:Pando Media Booster
"56815:UDP" = 56815:UDP:*:Enabled:Pando Media Booster
"1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ7.7\ICQ.exe" = C:\Programme\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Downloads\YuLeech-Runes_of_Magic_3_0_8_2349_slim_eu.exe" = C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Downloads\YuLeech-Runes_of_Magic_3_0_8_2349_slim_eu.exe:*:Enabled:YuLeech
"C:\Programme\Runes of Magic\Runes of Magic.exe" = C:\Programme\Runes of Magic\Runes of Magic.exe:*:Enabled:Runes of Magic
"C:\Programme\Runes of Magic\unins000.exe" = C:\Programme\Runes of Magic\unins000.exe:*:Enabled:Runes of Magic entfernen
"C:\Programme\Runes of Magic\Client.exe" = C:\Programme\Runes of Magic\Client.exe:*:Enabled:Runes of Magic
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII
"C:\Programme\TrackMania United\TmUnited.exe" = C:\Programme\TrackMania United\TmUnited.exe:*:Enabled:TmUnited
"C:\Programme\TmUnitedForever\TmForever.exe" = C:\Programme\TmUnitedForever\TmForever.exe:*:Enabled:TmForever
"C:\Programme\Duty Calls\binaries\Win32\DutyCalls.exe" = C:\Programme\Duty Calls\binaries\Win32\DutyCalls.exe:*:Enabled:DutyCalls
"C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = C:\Programme\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\AeriaGames\WolfTeam-DE\Wolfteam.bin" = C:\AeriaGames\WolfTeam-DE\Wolfteam.bin:*:Enabled:WolfTeam
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Programme\Team17 Software Ltd\Worms Forts Under Siege\WF.exe" = C:\Programme\Team17 Software Ltd\Worms Forts Under Siege\WF.exe:*:Enabled:WF
"C:\Programme\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Programme\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient
"C:\Programme\Steam\SteamApps\common\global agenda live\Binaries\GlobalAgenda.exe" = C:\Programme\Steam\SteamApps\common\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client -- (HiRez Studios, Inc.)
"C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe" = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000
"C:\Programme\Electronic Arts\Command & Conquer 3 Kanes Rache\RetailExe\1.2\cnc3ep1.dat" = C:\Programme\Electronic Arts\Command & Conquer 3 Kanes Rache\RetailExe\1.2\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Kanes Rache -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Command & Conquer 3 Kanes Rache\CNC3EP1.exe" = C:\Programme\Electronic Arts\Command & Conquer 3 Kanes Rache\CNC3EP1.exe:*:Enabled:Command & Conquer™ 3 Kanes Rache spielen -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Sierra\EE-ZDE\EE-AOC.exe" = C:\Sierra\EE-ZDE\EE-AOC.exe:*:Enabled:EE-AOC
"C:\Programme\Steam\SteamApps\plasmaboy300\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\plasmaboy300\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Programme\Third Wave Games\War World - Tactical Combat 1.09\War World.exe" = C:\Programme\Third Wave Games\War World - Tactical Combat 1.09\War World.exe:*:Enabled:War World
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II
"C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Gameforge4D\AirRivals\Launcher.atm" = C:\Programme\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2 -- ()
"C:\Programme\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe" = C:\Programme\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- (Masang Soft)
"C:\Programme\Hotspot Shield\bin\openvpntray.exe" = C:\Programme\Hotspot Shield\bin\openvpntray.exe:*:Enabled:Hotspot Shield Launch
"C:\Programme\Origin\Origin.exe" = C:\Programme\Origin\Origin.exe:*:Enabled:Origin
"C:\Programme\Movie Maker\moviemk.exe" = C:\Programme\Movie Maker\moviemk.exe:*:Enabled:@C:\Programme\Movie Maker\1031\wmm2res.dll,-61446 -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\Electronic Arts\Dead Space\Dead Space.exe" = C:\Programme\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™
"C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Programme\ICQ7.7\ICQ.exe" = C:\Programme\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)
"C:\Programme\Steam\SteamApps\common\Mass Effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Programme\Steam\SteamApps\common\Mass Effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2
"C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Downloads\gunblade-dlm.exe" = C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Downloads\gunblade-dlm.exe:*:Enabled:Gunblade Saga DLM
"C:\Programme\Steam\SteamApps\common\apb reloaded\Binaries\APB.exe" = C:\Programme\Steam\SteamApps\common\apb reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe
"C:\Programme\Steam\SteamApps\common\apb reloaded\Binaries\VivoxVoiceService.exe" = C:\Programme\Steam\SteamApps\common\apb reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe
"C:\Programme\Steam\SteamApps\common\amd driver updater, xp, 32 bit\Setup.exe" = C:\Programme\Steam\SteamApps\common\amd driver updater, xp, 32 bit\Setup.exe:*:Enabled:AMD Driver Updater, XP, 32 bit
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Programme\Games-Masters.com\CABAL Online (Europe)\cabal.exe" = C:\Programme\Games-Masters.com\CABAL Online (Europe)\cabal.exe:*:Enabled:CABAL Online (Europe) -- (ESTsoft)
"C:\gPotato.eu\Allods Online\bin\Launcher.exe" = C:\gPotato.eu\Allods Online\bin\Launcher.exe:*:Enabled:Allods Launcher -- (© 2011 Allods Team, Mail.Ru Games)
"C:\Programme\Sony Online Entertainment\Installed Games\DC Universe Online Live\UNREAL3\BINARIES\WIN32\DCGAME.EXE" = C:\Programme\Sony Online Entertainment\Installed Games\DC Universe Online Live\UNREAL3\BINARIES\WIN32\DCGAME.EXE:*:Enabled:DC Universe Online Windows Client -- (Sony Online Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\AeriaGames\EdenEternal-DE\_Launcher.exe" = C:\AeriaGames\EdenEternal-DE\_Launcher.exe:*:Enabled:_Launcher.exe
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2
"C:\Programme\Steam\SteamApps\plasmaboy300\source sdk base 2007\hl2.exe" = C:\Programme\Steam\SteamApps\plasmaboy300\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007
"C:\Programme\Steam\SteamApps\common\dungeons and dragons online\dndclient.exe" = C:\Programme\Steam\SteamApps\common\dungeons and dragons online\dndclient.exe:*:Enabled:dndclient
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Programme\Steam\SteamApps\common\Crysis Wars\Bin32\Crysis.exe" = C:\Programme\Steam\SteamApps\common\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis Wars -- (Crytek GmbH)
"C:\Programme\Steam\SteamApps\common\Crysis Warhead\Bin32\Crysis.exe" = C:\Programme\Steam\SteamApps\common\Crysis Warhead\Bin32\Crysis.exe:*:Enabled:Crysis Warhead -- (Crytek GmbH)
"C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Programme\Alaplaya\LOCO\System\LOCO.exe" = C:\Programme\Alaplaya\LOCO\System\LOCO.exe:*:Enabled:LOCO
"C:\Programme\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe" = C:\Programme\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe:*:Enabled:Darksiders II -- ()
"C:\Programme\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DunDefGame.exe" = C:\Programme\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DunDefGame.exe:*:Disabled:DunDefGame -- (Trendy Entertainment LLC)
"C:\AeriaGames\TribesAscendDE\HiRezGames\tribes\Binaries\Win32\TribesAscend.exe" = C:\AeriaGames\TribesAscendDE\HiRezGames\tribes\Binaries\Win32\TribesAscend.exe:*:Enabled:TribesAscend -- (Hirez Studios, Inc.)
"C:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe" = C:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Multiplayer -- ()
"C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\gunblade-dlm.exe" = C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\gunblade-dlm.exe:*:Enabled:Gunblade Saga DLM
"C:\Programme\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe" = C:\Programme\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe:*:Enabled:Dungeon Defenders -- (Trendy Entertainment LLC)
"C:\gPotato.eu\SEVENCORE\SEVENCORE.exe.exe" = C:\gPotato.eu\SEVENCORE\SEVENCORE.exe.exe:*:Enabled:SEVENCORE Launcher
"C:\Programme\Steam\SteamApps\common\Global Agenda Live\Binaries\LauncherBin\HiRezLauncherUI.exe" = C:\Programme\Steam\SteamApps\common\Global Agenda Live\Binaries\LauncherBin\HiRezLauncherUI.exe:*:Enabled:Global Agenda -- (Hi-Rez Studios Inc.)
"C:\Programme\TERA\TERA-Launcher.exe" = C:\Programme\TERA\TERA-Launcher.exe:*:Enabled:TERA -- (Solid State Networks)
"C:\gPotato.eu\SEVENCORE\Launcher.exe" = C:\gPotato.eu\SEVENCORE\Launcher.exe:*:Enabled:SEVENCORE Launcher -- (NORIA Co., Ltd.)
"C:\gPotato.eu\SEVENCORE\SEVENCORE.exe" = C:\gPotato.eu\SEVENCORE\SEVENCORE.exe:*:Enabled:SEVENCORE -- (NORIA Co., Ltd.)
"C:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = C:\Programme\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"c:\BrickForce\BfLauncher.exe" = c:\BrickForce\BfLauncher.exe:*:Enabled:BFLauncher -- ()
"c:\BrickForce\BrickForce.exe" = c:\BrickForce\BrickForce.exe:*:Enabled:BrickForce -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020519DC-C377-87A4-4FFA-2C04CAB6F06A}" = CCC Help Turkish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04FC6E53-33A5-B457-8EBD-370884B81E83}" = Catalyst Control Center Localization Norwegian
"{05204005-CEF4-AED1-6D55-19999BDDF5D9}" = Catalyst Control Center Localization All
"{053BE69E-4EFE-3621-3613-30080CD26070}" = Catalyst Control Center Graphics Previews Common
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BD8FCF6-9FA0-8CCA-7CC3-4A3A3663EF26}" = ccc-utility
"{0CB61B75-A2BF-42FB-1441-4E1E0E478FFF}" = CCC Help French
"{0D0913E6-8809-DC22-4771-6E4A0C69C1D9}" = Catalyst Control Center Localization French
"{0EACF2A3-B998-5B20-B9D1-E69385584142}" = CCC Help Hungarian
"{0FC28F52-5BE9-B6A6-0E47-040F04A9AE3F}" = CCC Help Danish
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12270803-2287-60C7-F010-73A35969FA9D}" = ccc-utility
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{1402D7D3-548E-C8D9-1B56-94DF70CA52DB}" = CCC Help French
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{155BD1DE-E53B-1F1A-A6CC-08EF3A2684E9}" = CCC Help Chinese Standard
"{1592B9A6-E23D-4B57-9D3D-BB98F1EF55F6}" = SEVENCORE
"{1605416F-1546-EB43-4000-F64170D3DE25}" = Catalyst Control Center Graphics Full New
"{1705D880-A64E-96B8-1623-446CB4243BCC}" = CCC Help Portuguese
"{17B6DDE9-2E5F-1E6A-5376-EBEA92523C1F}" = CCC Help Chinese Traditional
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{190601AF-7BE4-046E-CEBF-14EE74434250}" = AMD Catalyst Install Manager
"{197B13CD-0597-C06D-9E06-3732E7A5459B}" = Catalyst Control Center Localization Spanish
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D892DE7-FA53-6CCB-A755-FFC8CDD58CCB}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{248C0F3C-D1E8-3169-6711-00F34C307F7A}" = CCC Help Swedish
"{24990A39-5F20-4FCA-BAFE-EEF1E4800709}" = Catalyst Control Center - Branding
"{25FB0FCE-0B93-976A-C0A5-3ADE26A5DC95}" = Catalyst Control Center Localization Greek
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27AB4200-EAAF-CB24-D5B4-40B761E573D3}" = CCC Help Polish
"{2A2A9154-534C-8430-5C8C-F197D51E3647}" = CCC Help Polish
"{2B07D8A3-0BE7-B8BC-E295-040333F74CB4}" = Catalyst Control Center Localization Polish
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{346BA3F6-660A-81A1-D8FA-659465AF5F16}" = ccc-core-preinstall
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357DD2C5-542F-BCD1-E74E-5993A233F3CA}" = CCC Help Dutch
"{39B8EE1D-82D5-4DF0-A619-2C84844254D1}_is1" = MCSkin3D version 1.4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3DE8E48A-E70F-6E27-383D-4685A622A0DF}" = CCC Help Japanese
"{3E2D47BE-3896-CD6A-5333-634E8F4E1D09}" = CCC Help Chinese Traditional
"{3EDF7996-B5DD-7217-329E-E51EA50B8B08}" = Catalyst Control Center Localization Korean
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F533CDF-4EB7-942C-83C7-DA703DBF0D3A}" = Catalyst Control Center Graphics Light
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40CD278E-33C2-6916-EFA6-DCBF7709060A}" = CCC Help English
"{40F6E633-21A9-6997-CF86-B47ED7B246EF}" = CCC Help Italian
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1" = Dragonica Version TEST
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8E654C-8B9C-1A3E-651D-214E9019A8C6}" = Catalyst Control Center Localization Portuguese
"{4FC31A14-3D58-4F8F-85DA-EB3EBC771252}" = Catalyst Control Center - Branding
"{51D29783-1876-9A77-3CE2-018F09FB8876}" = CCC Help Russian
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{52B76707-AD64-B360-F331-7D7716A2EF4E}" = CCC Help Spanish
"{53F042B0-48F9-D28E-41BA-8AEB7144A664}" = Catalyst Control Center Localization Japanese
"{5454085C-129F-416C-9C0B-8B1000048301}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000048302}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000058302}" = BioShock 2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B9C7C4F-A1CB-11E0-9E40-0013D3D69929}" = Vegas Pro 10.0
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5E541DAB-6F2C-62F1-3212-F421792E9409}" = CCC Help Korean
"{6141BE08-A14D-2E76-1C9B-C9B724E93F8F}" = CCC Help Czech
"{626D1263-11EB-8469-BDCD-F44464AFAB42}" = Catalyst Control Center Core Implementation
"{66A6BF87-5B94-4EA9-A8F8-C1DB619407D3}" = MySpeed Plug-In Beta v2.11
"{6A322AF6-94C0-C303-548F-EFBC0EE3FAC6}" = Catalyst Control Center Localization Dutch
"{6BF91072-94EE-9E98-3B0B-C1A77656CA88}" = CCC Help Swedish
"{70969B6E-F12C-A3C9-EBAC-BD9C0F3F6E44}" = CCC Help Korean
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{71CD0D37-EF43-438F-7AE6-D49DE09C7B55}" = Catalyst Control Center Localization Danish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353B605-741D-C35E-7334-468FE2A4E9CB}" = Skins
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79AA6806-69E1-7A15-9B8A-C3E36065B1FE}" = CCC Help Greek
"{7B0450BA-BD15-C54A-C9EA-3E4C68722101}" = CCC Help English
"{7BCCA0F5-4A74-2352-CFE6-04DABA6D5D28}" = Catalyst Control Center Graphics Full Existing
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A0FED6-9A2A-3BDE-FBB9-B44DBB9EC9F1}" = Catalyst Control Center Localization Turkish
"{87A90A22-0F2C-EE18-9333-E8F6DC71256C}" = Skins
"{8921E7CF-F47B-781E-E7AA-653E2AB2FD5B}" = Catalyst Control Center Graphics Previews Common
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98125266-1C84-5858-07AD-07983DFFAA60}" = Catalyst Control Center Localization Russian
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{98C2D59E-7B49-30F8-3A15-6A8428AFA3B9}" = Catalyst Control Center Localization Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F24C5-03E3-4DAA-B935-E7C971003F0E}" = Aeria Ignite
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9F011792-C1AD-6D49-7418-703D17F710CC}" = CCC Help Turkish
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2DB9340-8ECB-A16D-7AEC-8A0D72217A09}" = CCC Help German
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = RaiderZ
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9106BA5-3F1E-3528-93A7-2761CA0BFAD8}" = ccc-utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB8CAAA2-39EC-A896-8388-21F7C92BF91D}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B193E6AB-0FEE-664B-7458-63575F668F56}" = CCC Help Danish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7CE4105-2F9F-1FC4-9D76-E26CEBF689B9}" = CCC Help Norwegian
"{B9A46A4E-374E-5329-B26C-24A745AA7762}" = Catalyst Control Center Localization Finnish
"{BAAB1EE0-3A14-4137-95D4-8ED2149804DC}" = Worms 3D Patch
"{BC2B6E0B-6932-FCFD-4DA2-2AB184B87320}" = CCC Help Italian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C123A6B5-8243-75C7-5CAD-A7E06C051D38}" = CCC Help German
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam-Software
"{C205EF8A-AC71-1A3C-DFCC-C2AC36D8A7B4}" = Catalyst Control Center Localization Swedish
"{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E45C84-9BFE-1121-00CD-9F0CC9B75BD3}" = CCC Help Thai
"{CAB81583-0310-43E1-8E33-0864985EDD67}" = trakAxPC
"{CABB5874-1452-637A-110B-883189586282}" = Catalyst Control Center Localization Hungarian
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy
"{CDD165A8-6D7F-3FE3-09BD-03052685294D}" = CCC Help Hungarian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0A32C98-F715-6A4B-688D-275AA1393ED8}" = CCC Help Greek
"{D1A3418D-0275-1516-6622-AF377B272CA0}" = CCC Help Dutch
"{D1AD3651-EE2F-5221-D595-36A2ED3D5E75}" = Catalyst Control Center Localization Italian
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D380A631-0EFD-8325-D2DD-774A7ADDB628}" = ccc-core-static
"{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English
"{D5679765-FADA-54E8-774E-748294020B96}" = CCC Help Russian
"{D7739941-59D4-F971-A68B-0318CFBE02D6}" = ccc-utility
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E10761C7-F0F0-BC29-51E5-6F4886D5E72A}" = Catalyst Control Center Localization Chinese Standard
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E306DBFD-E7A1-F65F-D652-99FEDE639AF9}" = Catalyst Control Center Localization German
"{EE086612-CE52-3402-18D5-DDFEE2F87CE8}" = CCC Help Finnish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0BC7117-A5C8-D34E-72DE-D17E2B7BA2E5}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2320CBF-B5A5-78A9-1E8E-D48DAF1E022D}" = CCC Help Thai
"{F31A1CA0-6F8B-F897-C8CA-7C64616582A0}" = CCC Help Spanish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F45B51DC-F6EA-0335-44B3-92395CEB782B}" = Catalyst Control Center Localization Thai
"{F5489F73-F631-6CEE-72ED-3B9E0C312F96}" = CCC Help Japanese
"{F55671E5-16AB-4A09-14C0-F53921535C25}" = Catalyst Control Center Localization Czech
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common
"{FB7EBC2F-D27E-A906-28BF-58FE48F4F1D8}" = CCC Help Chinese Standard
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FEE777F9-EE4E-4504-8CCC-528270A4992A}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.11.2111" = Aeria Ignite
"AirRivals_is1" = AirRivals
"Akamai" = Akamai NetSession Interface
"Ask Toolbar_is1" = The Wisdom-Soft Toolbar
"AstrumNival Allods" = Allods Online 3.0.05.36
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BrickForce" = BrickForce 1.9.87
"Brutal Chess" = Brutal Chess
"CABAL Online (Europe)_is1" = CABAL Online Europe (Europe)
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Fiesta Online DE" = Fiesta Online DE 1.04.053
"Fireworks Free Screensaver" = Fireworks Free Screensaver (remove only)
"FlashSaver_Feuerwerksbildschirmschoner(1)" = Feuerwerksbildschirmschoner(1)
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.0.8
"Free Video Converter_is1" = Free Video Converter V 3.0
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.7.718
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.5.722
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.23.1123
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"GrandFantasia-DE" = GrandFantasia-DE
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InterActual Player" = InterActual Player
"loadtbs-2.1" = loadtbs-2.1
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManyCam" = ManyCam 2.6.43 (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"NSchach3a_is1" = N Schach 3
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"PicPick" = PicPick
"Pivot 3.2 Beta Deutsch" = Pivot 3.2 Beta Deutsch
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-Treiber
"Real Desktop Professional_is1" = Real Desktop 1.68 Professional
"Scott's Wallpaper Switcher_is1" = Scott's Wallpaper Switcher v 1.7
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"SilkroadR" = SilkroadR
"SMPlayer" = SMPlayer 0.8.0
"Snoqualmie" = Snoqualmie 1.0
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 17020" = Global Agenda
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 218" = Source SDK Base 2007
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 50650" = Darksiders II
"Steam App 550" = Left 4 Dead 2
"Steam App 65800" = Dungeon Defenders
"T4EPlayer" = T4E Player
"T4EPlayer_Skins" = T4E Player Skins
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Tribes Ascend DE" = Tribes Ascend DE
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.4
"WarOfAngels" = War of Angels
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Searchqu Toolbar" = Windows Searchqu Toolbar
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2013 16:50:08 | Computer Name = ZOCKER | Source = MsiInstaller | ID = 1013
Description = Produkt: NVIDIA PhysX -- Installation terminated
Error - 11.01.2013 16:55:47 | Computer Name = ZOCKER | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 -- Fehler 2004.
Method SHGetFolderPath failed. HRESULT: 0x80004005.
Error - 11.01.2013 16:55:47 | Computer Name = ZOCKER | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 -- Fehler 2004.
Method GetFontCacheDataFolder failed. HRESULT: 0x80004005.
Error - 12.01.2013 06:45:01 | Computer Name = ZOCKER | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 16.01.2013 08:14:46 | Computer Name = ZOCKER | Source = MsiInstaller | ID = 11609
Description =
Error - 16.01.2013 08:20:17 | Computer Name = ZOCKER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 17.01.2013 11:18:04 | Computer Name = ZOCKER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 23.01.2013 09:41:56 | Computer Name = ZOCKER | Source = MsiInstaller | ID = 11609
Description =
Error - 23.01.2013 10:14:59 | Computer Name = ZOCKER | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
Error - 24.01.2013 08:18:37 | Computer Name = ZOCKER | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 24.01.2013 11:36:05 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:36:35 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:37:05 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:37:35 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:38:05 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:38:35 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:39:05 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:39:35 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:40:05 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.01.2013 11:40:35 | Computer Name = ZOCKER | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
|
|
25.01.2013, 09:15
| #10 |
| /// TB-Ausbilder | GVU Virus Computer wurde gesperrt Hallo, ok, dann versuchen wir das Ding loszuwerden: Schritt 1 Erstelle zuerst auf einem Zweitrechner das Fixskript:
Folgende Schritte nur ausführen, wenn du wieder in den normalen Modus booten kannst. Ansonsten hier abbrechen und melden: Schritt 2
Schritt 3 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 4 Verschiebe bitte OTL.exe vom USB-Stick auf den Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
25.01.2013, 14:42
| #11 |
| | GVU Virus Computer wurde gesperrt Eine Frage Während der Scan von Schritt 2 läuft der von GMER kam die nachricht von Avast! mein Viren Programm was ich aber bereits vor dem scan ausgeschaltet habe : Rootkit gefunden ich werden ein Bild in dieser Frage hochladen. Was soll ich nun tun mit der Nachricht von Avast! ? |
|
25.01.2013, 14:58
| #12 |
| /// TB-Ausbilder | GVU Virus Computer wurde gesperrt Dann war das Antivirenprogramm aber nicht so richtig ausgeschaltet.. Ignorier das und mach dann weiter.
__________________ cheers, Leo Geändert von aharonov (25.01.2013 um 15:10 Uhr) |
|
25.01.2013, 21:04
| #13 |
| | GVU Virus Computer wurde gesperrtCode:
ATTFilter All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7816834.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.js moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cmeepkzlndauaot moved successfully.
ADS C:\WINDOWS:nlsPreferences deleted successfully.
Service dbustrcm stopped successfully!
Service dbustrcm deleted successfully!
File C:\DOKUME~1\Lutz\LOKALE~1\Temp\dbustrcm.sys not found.
========== FILES ==========
C:\Dokumente und Einstellungen\Lutz\1515765.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Administrator.ZOCKER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70726 bytes
->Flash cache emptied: 56466 bytes
User: Administrator.ZOCKER.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70726 bytes
->Flash cache emptied: 56466 bytes
User: Administrator.ZOCKER.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1299206 bytes
->Flash cache emptied: 56958 bytes
User: Administrator.ZOCKER.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70726 bytes
->Flash cache emptied: 56466 bytes
User: Administrator.ZOCKER.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Administrator.ZOCKER.004
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Lutz
->Temp folder emptied: 282277389 bytes
->Temporary Internet Files folder emptied: 14356365 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81460431 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 61704811 bytes
->Flash cache emptied: 83196 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1810056 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2660906 bytes
%systemroot%\System32 .tmp files removed: 4848007 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15643648 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 445,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01252013_140639
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-25 19:40:54
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port2Path0Target0Lun0 ATI_____ rev.1.10 0,00MB
Running: 5hc46l84.exe; Driver: C:\DOKUME~1\Lutz\LOKALE~1\Temp\uftdypoc.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA76BD4BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA7774C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA76BDED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA76FF811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA76C8FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA76C8FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA76C9176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA76FF1C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA76C8F16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA76C9038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA76C8F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA76BE11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA76C9130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA76BE93E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA76BD508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA76FFED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA770018D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA76C21C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA76FFD42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA76FFBAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA7774CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA76BD170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA76BD556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA76C2534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA76BF3A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA76C8FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA76C9016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA76C919A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA76FF521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA76C8F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA76C1C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA76C90BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA76C8F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA76C1F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA76C9154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA7774E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA76FFA28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA76BF272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA76FF87A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA76BEDD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA77817D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA76FE838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA76BD5A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA76BD5F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA76BE7BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA76BD1FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA76BD3AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA76FFFDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA76BD350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA76BEAF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA76BEC54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA76BD41A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA76BE4D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA76BE636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA777341C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA76BD640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA76BDF1A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA778DE56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CC1 805045B9 3 Bytes JMP BCDEED29
.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CA7774C
.text ntkrnlpa.exe!ZwCallbackReturn + 2F0C 80504804 4 Bytes CALL CB86EF78
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, D5, 6B, A7, F2, D5, 6B, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes JMP EC54A76B
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A76BFA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A778ACF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A778C810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A778DE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF2FBD000, 0x2C28EE, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A76C3B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A76C3A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A76C39F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP A76C30A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP A76C27C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP A76C3CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP A76C3EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP A76C38FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP A76C2688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP A76C316A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP A76C2C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP A76C2EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP A76C2670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP A76C3A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 5 Bytes JMP A76C2CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 5 Bytes JMP A76C2E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E66 5 Bytes JMP A76C3182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF894410 5 Bytes JMP A76C3BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EE8 5 Bytes JMP A76C3E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C29E 5 Bytes JMP A76C3090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D833 5 Bytes JMP A76C2834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A977 BF8C1CCC 3 Bytes JMP A76C2944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A97B BF8C1CD0 1 Byte [E7]
.text win32k.sys!EngFillPath + 1517 BF8CA15D 5 Bytes JMP A76C2A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP A76C2B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 5 Bytes JMP A76C256A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 5 Bytes JMP A76C30C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP A76C2760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914FD5 5 Bytes JMP A76C28F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP A76C2FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP A76C3D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 2.0 ----
.text C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe[312] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[356] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[356] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[420] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[420] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Aeria Games\Ignite\aeriaignite.exe[588] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Aeria Games\Ignite\aeriaignite.exe[588] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe[716] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[888] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[1620] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE[1656] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE[1656] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1752] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1768] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[1780] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[1792] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[1792] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe[1960] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe[1992] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\avastUI.exe[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\avastUI.exe[2044] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[2076] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2108] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ICQ6Toolbar\ICQ Service.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1004D1C0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtCreateKey 7C91D0EE 5 Bytes JMP 1004D030 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtDeleteKey 7C91D24E 5 Bytes JMP 1004D230 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtDeleteValueKey 7C91D26E 2 Bytes JMP 1004D2A0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtDeleteValueKey + 3 7C91D271 2 Bytes [73, 93] {JAE 0xffffff95}
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 1004D0C0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtQueryValueKey 7C91D96E 5 Bytes JMP 1004CF30 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!NtSetValueKey 7C91DDCE 5 Bytes JMP 1004CFB0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00D67530 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00D67550 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!RegSetValueExW 77DAD767 7 Bytes JMP 03A11CC0 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!RegSetValueExA 77DAEAE7 7 Bytes JMP 03A11C00 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!RegSetValueA 77DCC79E 5 Bytes JMP 03A11A80 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!RegSetValueW 77E06116 5 Bytes JMP 03A11B40 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00FB1014
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00FB0804
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00FB0A08
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00FB0C0C
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00FB0E10
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00FB01F8
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00FB03FC
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00FB0600
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 00D6F990 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 03A11E90 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 03A121F0 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D71580 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 00D6F970 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB24 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00F10A08
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00F10600
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00F101F8
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00F103FC
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136725F C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367191 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 03A12100 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 03A12010 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 03A12370 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41367062 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413670C4 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413672C2 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 03A11170 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41367126 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 03A12450 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 03A112D0 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2376] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 00D67650 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\WINDOWS\System32\svchost.exe[2404] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2404] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Dokumente und Einstellungen\Lutz\Desktop\5hc46l84.exe[2432] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Lutz\Desktop\5hc46l84.exe[2432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2616] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2616] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\NlsSrv32.exe[2884] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\NlsSrv32.exe[2884] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3112] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[3120] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[3120] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[3164] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Bonjour\mDNSResponder.exe[3164] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3180] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3412] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3412] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE[3436] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[3612] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[3612] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\AeriaGames\TribesAscendDE\HiPatchService.exe[3696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\AeriaGames\TribesAscendDE\HiPatchService.exe[3696] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3820] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3820] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3872] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe[3872] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtClose 7C91CFEE 5 Bytes JMP 1004D1C0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtCreateKey 7C91D0EE 5 Bytes JMP 1004D030 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtDeleteKey 7C91D24E 5 Bytes JMP 1004D230 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtDeleteValueKey 7C91D26E 2 Bytes JMP 1004D2A0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtDeleteValueKey + 3 7C91D271 2 Bytes [73, 93] {JAE 0xffffff95}
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 1004D0C0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtQueryValueKey 7C91D96E 5 Bytes JMP 1004CF30 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!NtSetValueKey 7C91DDCE 5 Bytes JMP 1004CFB0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00E07530 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00E07550 C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (IEHelper/Bandoo Media, inc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!RegSetValueExW 77DAD767 7 Bytes JMP 07A11CC0 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!RegSetValueExA 77DAEAE7 7 Bytes JMP 07A11C00 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!RegSetValueA 77DCC79E 5 Bytes JMP 07A11A80 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!RegSetValueW 77E06116 5 Bytes JMP 07A11B40 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00F81014
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00F80804
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00F80A08
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00F80C0C
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00F80E10
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00F801F8
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00F803FC
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00F80600
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 07A11E90 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 07A121F0 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AB5 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D12D C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB24 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01710600
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 017101F8
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 017103FC
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136725F C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367191 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 07A12100 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 07A12010 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 07A12370 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41367062 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413670C4 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413672C2 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 07A11170 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41367126 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 07A12450 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 07A112D0 C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\softonic-de3\tbsof0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 4126DB80 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4036] ole32.dll!OleLoadFromStream 774F983B 5 Bytes JMP 413675C7 C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation)
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 2.0 ----
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\1.png 530 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\10.png 523 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\100.png 404 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\101.png 546 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\102.png 0 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\103.png 1110 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\104.png 491 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\105.png 623 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\106.png 661 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\107.png 724 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\108.png 848 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\109.png 724 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\11.png 396 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\110.png 1103 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\111.png 741 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\112.png 1056 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\113.png 587 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\114.png 627 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\115.png 1099 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\116.png 422 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\118.png 708 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\119.png 932 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\12.png 908 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\120.png 614 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\121.png 866 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\122.png 844 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\123.png 942 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\124.png 849 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\125.png 908 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\126.png 1049 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\127.png 939 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\128.png 954 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\129.png 773 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\13.png 460 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\130.png 1461 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\131.png 814 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\132.png 323 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\133.png 550 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\134.png 0 bytes
File C:\Programme\Pokemon World Online\Skins\Default\Images\Monsters\BigS\135.png 0 bytes
---- EOF - GMER 2.0 ----
|
|
25.01.2013, 21:05
| #14 |
| | GVU Virus Computer wurde gesperrtCode:
ATTFilter # AdwCleaner v2.108 - Datei am 25/01/2013 um 20:06:25 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Lutz - ZOCKER
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Lutz\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : ICQ Service
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Programme\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\BabylonToolbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\loadtbs
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\PriceGong
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\searchquband
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Searchqutoolbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Software
Ordner Gelöscht : C:\Programme\AskBarDis
Ordner Gelöscht : C:\Programme\ICQ6Toolbar
Ordner Gelöscht : C:\Programme\softonic-de3
Ordner Gelöscht : C:\Programme\Windows Searchqu Toolbar
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskBarDis
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF323AAC-F437-44E9-BA6C-080029B05CF3}
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\softonic-de3
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\Software\AskBarDis
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B739CA90-6925-4C5C-9444-7AA03F57797F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FF323AAC-F437-44E9-BA6C-080029B05CF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47001E9C-7B0F-42E7-B487-6C9461204F17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FAC898D-9D1C-400C-8067-023BD2D4063A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\softonic-de3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF323AAC-F437-44E9-BA6C-080029B05CF3}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 0 MediaBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\softonic-de3
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=2857d4dd0000000000000019666ed8c8 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2857d4dd0000000000000019666ed8c8&tlver=1.4.19.19&affID=17160 --> hxxp://www.google.com
-\\ Opera v12.12.1707.0
Datei : C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [17858 octets] - [25/01/2013 20:06:25]
########## EOF - C:\AdwCleaner[S1].txt - [17919 octets] ##########
Code:
ATTFilter OTL logfile created on: 25.01.2013 20:11:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Lutz\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 81,77% Memory free 5,09 Gb Paging File | 4,68 Gb Available in Paging File | 92,02% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 361,33 Gb Total Space | 112,03 Gb Free Space | 31,00% Space Free | Partition Type: NTFS Drive D: | 104,06 Gb Total Space | 32,97 Gb Free Space | 31,68% Space Free | Partition Type: NTFS Drive F: | 680,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 3,73 Gb Total Space | 3,55 Gb Free Space | 95,21% Space Free | Partition Type: FAT32 Computer Name: ZOCKER | User Name: Lutz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.24 16:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe PRC - [2013.01.11 23:35:46 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- C:\AeriaGames\TribesAscendDE\HiPatchService.exe PRC - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.12.03 08:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.08.03 09:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010.08.03 09:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010.08.03 08:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NlsSrv32.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.12.09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe PRC - [2005.12.09 15:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2013.01.25 08:15:48 | 002,048,512 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\defs\13012500\algo.dll MOD - [2013.01.12 21:47:20 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll MOD - [2013.01.12 11:56:31 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll MOD - [2013.01.12 11:56:28 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013.01.12 11:56:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013.01.12 11:48:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.12 11:46:51 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.12 11:46:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.24 14:10:30 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.09.24 14:10:29 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2011.09.24 14:10:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\DOKUME~1\Lutz\1515765.dll -- (winmgmt) SRV - [2013.01.11 23:35:46 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\AeriaGames\TribesAscendDE\HiPatchService.exe -- (HiPatchService) SRV - [2013.01.09 19:41:02 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.16 18:37:24 | 005,124,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.12 19:50:16 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.07.29 15:41:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.02.02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NlsSrv32.exe -- (nlsX86cc) SRV - [2005.12.09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva401.sys -- (XDva401) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva399.sys -- (XDva399) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva396.sys -- (XDva396) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva389.sys -- (XDva389) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.12.27 19:29:52 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2011.12.08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.12.08 05:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.10.24 17:39:54 | 000,042,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV - [2011.07.26 18:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010.11.01 05:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.03.18 10:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2009.11.23 16:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 16:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2007.11.14 16:14:02 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.09.19 14:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.01.12 11:16:32 | 000,113,152 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86) DRV - [2006.12.28 05:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2006.07.01 22:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005.12.09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv) DRV - [2005.12.09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon) DRV - [2005.12.09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap) DRV - [2005.12.06 04:28:38 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2005.12.06 04:28:33 | 001,103,488 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2005.12.06 04:26:54 | 002,010,240 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2005.12.06 04:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.05.17 13:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.05.16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.127.0 FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.23.0.5 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Sony Online Entertainment\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2012.11.09 18:13:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff\ [2012.12.18 18:40:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.29 15:41:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.09 17:24:53 | 000,000,000 | ---D | M] [2011.12.14 22:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Extensions [2012.12.18 18:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions [2011.04.07 18:30:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.14 22:36:30 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.05.02 13:26:25 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011.11.13 19:55:52 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\battlefieldheroespatcher@ea.com [2011.08.09 14:35:50 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\DeviceDetection@logitech.com [2011.04.07 18:30:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\engine@conduit.com [2011.05.06 21:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\nostmp [2012.04.04 17:12:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\software@loadtubes.com [2011.11.07 12:09:54 | 000,000,931 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\searchplugins\conduit.xml [2013.01.20 17:05:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\searchplugins\icqplugin-1.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\searchplugins\icqplugin.xml [2011.07.23 13:09:22 | 000,002,497 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\searchplugins\SearchResults.xml [2011.12.14 22:36:19 | 000,002,515 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\searchplugins\Search_Results.xml [2012.03.18 11:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 10:07:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.29 15:41:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.15 14:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll [2012.07.18 23:18:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.18 23:18:05 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.18 23:18:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.18 23:18:05 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.18 23:18:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.18 23:18:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: LoadTubes Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Aeria Ignite] C:\Programme\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LCore] C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80861876-3763-4C22-AB33-E7CBFC79E0C6}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Eigene Bilder\skrillex_hd_wallpaper_by_deathbatacclaim-d4yazyr.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Eigene Bilder\skrillex_hd_wallpaper_by_deathbatacclaim-d4yazyr.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.15 21:18:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.08.16 21:25:01 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0739fe51-5de5-11e0-9108-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{0739fe51-5de5-11e0-9108-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0739fe51-5de5-11e0-9108-806d6172696f}\Shell\AutoRun\command - "" = F:\LaunchRC.exe -- [2004.12.10 22:37:26 | 000,593,920 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.25 20:10:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe [2013.01.19 14:18:34 | 000,000,000 | ---D | C] -- C:\Dump [2013.01.14 19:43:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AeriaGames [2013.01.14 19:43:27 | 000,000,000 | ---D | C] -- C:\Programme\Aeria Games [2013.01.13 20:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dragonica [2013.01.13 15:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TERA [2013.01.13 15:38:33 | 000,000,000 | ---D | C] -- C:\Programme\TERA [2013.01.11 21:54:41 | 000,000,000 | ---D | C] -- C:\e092f77f73bfc68cff [2013.01.10 23:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Gameforge Live [2013.01.05 05:33:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Raiderz [2013.01.05 04:54:13 | 000,000,000 | ---D | C] -- C:\Nexon [2013.01.02 19:16:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\CrashRpt [2013.01.02 18:04:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SEVENCORE [2013.01.02 17:46:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Lutz\Recent [2013.01.02 13:42:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mail.Ru Games GmbH [2013.01.01 20:57:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Gameforge4d [2013.01.01 20:57:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Gameforge Live [2013.01.01 20:57:05 | 000,000,000 | ---D | C] -- C:\Programme\GameforgeLive [2012.12.30 19:27:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\gPotato.eu [2010.06.02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll ========== Files - Modified Within 30 Days ========== [2013.01.25 20:09:54 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job [2013.01.25 20:09:09 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.01.25 20:07:59 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job [2013.01.25 20:07:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.25 20:07:54 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.25 20:07:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.25 20:07:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2013.01.25 20:04:33 | 000,578,255 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\adwcleaner.exe [2013.01.25 20:00:30 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.25 19:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.25 19:31:30 | 000,000,646 | ---- | M] () -- C:\WINDOWS\System32\runctf.lnk [2013.01.25 18:06:56 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-436374069-725345543-1003UA.job [2013.01.25 18:06:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-436374069-725345543-1003Core.job [2013.01.25 14:21:55 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.pad [2013.01.25 14:17:53 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\5hc46l84.exe [2013.01.24 16:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe [2013.01.23 15:27:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.23 14:44:33 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\Autostart\runctf.lnk [2013.01.22 21:03:33 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.01.19 13:47:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.01.14 22:42:51 | 000,012,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unbenannt 1.odt [2013.01.14 19:45:14 | 000,001,649 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\GrandFantasia-DE.lnk [2013.01.14 19:43:27 | 000,001,725 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Aeria Ignite.lnk [2013.01.13 22:13:13 | 000,191,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\ModLoader-1.4.7.zip [2013.01.13 22:12:58 | 000,096,469 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\TooManyItems-1.4.7.zip [2013.01.13 20:55:21 | 000,000,647 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dragonica.lnk [2013.01.13 15:38:37 | 000,001,485 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\TERA.lnk [2013.01.12 13:47:22 | 000,155,810 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\IMAG0742.jpg [2013.01.12 11:42:10 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.12 04:57:44 | 000,517,548 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.12 04:57:44 | 000,494,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.12 04:57:44 | 000,101,446 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.12 04:57:44 | 000,084,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.11 21:13:04 | 000,000,211 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Global Agenda.url [2013.01.10 23:37:28 | 000,001,609 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AION Free-to-Play.lnk [2013.01.10 23:35:53 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Gameforge Live.lnk [2013.01.05 04:54:13 | 000,000,235 | ---- | M] () -- C:\WINDOWS\System32\nxEuUninstall.bat [2013.01.05 04:54:12 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe [2013.01.05 01:08:32 | 000,192,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.03 13:34:55 | 000,000,350 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Filme.lnk [2013.01.03 04:47:03 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.03 02:26:04 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\.recently-used.xbel [2013.01.02 18:04:45 | 000,001,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SEVENCORE.lnk [2012.12.30 19:27:19 | 000,001,628 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk ========== Files Created - No Company Name ========== [2013.01.25 20:04:33 | 000,578,255 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\adwcleaner.exe [2013.01.25 19:31:30 | 000,000,646 | ---- | C] () -- C:\WINDOWS\System32\runctf.lnk [2013.01.25 14:17:53 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\5hc46l84.exe [2013.01.25 14:09:42 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.pad [2013.01.23 14:44:33 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\Autostart\runctf.lnk [2013.01.23 14:44:29 | 000,182,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\4386187.dll [2013.01.14 22:42:51 | 000,012,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unbenannt 1.odt [2013.01.14 19:45:14 | 000,001,649 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\GrandFantasia-DE.lnk [2013.01.14 19:43:27 | 000,001,725 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Aeria Ignite.lnk [2013.01.13 22:13:13 | 000,191,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\ModLoader-1.4.7.zip [2013.01.13 22:12:58 | 000,096,469 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\TooManyItems-1.4.7.zip [2013.01.13 20:55:21 | 000,000,647 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dragonica.lnk [2013.01.13 15:38:37 | 000,001,485 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\TERA.lnk [2013.01.12 13:47:20 | 000,155,810 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\IMAG0742.jpg [2013.01.11 21:13:04 | 000,000,211 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Global Agenda.url [2013.01.10 23:37:28 | 000,001,609 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AION Free-to-Play.lnk [2013.01.03 23:18:32 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job [2013.01.03 13:35:22 | 000,000,350 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Filme.lnk [2013.01.03 02:26:04 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\.recently-used.xbel [2013.01.03 01:21:45 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013.01.02 18:04:45 | 000,001,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SEVENCORE.lnk [2013.01.01 20:57:11 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Gameforge Live.lnk [2012.12.30 19:27:18 | 000,001,628 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk [2012.08.22 15:15:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2012.08.08 19:30:08 | 000,282,296 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2012.07.30 11:41:34 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe [2012.01.25 20:04:10 | 001,912,710 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-448539723-436374069-725345543-1003-0.dat [2012.01.25 20:04:09 | 000,326,318 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.01.10 21:31:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011.12.28 14:03:25 | 000,126,453 | ---- | C] () -- C:\WINDOWS\System32\Snounin.exe [2011.12.26 11:42:34 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.12.20 22:30:50 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011.12.20 22:25:08 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2011.08.07 14:01:00 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat [2011.06.29 14:51:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.06.21 16:48:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2011.06.15 18:17:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011.06.13 20:08:43 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.06.08 12:34:15 | 000,000,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\server.properties [2011.06.03 00:05:11 | 000,057,624 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.05.22 15:11:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.05.22 15:06:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.02 13:27:37 | 000,000,151 | ---- | C] () -- C:\WINDOWS\AutoScreenRecorder.INI [2011.04.03 13:01:53 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2011.01.31 19:39:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.01.06 19:35:20 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\PnkBstrK.sys [2010.09.16 16:19:20 | 000,192,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab [2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab [2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab [2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab [2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab [2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab [2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab [2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab [2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab [2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab [2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x64.cab [2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x86.cab [2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x86.cab [2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x64.cab [2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Programme\Jun2010_XACT_x64.cab [2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Programme\Jun2010_XACT_x86.cab [2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x86.cab [2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x64.cab [2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x86.cab [2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x64.cab [2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x86.cab [2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x64.cab [2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x86.cab [2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x64.cab [2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab [2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab [2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab [2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab [2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab [2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab [2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2010.06.02 05:22:02 | 001,801,048 | ---- | C] () -- C:\Programme\dsetup32.dll [2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2010.06.02 05:22:02 | 000,537,432 | ---- | C] () -- C:\Programme\DXSETUP.exe [2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2010.06.02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Programme\dxupdate.cab [2010.06.02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab [2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab [2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab [2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab [2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab [2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab [2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab [2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab [2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab [2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab [2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab [2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab [2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab [2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab [2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab ========== ZeroAccess Check ========== [2010.09.15 22:15:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.15 22:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2011.04.03 12:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs [2011.05.22 14:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easy Driver Pro [2011.06.28 18:29:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2011.12.09 17:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2012.11.01 21:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hi-Rez Studios [2012.05.02 11:31:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HighAndes [2013.01.25 20:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2012.09.11 17:35:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit [2012.07.24 10:22:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nexon [2012.09.13 12:08:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2012.09.13 12:12:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle VideoSpin [2012.09.22 23:17:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2012.07.02 09:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PWD [2012.01.25 19:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.07.26 20:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2012.04.05 18:08:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith [2011.05.22 14:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2011.04.12 08:09:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2013.01.14 21:41:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\.minecraft [2012.06.02 16:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\.Nitrous [2012.07.20 19:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\.terasology [2012.07.04 20:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Aeria Games & Entertainment [2012.11.02 06:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Awesomium [2011.10.11 14:30:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Bioshock [2012.04.08 15:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Bioshock2 [2012.05.12 01:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Blockscape [2012.05.02 11:30:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Blue Cat Audio [2012.05.24 10:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Bump Technologies, Inc [2012.01.05 20:18:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\CD-LabelPrint [2011.06.07 14:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.05.07 10:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Command & Conquer 3 Kanes Rache [2011.06.19 12:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2012.07.24 10:19:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DragonicaECB [2012.12.20 16:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DVDVideoSoft [2012.12.18 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.07.05 22:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\FOG Downloader [2012.05.13 18:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\FreeVideoConverter [2011.06.28 18:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\go [2012.07.24 14:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\gtk-2.0 [2011.06.16 12:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Hi-Rez Studios [2012.05.02 11:31:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\HighAndes [2012.09.16 11:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\ICQ [2010.09.16 11:51:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Leadertech [2011.06.29 20:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\LolClient [2013.01.02 13:42:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mail.Ru Games GmbH [2011.05.02 13:39:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\ManyCam [2012.04.25 23:35:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\MotioninJoy [2012.07.01 14:30:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Need for Speed World [2012.12.01 16:33:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Notepad++ [2011.04.18 19:37:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\OpenOffice.org [2012.08.01 13:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Opera [2012.07.25 12:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Oracle [2012.04.05 18:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\RIFT [2012.01.25 20:00:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Samsung [2011.11.17 12:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Sony [2012.07.26 16:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Sony Online Entertainment [2013.01.02 22:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\TS3Client [2012.08.05 21:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Unity ========== Purity Check ========== < End of report > |
|
26.01.2013, 11:15
| #15 |
| /// TB-Ausbilder | GVU Virus Computer wurde gesperrt Hallo, gut gemacht. Weiter mit den nächsten Schritten. Wie läuft dein Rechner im Moment? Alles normal oder hast du noch Probleme? Schritt 1
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q="
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
[2011.12.14 22:36:30 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.05.02 13:26:25 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.04.07 18:30:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\engine@conduit.com
[2012.04.04 17:12:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\extensions\software@loadtubes.com
[2011.11.07 12:09:54 | 000,000,931 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\df7dea73.default\searchplugins\conduit.xml
[2012.02.15 14:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2013.01.25 19:31:30 | 000,000,646 | ---- | M] () -- C:\WINDOWS\System32\runctf.lnk
[2013.01.25 14:21:55 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5675151.pad
[2013.01.23 14:44:33 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\Autostart\runctf.lnk
[2013.01.23 14:44:29 | 000,182,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\4386187.dll
:files
regsvr32 wmisvc.dll /c
dir /a/s/b "C:\e092f77f73bfc68cff" /c
:commands
[reboot]
Schritt 2 Downloade dir bitte Malwarebytes Antimalware.
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
| Themen zu GVU Virus Computer wurde gesperrt |
| 100 euro zahlen, abgesicherte, abgesicherten, arten, bereits, besitz, compu, computer, entsperrt, euro, forum, frage, fragen, gefunde, gesperrt, gvu win xp, lösung, modus, sperrt, starte, starten, troja, trojaner, trojaner - ihr computer wurde gesperrt, virus, webcam, windows, windows xp |
+ R Taste und schreibe notepad in das Ausführen Fenster.
Textbox.
Linear-Darstellung
