| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skype Spambot VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.03.2013, 20:24
| #1 |
| |  Skype Spambot Virus Guten Tag liebe Community, gestern Abend schrieb mich eine Freundin in Skype an, sie schickte mir mehrere Bilder von ihrer Praktikumsstelle. Zu diesem Zeitpunkt wurde sie mit diesem Spambot-Virus infiziert, der einen Link an alle ihre Kontakte schickte. Dieser beinhaltete den Download für eine getarnte JPG-Anwendung, die ich leider öffnete. Der Spambot-Virus erstellt nun öfters (ca. jede 0,5-1,5 Stunden) eine neue EXE-Datei in folgendem Pfad: "C:\Users\Konamalunu\AppData\Local\Temp". Diese trägt einen zehnstelligen Namen, rein aus Zahlen bestehend. z. B. "1234567890.exe" Da das Programm, dass ich nach der Infizierung runtergeladen habe diese Anwendung beim Neuentstehen immer wieder in die Quarantäne verschiebt, habe ich keine praktischen Probleme. Trotzdem hätte ich diesen Virus gerne von meinem PC entfernt, vielen dank im Voraus :-) |
|
12.03.2013, 20:37
| #2 |
| /// Malwareteam   | Skype Spambot Virus Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
12.03.2013, 20:41
| #3 |
| | Skype Spambot Virus Wegen der Zeit: Das ist kein Problem, ich komme im Gegensatz zu anderem Viren mit diesem hier wesentlich "kompfortabel" zurecht. Ich meine, er kann wegen der Quarantäne keinen Blödsinn machen. Ich bin Geduldig :-)
__________________ |
|
12.03.2013, 21:09
| #4 |
| /// Malwareteam | Skype Spambot Virus Hallo und Ich bin Christoph und möchte dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Befolge bitte die hier geschilderten Anweisungen und poste die geforderten Logfiles. Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing!  DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
12.03.2013, 21:32
| #5 |
| | Skype Spambot Virus Vielen Dank für die Hilfe. Weil im anderen Thread bei Schritt 1 stand, dass man beim defogger nicht ohne Anweisung des Teams auf re-enable klicken soll, habe ich ihn wärend des Scans offen gelassen. Dazu war noch Antivir geöffnet, allerdings kein Dienst davon aktiviert. Wenn das schlimm ist, wiederhole ich den Scan gerne nochmal. OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.03.2013 21:17:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Konamalunu\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 73,52% Memory free 16,00 Gb Paging File | 14,02 Gb Available in Paging File | 87,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 398,17 Gb Total Space | 309,87 Gb Free Space | 77,82% Space Free | Partition Type: NTFS Drive D: | 1464,75 Gb Total Space | 1235,93 Gb Free Space | 84,38% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 365,29 Gb Free Space | 39,21% Space Free | Partition Type: NTFS Drive H: | 517,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KONAMALUNU-PC | User Name: Konamalunu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.12 21:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Konamalunu\Desktop\OTL.exe PRC - [2013.03.12 21:13:21 | 000,050,477 | ---- | M] () -- C:\Users\Konamalunu\Desktop\Defogger.exe PRC - [2013.02.12 17:49:43 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 17:46:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.12 17:46:53 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.26 19:08:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.06.25 14:10:22 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.04.26 10:20:48 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2010.12.02 03:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 20:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ========== Modules (No Company Name) ========== MOD - [2013.03.12 21:13:21 | 000,050,477 | ---- | M] () -- C:\Users\Konamalunu\Desktop\Defogger.exe MOD - [2012.10.10 12:23:16 | 002,068,504 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011.03.04 09:33:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2009.05.21 09:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.01.24 14:22:06 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.02.27 23:25:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 17:49:43 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 17:46:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.26 19:08:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.23 13:17:18 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- C:\Users\Konamalunu\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.09.01 22:44:43 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.06.25 14:10:22 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.12.02 03:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.24 14:29:20 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.01.24 14:23:25 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.01.24 14:20:26 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.11 16:00:49 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 16:00:49 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.01 13:23:58 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2012.06.23 10:02:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.02 09:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 09:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.11.01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 8D 80 61 6F 45 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&k=0 IE - HKCU\..\SearchScopes\{2C2F11E4-3649-4C87-99A3-103DCF54857D}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{304D693A-4C9A-4488-9393-DEFF34D76366}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{48485533-17A2-49EE-AE43-EE294AE383C0}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{61C99803-57C1-4C8B-9612-9411393EB491}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6C1BF96A-7E71-4010-B9A0-1DD9E1A5F5AD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9977B9A0-9B93-4AC8-A2C4-16563173DA13}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com.anonymize-me.de/?anonymto=687474703A2F2F6D7973746172742E696E63726564696261722E636F6D2F6D623136372F3F7365617263683D7B7365617263685465726D737D266C6F633D49425F445326613D365051443434657A4A3026693D3236&st={searchTerms}&clid=d61080f9-fba8-4565-b573-56691d99c6bd&pid=nc&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Konamalunu\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Konamalunu\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.07.10 19:26:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.10 19:26:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 12:18:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 13:09:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Konamalunu\AppData\Roaming\Mozilla\Firefox\Profiles\1dcuert9.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Konamalunu\AppData\Roaming\Mozilla\Firefox\Profiles\orop3g72.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.10 17:05:57 | 000,000,000 | ---D | M] [2012.07.13 15:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konamalunu\AppData\Roaming\mozilla\Extensions [2013.03.08 22:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konamalunu\AppData\Roaming\mozilla\Firefox\Profiles\orop3g72.default\extensions [2013.03.08 22:20:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Konamalunu\AppData\Roaming\mozilla\Firefox\Profiles\orop3g72.default\extensions\ich@maltegoetz.de [2012.09.24 16:05:25 | 000,110,795 | ---- | M] () (No name found) -- C:\Users\Konamalunu\AppData\Roaming\mozilla\firefox\profiles\orop3g72.default\extensions\extension@preispilot.com.xpi [2013.02.24 18:42:28 | 000,171,863 | ---- | M] () (No name found) -- C:\Users\Konamalunu\AppData\Roaming\mozilla\firefox\profiles\orop3g72.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2013.02.14 20:26:45 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Konamalunu\AppData\Roaming\mozilla\firefox\profiles\orop3g72.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.23 13:17:21 | 000,001,862 | ---- | M] () -- C:\Users\Konamalunu\AppData\Roaming\mozilla\firefox\profiles\orop3g72.default\searchplugins\{91BA3FEC-25B1-4C00-AA0D-ED3CA4A9EA93}.xml [2013.03.08 12:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 12:18:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.11 17:32:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.11 17:32:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.11 17:32:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.11 17:32:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.11 17:32:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.11 17:32:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Konamalunu\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Konamalunu\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Konamalunu\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Konamalunu\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.462_0\npbrowserext.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Konamalunu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: Proxy Switchy! = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\ CHR - Extension: Adblock Plus = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Web Assistant = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.462_0\ CHR - Extension: BugMeNot Lite = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.10_0\ CHR - Extension: Settings Protector = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: Steins; Gate Theme2 = C:\Users\Konamalunu\AppData\Local\Google\Chrome\User Data\Default\Extensions\plddppaedppoghagchoehpmpojfmjlnf\2_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48873A86-FFE5-4F3E-87C6-7F4D6A8CC7A2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation) O27 - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1998.08.19 13:07:30 | 000,000,057 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{080f2ccb-3628-11e2-b8df-5404a6b5c70d}\Shell - "" = AutoRun O33 - MountPoints2\{080f2ccb-3628-11e2-b8df-5404a6b5c70d}\Shell\AutoRun\command - "" = G:\CMADownloader.exe O33 - MountPoints2\{3458ea85-b211-11e1-b3c5-5404a6b5c70d}\Shell - "" = AutoRun O33 - MountPoints2\{3458ea85-b211-11e1-b3c5-5404a6b5c70d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{d3a7e59e-bd04-11e1-948e-5404a6b5c70d}\Shell - "" = AutoRun O33 - MountPoints2\{d3a7e59e-bd04-11e1-948e-5404a6b5c70d}\Shell\AutoRun\command - "" = H:\LAUNCHER\Launcher.exe -- [1999.01.05 17:57:48 | 001,810,944 | R--- | M] () O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.12 21:16:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Konamalunu\Desktop\OTL.exe [2013.03.12 19:50:19 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Desktop\Prozess Monitor [2013.03.12 13:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.12 12:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.03.12 12:56:12 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\AppData\Roaming\Malwarebytes [2013.03.12 12:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.12 12:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.12 12:55:58 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.12 12:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.12 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\AppData\Roaming\Skype [2013.03.12 12:41:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.12 12:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.12 12:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.11 20:51:33 | 000,000,000 | RHSD | C] -- C:\Users\Konamalunu\S-80-5421-8975-4765 [2013.03.11 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Documents\Amazon MP3 [2013.03.11 20:03:23 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\AppData\Roaming\Amazon [2013.03.11 20:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2013.03.11 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.03.10 14:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis [2013.03.09 21:59:01 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Desktop\SimCity 2000 portable [2013.03.09 21:30:08 | 000,000,000 | RH-D | C] -- C:\Users\Konamalunu\AppData\Roaming\SecuROM [2013.03.08 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Desktop\Logo [2013.03.08 12:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.03 12:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor [2013.03.02 13:06:56 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Documents\ManiaPlanet [2013.03.02 13:05:33 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.03.02 13:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet [2013.03.02 13:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet [2013.02.27 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Desktop\VX_CONVERSIONS [2013.02.27 13:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Character Hub [2013.02.26 12:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013.02.25 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\AppData\Local\dxhr [2013.02.25 15:36:59 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Documents\ALI213 [2013.02.25 15:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix [2013.02.21 19:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.02.21 19:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.02.21 17:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.02.21 17:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls [2013.02.19 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Desktop\Take Care, Take Care, Take Care (2011) [2013.02.13 21:55:05 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\Desktop\Hybris-Rebirth Gold [2013.02.11 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.02.11 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Konamalunu\AppData\Roaming\Adobe Mini Bridge CS5.1 ========== Files - Modified Within 30 Days ========== [2013.03.12 21:18:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385461645-692334142-1717871527-1000UA.job [2013.03.12 21:16:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Konamalunu\Desktop\OTL.exe [2013.03.12 21:14:35 | 000,000,168 | ---- | M] () -- C:\Users\Konamalunu\defogger_reenable [2013.03.12 21:13:21 | 000,050,477 | ---- | M] () -- C:\Users\Konamalunu\Desktop\Defogger.exe [2013.03.12 21:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.12 12:56:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 12:41:45 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.12 12:25:00 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.12 12:25:00 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.12 12:24:34 | 001,699,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.12 12:24:34 | 000,741,246 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.12 12:24:34 | 000,665,454 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.12 12:24:34 | 000,161,870 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.12 12:24:34 | 000,133,280 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.12 12:18:37 | 000,000,000 | -H-- | M] () -- C:\Users\Konamalunu\AppData\Roaming\winsvcns.sys [2013.03.12 12:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.12 12:17:25 | 2146,783,231 | -HS- | M] () -- C:\hiberfil.sys [2013.03.11 21:00:05 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.11 21:00:05 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.11 20:59:53 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.03.11 14:57:54 | 012,531,264 | ---- | M] () -- C:\Users\Konamalunu\Desktop\Xylit.psd [2013.03.11 13:58:43 | 021,858,132 | ---- | M] () -- C:\Users\Konamalunu\Desktop\Kokosblütenzucker-alt.psd [2013.03.11 13:44:53 | 000,000,132 | ---- | M] () -- C:\Users\Konamalunu\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.03.10 14:53:34 | 000,000,704 | ---- | M] () -- C:\Users\Konamalunu\Desktop\SIMCITY3000.mds [2013.03.06 11:18:01 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385461645-692334142-1717871527-1000Core.job [2013.03.02 13:05:32 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk [2013.02.27 13:36:22 | 000,011,626 | ---- | M] () -- C:\Users\Konamalunu\Desktop\Ciel.png [2013.02.27 13:16:19 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Game Character Hub.lnk [2013.02.26 15:54:47 | 000,000,751 | ---- | M] () -- C:\Users\Konamalunu\Desktop\pcsx2-r5576 - Verknüpfung.lnk [2013.02.21 20:27:30 | 000,001,123 | ---- | M] () -- C:\Users\Konamalunu\Desktop\Antichamber.lnk [2013.02.16 19:48:03 | 000,001,682 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys ========== Files Created - No Company Name ========== [2013.03.12 21:14:35 | 000,000,168 | ---- | C] () -- C:\Users\Konamalunu\defogger_reenable [2013.03.12 21:13:20 | 000,050,477 | ---- | C] () -- C:\Users\Konamalunu\Desktop\Defogger.exe [2013.03.12 12:56:00 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 12:41:45 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.11 20:51:38 | 000,000,000 | -H-- | C] () -- C:\Users\Konamalunu\AppData\Roaming\winsvcns.sys [2013.03.11 14:32:22 | 012,531,264 | ---- | C] () -- C:\Users\Konamalunu\Desktop\Xylit.psd [2013.03.11 13:58:41 | 021,858,132 | ---- | C] () -- C:\Users\Konamalunu\Desktop\Kokosblütenzucker-alt.psd [2013.03.10 14:51:20 | 000,000,704 | ---- | C] () -- C:\Users\Konamalunu\Desktop\SIMCITY3000.mds [2013.03.02 13:05:32 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk [2013.02.27 13:35:22 | 000,011,626 | ---- | C] () -- C:\Users\Konamalunu\Desktop\Ciel.png [2013.02.27 13:16:19 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Game Character Hub.lnk [2013.02.26 15:54:47 | 000,000,751 | ---- | C] () -- C:\Users\Konamalunu\Desktop\pcsx2-r5576 - Verknüpfung.lnk [2013.02.21 20:27:30 | 000,001,123 | ---- | C] () -- C:\Users\Konamalunu\Desktop\Antichamber.lnk [2012.12.26 12:33:07 | 000,020,289 | ---- | C] () -- C:\Windows\SysWow64\KmSNMPIF.ini [2012.12.26 12:32:49 | 000,000,027 | ---- | C] () -- C:\Windows\EZSET_SP.INI [2012.12.26 12:32:25 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\KmTwain.ini [2012.10.28 11:06:53 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\C376C76F9C.sys [2012.10.28 11:06:49 | 000,001,682 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2012.10.22 18:06:11 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll [2012.10.22 18:06:11 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll [2012.10.22 18:06:11 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll [2012.10.20 20:51:03 | 000,000,132 | ---- | C] () -- C:\Users\Konamalunu\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.10.19 14:19:37 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2012.10.19 14:19:36 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll [2012.10.19 14:19:36 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2012.09.23 13:20:33 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2012.09.09 18:49:46 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2012.07.24 13:01:39 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2012.07.14 10:44:38 | 001,672,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.06 14:52:48 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.06.24 20:49:51 | 000,000,132 | ---- | C] () -- C:\Users\Konamalunu\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.06.09 00:12:02 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.06.09 00:11:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.06.08 22:22:08 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.08 22:22:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.08 12:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.08 12:32:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.06.08 12:32:09 | 000,027,128 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.03 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\.minecraft [2013.03.11 20:03:23 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Amazon [2012.09.07 17:31:30 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Auslogics [2012.09.06 15:05:41 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Awesomium [2012.08.13 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Babylon [2012.08.13 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\BabylonToolbar [2012.06.27 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Cobalt [2012.07.08 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\DAEMON Tools Lite [2012.06.08 12:45:10 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\DAEMON Tools Pro [2012.09.23 13:17:28 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\DesktopIconForAmazon [2012.06.10 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Downloaded Installations [2012.11.03 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\DVDVideoSoft [2012.10.21 10:11:16 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Enterbrain [2013.01.19 12:53:13 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\LolClient [2012.08.13 10:36:26 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\MAGIX [2013.01.18 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\MotioninJoy [2012.09.23 13:17:18 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\OCS [2012.09.23 13:17:21 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Opera [2012.11.30 16:31:43 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Origin [2012.11.18 12:18:01 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\pdfforge [2012.06.27 19:25:05 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\six-updater [2012.06.27 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\six-zsync [2013.02.13 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Spotify [2013.02.11 22:11:08 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.25 21:45:14 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Subversion [2012.07.11 17:49:19 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\TestApp [2012.06.25 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Konamalunu\AppData\Roaming\Thunderbird ========== Purity Check ========== ========== Files - Unicode (All) ========== (C:\Users\Konamalunu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???) -- C:\Users\Konamalunu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\惰眠ズ (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????·????~) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\とらぶる・だいあり~ ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.03.2013 21:17:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Konamalunu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 73,52% Memory free
16,00 Gb Paging File | 14,02 Gb Available in Paging File | 87,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398,17 Gb Total Space | 309,87 Gb Free Space | 77,82% Space Free | Partition Type: NTFS
Drive D: | 1464,75 Gb Total Space | 1235,93 Gb Free Space | 84,38% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 365,29 Gb Free Space | 39,21% Space Free | Partition Type: NTFS
Drive H: | 517,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KONAMALUNU-PC | User Name: Konamalunu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Konamalunu\S-80-5421-8975-4765\winmgr.exe" = C:\Users\Konamalunu\S-80-5421-8975-4765\winmgr.exe:*:Enabled:Microsoft Windows Manager
"C:\Users\Konamalunu\S-80-5421-8975-4765\winmgr.exe" = C:\Users\Konamalunu\S-80-5421-8975-4765\winmgr.exe:*:Enabled:Microsoft Windows Manager
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004C0EBC-FCD4-4C12-A0B9-7EE2C40E3772}" = lport=10243 | protocol=6 | dir=in | app=system |
"{01F7F450-5F14-4133-B9E5-D36FD4B2F9C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{02F27E51-1C87-42FD-A647-BB9876397E1E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0A630C24-7C19-4EE9-BCEA-A2E6AFE7B3E4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CAF1196-E541-4A42-B3B5-C6DDA06731C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1E152EFC-036F-4A44-A886-4A85AFFF9277}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F277464-F395-422B-949E-341D68045441}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2198FD26-3771-4D25-84B4-4693052D4898}" = lport=137 | protocol=17 | dir=in | app=system |
"{424CCCD8-5BD6-4A87-BB81-EDA471015F9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44820341-0CF1-4A09-9B94-3EE6BD96ECC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{471C4E13-4BB0-49F9-B5AB-F588D29E9488}" = rport=10243 | protocol=6 | dir=out | app=system |
"{48D50BFE-B54A-49C3-B697-34990CA2F67B}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BF646B9-9D3E-4FA6-8EC9-F9AE383DF629}" = rport=445 | protocol=6 | dir=out | app=system |
"{4F201B65-56BE-4356-A6B2-4288FA5FD56D}" = rport=139 | protocol=6 | dir=out | app=system |
"{601046DE-197E-4B38-BC62-A002DA5F0F7D}" = lport=445 | protocol=6 | dir=in | app=system |
"{7501A97D-455A-46C4-ADCF-7342D6F19EAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7CCD3B8F-F0ED-46A2-9478-A999FB05ACB3}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D4F4411-96D7-4AF9-9E14-2045FE21E78B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B36D53E3-0676-4CDE-B40A-0B24A4AB7520}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC361FA4-FEF9-4974-91CD-6DF3D052BF60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0F1620A-B448-4A5F-B8A9-FC8A7392D086}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1E56E66-C73E-4ECD-B99C-36CA3CE3110C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9B96FBD-D57A-4563-B2DF-C859DED40BBC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11C82FAB-7D2E-41C2-9F38-EDCF5867D553}" = protocol=6 | dir=out | app=system |
"{252DE789-EB40-430D-81DE-E1F1C839D3CF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{275F7D2D-60AB-487F-866C-03127A6962A5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{2E7C0545-1301-4EF3-8B7C-4AC1E27B8CA5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3B1342ED-DBD1-4631-9292-DE7790DA5C60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4BD0804F-F7E3-4929-AF5B-3DB82E48BB4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FD43BC9-7CA6-493E-B671-5002A29060E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FDDC508-44E9-4E79-9EBD-6C8956CEA0A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{528DE895-C6F3-460F-8C2C-00859637BC0C}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\battlefield 3\bf3.exe |
"{54EFC5FC-3552-44E1-B3BB-A067E1C258AD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5899014B-5692-4299-ABF7-313AB30F42AE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hydrophobia\hydropc.exe |
"{5E88CEFC-7149-42F9-833F-FAEBB171C67C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{601EAE81-CA03-4755-A955-AE3070E9B4CB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6055CC90-58FC-4C53-9638-F7B7C96B5C5E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{62F79B3E-FFB9-4328-A4C4-BD1B8D9E6B67}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6B099C8E-F565-4720-A0DF-060247845B2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{751AC770-0174-420A-B799-3F0107369299}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{77E342BA-EE31-4338-B1FC-9F804C87661D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7D0CA108-D188-45D0-A111-72CD6BFFDA11}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{80999366-3975-4ACA-917C-B815D7EB4610}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82CE1EDF-6205-434B-A7F9-2D0375CBBC04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89834CAF-8A7F-4102-9021-A45401C5358C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89E8F766-0799-4863-A99F-DFDD88939270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F7A4994-32F0-4085-A031-A50763060512}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{95096F77-8002-4827-BB53-03C4E9285A87}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{A2783EC8-0140-4B25-8563-3E4C051482A6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{A3118A3D-3A43-4FFB-86DA-9C7BA4963997}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB2B02C2-2FC1-461E-9CA0-AC2362376B1A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B1456678-F7EA-4081-B0BE-A8E27D7C872E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B39DB2D0-1C36-4197-9969-0DB99255A786}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0AF8AEF-DC9C-466B-ACC8-4FF277CE4153}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8124D44-9162-4768-AB2F-6949B1C21AF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D5C95D23-BEE2-4F4A-9DEF-8F20ADFE6A46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9AA3A6E-A12B-4E79-9E3C-2859A392E531}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3868E09-23BD-4F57-9464-3D63ABAC2BD9}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\battlefield 3\bf3.exe |
"{F90EA150-2E59-4899-9EDC-B43EE50C17C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9381B0C-EFBB-4290-A536-3754CEB7CA3D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FC096C0B-9B97-4661-A5D4-7634756C2C51}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FC54C3E9-CC48-4BEE-8719-EAA057E270A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE4AF769-66DC-47A7-AEEA-99AD9464A702}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hydrophobia\hydropc.exe |
"TCP Query User{02E190FB-5AA3-4D08-AD96-E49C89D9EFB4}F:\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=f:\far cry 2\bin\farcry2.exe |
"UDP Query User{0812A3A2-4F4E-4C16-9706-CF146FB80026}F:\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=f:\far cry 2\bin\farcry2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.462
"{4371D69B-FB6A-4A61-8477-C1B919FB2311}" = TortoiseSVN 1.7.7.22907 (64 bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"DesktopIconAmazon" = Desktop Icon für Amazon
"KMnet Viewer" = KMnet Viewer
"Kyocera Product Library" = Kyocera Product Library
"SearchAnonymizer" = SearchAnonymizer
"UDK-adafddc3-f456-4ba8-9699-6e63c19ae0a9" = My Game Long Name
"UDK-e102c087-45e1-4ae2-8f0c-71890b16a345" = My Game Long Name
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{014CE100-0A6D-4E45-BC93-A867127AEAFC}" = Battle Raper 2
"{02C2B318-E2DF-4EC4-AD1B-9FF3DD774A04}" = MAGIX Video deluxe MX Plus
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0578A699-51A3-453B-B3F7-433EFD189942}" = ILLUSION プレミアムプレイ
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D5DD424-A25E-47EC-A68D-EC7C646517EE}" = MAGIX Screenshare
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19661D1F-932A-4845-A562-10907870E8D1}_is1" = ILLUSION Sexy Beach ZERO
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AB16B10-3B55-499E-9918-5527DD082C6D}" = ILLUSION 人工少女2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.23.8
"{28E3D4C3-5ADA-4016-AA92-0238FE2BCF07}" = ILLUSION ぐらびあビーチ
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{315378D5-9574-4BD6-A197-BF8A146E3330}" = ILLUSION Sexyフラッシュ
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION ジンコウガクエン きゃらめいく
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{629321C7-65DC-4F59-BB36-32740D228A94}" = TEdit 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6A56B2F6-5F4F-4FC5-8508-3EDA1D048744}" = MAGIX Speed burnR (MSI)
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D6C511F-10D4-4635-B6CC-26E4ADF264E4}" = ネトワクネトラル カレマチカノジョ
"{6F740E3C-B7B6-4FC9-A9C6-003CC4CF55FF}" = ILLUSION ハッピーエンドトリガー
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7B581FC8-F0BA-4D21-9623-726AAF055415}_is1" = Dead or Alive ONLINE version 2
"{7D2BB311-B61D-45D6-A4D7-F11FDAD8F19C}_is1" = Uninstall Yuusha
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 1.0
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0B447F-7E14-4BB9-BCFE-1D5C06F7EE35}" = Artificial Girl 3
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A87A837F-413C-4F03-BEF1-6ACC45E20821}" = ILLUSION ラブガール~魅惑の個人レッスン~
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AF2B1B36-F036-4FDE-BD2C-453FA46B59EC}_is1" = Digital Trigger Lite version 1.0
"{B22C5250-4C70-4B95-B834-87D50E3EC082}_is1" = Game Character Hub version 2.0b
"{B633DACE-2401-4AA7-B8E1-3C4BD70C35BA}" = バーチャルストーカー
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7DD4B24-3DA7-46D6-94F2-6E2249A04585}" = らぶギア
"{BC980840-FC67-4027-9055-251136406614}_is1" = School Mate 2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0C9C3D1-D104-41D8-B58E-DC49D46CB369}" = Kyocera TWAIN Driver
"{C109AF5B-69D0-4C93-B360-F28D9FAB6084}" = ILLUSION ジンコウガクエン
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CA31F991-DBD2-4DE1-B6D2-30105F23CBBC}" = RapeLay
"{CF55095E-07AA-432E-8376-CEF71D70746A}_is1" = Vampires Dawn: Reign of Blood
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFAA1F4D-5653-48FE-8330-5DEAF57F8415}" = 恋愛+H
"{E0DF029C-DB59-4F90-A0E0-53690B269384}" = 放課後かすたむ☆たいむ
"{E16EF35A-4E99-4E6F-B54F-48D420660700}" = ILLUSION FIELD -幻影現実-
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E500DF84-3A0A-4989-93C2-D33B935008C1}" = Inhaltsmanager-Assistent für PlayStation(R)
"{F097D303-BC25-4FD9-B046-CAB4641DF0A5}" = 肉体契約書
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FB16C8A2-4967-41E2-81EF-57E0A4BF208C}" = 修羅恋~SeeYouLover~
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"××な彼女のつくりかた2" = ××な彼女のつくりかた2
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"claro" = Claro LTD toolbar on IE
"Cobalt" = Cobalt
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"FL Studio 10" = FL Studio 10
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.20.1031
"Game Booster_is1" = Game Booster 3
"Hamachi" = Hamachi 1.0.1.5
"IL Download Manager" = IL Download Manager
"InstallShield_{C0C9C3D1-D104-41D8-B58E-DC49D46CB369}" = Kyocera TWAIN Driver
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Sexy Beach 3 - Complete English Edition" = Sexy Beach 3 - Complete English Edition (remove only)
"SimCity 3000" = SimCity 3000
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 107400" = ARMA 2: Free
"Steam App 17410" = Mirror's Edge
"Steam App 203160" = Tomb Raider
"Steam App 203810" = Dear Esther
"Steam App 205100" = Dishonored
"Steam App 207350" = Ys Origin
"Steam App 211260" = They Bleed Pixels
"Steam App 220440" = DmC Devil May Cry
"Steam App 22350" = BRINK
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 49520" = Borderlands 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 92000" = Hydrophobia: Prophecy
"Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.3
"The Void_is1" = The Void
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"YTdetect" = Yahoo! Detect
"いたずらっ娘~うちの娘にかぎって~" = いたずらっ娘~うちの娘にかぎって~
"かすたむアイドロイドAi" = かすたむアイドロイドAi
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome
"SOE-C:/Users/Konamalunu/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-D:/Spiele/Planet Side 2" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.02.2013 10:57:30 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DMC-DevilMayCry.exe, Version: 0.0.0.0,
Zeitstempel: 0x50fffc71 Name des fehlerhaften Moduls: DMC-DevilMayCry.exe, Version:
0.0.0.0, Zeitstempel: 0x50fffc71 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002cad52
ID
des fehlerhaften Prozesses: 0xcc0 Startzeit der fehlerhaften Anwendung: 0x01ce01555320ec3c
Pfad
der fehlerhaften Anwendung: D:\Program Files (x86)\Steam\steamapps\common\DmC Devil
May Cry\Binaries\Win32\DMC-DevilMayCry.exe Pfad des fehlerhaften Moduls: D:\Program
Files (x86)\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
Berichtskennung:
dd35f8af-6d48-11e2-894e-5404a6b5c70d
Error - 02.02.2013 15:04:40 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0,
Zeitstempel: 0x4d90d339 Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
Zeitstempel: 0x4dace4e7 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000042686
ID
des fehlerhaften Prozesses: 0xcf8 Startzeit der fehlerhaften Anwendung: 0x01ce0172f2399bde
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Berichtskennung:
64d4aad2-6d6b-11e2-894e-5404a6b5c70d
Error - 12.02.2013 13:34:28 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x50c39964 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x440 Startzeit der fehlerhaften Anwendung: 0x01ce094152f6a55d Pfad der fehlerhaften
Anwendung: D:\Program Files (x86)\Origin Games\Battlefield 3\Battlefield 3\bf3.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 72edd636-753a-11e2-8b7a-5404a6b5c70d
Error - 20.02.2013 13:02:48 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BattleRaper2.exe, Version: 0.0.0.0,
Zeitstempel: 0x423bcc03 Name des fehlerhaften Moduls: BattleRaper2.exe, Version:
0.0.0.0, Zeitstempel: 0x423bcc03 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cee31
ID
des fehlerhaften Prozesses: 0x9e4 Startzeit der fehlerhaften Anwendung: 0x01ce0f8c1070911d
Pfad
der fehlerhaften Anwendung: D:\Spiele\H-Games\Illusion\Battle Raper\BattleRaper2.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\H-Games\Illusion\Battle Raper\BattleRaper2.exe
Berichtskennung:
5a106d71-7b7f-11e2-af3a-5404a6b5c70d
Error - 20.02.2013 13:03:22 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BattleRaper2.exe, Version: 0.0.0.0,
Zeitstempel: 0x423bcc03 Name des fehlerhaften Moduls: BattleRaper2.exe, Version:
0.0.0.0, Zeitstempel: 0x423bcc03 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cee31
ID
des fehlerhaften Prozesses: 0x1198 Startzeit der fehlerhaften Anwendung: 0x01ce0f8c2a9881a8
Pfad
der fehlerhaften Anwendung: D:\Spiele\H-Games\Illusion\Battle Raper\BattleRaper2.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\H-Games\Illusion\Battle Raper\BattleRaper2.exe
Berichtskennung:
6e7e10f4-7b7f-11e2-af3a-5404a6b5c70d
Error - 21.02.2013 13:12:12 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CM3D English.exe, Version: 0.1.0.25,
Zeitstempel: 0x4f8e44f8 Name des fehlerhaften Moduls: CM3D English.exe, Version:
0.1.0.25, Zeitstempel: 0x4f8e44f8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fa61
ID
des fehlerhaften Prozesses: 0x1468 Startzeit der fehlerhaften Anwendung: 0x01ce10568ad441bd
Pfad
der fehlerhaften Anwendung: D:\Spiele\H-Games\KISS\Custom Maid 3-D\CM3D English.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\H-Games\KISS\Custom Maid 3-D\CM3D English.exe
Berichtskennung:
d45ee812-7c49-11e2-8e33-5404a6b5c70d
Error - 21.02.2013 16:13:13 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CM3D English.exe, Version: 0.1.0.25,
Zeitstempel: 0x4f8e44f8 Name des fehlerhaften Moduls: CM3D English.exe, Version:
0.1.0.25, Zeitstempel: 0x4f8e44f8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fa61
ID
des fehlerhaften Prozesses: 0x1260 Startzeit der fehlerhaften Anwendung: 0x01ce106fd153ff3c
Pfad
der fehlerhaften Anwendung: D:\Spiele\H-Games\KISS\Custom Maid 3-D\CM3D English.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\H-Games\KISS\Custom Maid 3-D\CM3D English.exe
Berichtskennung:
1e69d56a-7c63-11e2-8e33-5404a6b5c70d
Error - 12.03.2013 07:23:10 | Computer Name = Konamalunu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 9145429319.exe, Version: 3.3.8.1,
Zeitstempel: 0x513eee30 Name des fehlerhaften Moduls: 9145429319.exe, Version: 3.3.8.1,
Zeitstempel: 0x513eee30 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000a6a7 ID des fehlerhaften
Prozesses: 0xf7c Startzeit der fehlerhaften Anwendung: 0x01ce1f135c6d9aa0 Pfad der
fehlerhaften Anwendung: C:\Users\Konamalunu\AppData\Local\Temp\9145429319.exe Pfad
des fehlerhaften Moduls: C:\Users\Konamalunu\AppData\Local\Temp\9145429319.exe Berichtskennung:
3801393d-8b07-11e2-9033-5404a6b5c70d
Error - 12.03.2013 07:57:34 | Computer Name = Konamalunu-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Konamalunu\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 12.03.2013 14:50:07 | Computer Name = Konamalunu-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Konamalunu\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 09.01.2013 11:38:47 | Computer Name = Konamalunu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.01.2013 11:39:19 | Computer Name = Konamalunu-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 09.01.2013 11:39:50 | Computer Name = Konamalunu-PC | Source = DCOM | ID = 10016
Description =
Error - 09.01.2013 11:39:54 | Computer Name = Konamalunu-PC | Source = DCOM | ID = 10016
Description =
Error - 10.01.2013 11:36:01 | Computer Name = Konamalunu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 10.01.2013 11:36:49 | Computer Name = Konamalunu-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 10.01.2013 11:37:03 | Computer Name = Konamalunu-PC | Source = DCOM | ID = 10016
Description =
Error - 10.01.2013 11:37:39 | Computer Name = Konamalunu-PC | Source = DCOM | ID = 10016
Description =
Error - 11.01.2013 11:35:56 | Computer Name = Konamalunu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 11.01.2013 11:36:58 | Computer Name = Konamalunu-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Merkwürdigerweise muss ich feststellen, dass der Virus nichts mehr tut. Eventuell ist er sogar komplett weg. Mögliche Ursache könnte Malwarebytes sein, da es ein Update machte (ohne das ich es bemerkte, aber dass ist wohl nicht sonderlich wichtig) und den Virus selbst besiegen konnte. 100 Prozent sicher bin ich mir natürlich nicht, der Virus könnte auch blos so tun, als wäre er weg, um mit der neusten Version als Spybot zu arbeiten. Ich wollte das nur gesagt haben. Sämtliche Virenscanner erkennen nichts mehr (Antivir und Malwarebytes). Merkwürdigerweise muss ich feststellen, dass der Virus nichts mehr tut. Eventuell ist er sogar komplett weg. Mögliche Ursache könnte Malwarebytes sein, da es ein Update machte (ohne das ich es bemerkte, aber dass ist wohl nicht sonderlich wichtig) und den Virus selbst besiegen konnte. 100 Prozent sicher bin ich mir natürlich nicht, der Virus könnte auch blos so tun, als wäre er weg, um mit der neusten Version als Spybot zu arbeiten. Ich wollte das nur gesagt haben. Sämtliche Virenscanner erkennen nichts mehr (Antivir und Malwarebytes). |
|
14.03.2013, 20:37
| #6 | |
| /// Malwareteam | Skype Spambot Virus Hi Schritt 1 Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine infizierte Datei herunterlädst. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Dennoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt 2 Zitat:
__________________ --> Skype Spambot Virus |
|
14.03.2013, 22:57
| #7 |
| | Skype Spambot Virus Guten Abend, uTorrent ist jetzt deinstalliert. Die Photoshopversion ist legal. Ich habe sie vergünstigt als Schüler gekauft, falls du dich fragen solltest, weshalb ich solch teure Software besitze. |
|
18.03.2013, 18:06
| #8 |
| /// Malwareteam | Skype Spambot Virus Hi, entschuldige bitte meine späte Antwort, mein Internet hat gestreikt. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Scan mit Combofix
Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
WARNUNG an die MITLESER: 
Linear-Darstellung
