| |
| |||||||
Log-Analyse und Auswertung: Click to Continue > by Browse to to Save und http://searchiu.com/?affil=141 Startseite - MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.04.2013, 11:24
| #1 |
| |  Click to Continue > by Browse to to Save und http://searchiu.com/?affil=141 Startseite - Malware Hallo, mein Laptop scheint mit dem Browse to Save Virus befallen zu sein. Außerdem habe ich bei Firefox die Startseite "hxxp://searchiu.com/?affil=141", die ebenfalls Malware zu sein scheint. Die Startseite lässt sich nicht ändern. Egal ob man in den Firefoxoptionen die Startseite zurücksetzt oder andere Internetadressen eingibt, bleibt die Startseite trotzdem searchiu.com. Die Symtome des Browse to Save Virus sind ähnlich wie in diesem Thread. Auf jeglichen Internetseiten sind manche Wörter blau und unterstrichen und führen zu irgendwelchen Werbeseiten oder beim Mouseover wird ein Banner angezeigt. Außerdem werden Banner save to browse Banner einfach eingeblendet. Ich habe defogger, OTL, Gmer laufen lassen. Folgend die Logfiles: OTL.txt: Code:
ATTFilter OTL logfile created on: 09.04.2013 09:39:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,61 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 35,03% Memory free 3,21 Gb Paging File | 1,86 Gb Available in Paging File | 57,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,09 Gb Total Space | 29,98 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Drive D: | 152,00 Gb Total Space | 55,97 Gb Free Space | 36,82% Space Free | Partition Type: NTFS Computer Name: ***-ASUS | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.09 09:37:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.02.23 03:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2013.02.23 03:33:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2013.02.23 03:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2013.02.08 11:46:24 | 001,320,768 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.08.16 03:47:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 13:58:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 13:58:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.21 16:40:56 | 000,578,264 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.07.09 23:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe ========== Modules (No Company Name) ========== MOD - [2012.01.10 13:38:49 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.11.09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.04.04 13:40:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.03 18:17:32 | 000,474,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService) SRV - [2013.03.14 13:51:48 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.23 03:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2013.02.23 03:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2013.02.23 03:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013.02.22 03:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.05.08 13:58:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 13:58:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.21 16:40:56 | 000,578,264 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.22 03:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2013.02.22 03:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:64bit: - [2012.08.01 20:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012.06.23 13:41:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.05.27 15:52:29 | 000,118,400 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ezplay.sys -- (ezplay) DRV:64bit: - [2012.05.08 13:58:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 13:58:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2) DRV:64bit: - [2011.12.19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP) DRV:64bit: - [2011.06.26 02:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand) DRV:64bit: - [2011.03.07 12:22:46 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.04 17:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.04 12:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.04 12:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://u-search.net/?a=1&e=1 IE - HKLM\..\SearchScopes,DefaultScope = {819218B0-1380-4BA2-89C3-E1BCF2DF5D69} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{819218B0-1380-4BA2-89C3-E1BCF2DF5D69}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 1F 46 DD EF C0 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {819218B0-1380-4BA2-89C3-E1BCF2DF5D69} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{605D08E1-0E4D-4DEC-B3BD-D982C37638F1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{819218B0-1380-4BA2-89C3-E1BCF2DF5D69}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=204.124.180.101:3128;http=204.124.180.101:3128;https=204.124.180.101:3128;socks=204.124.180.101:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "u-Search" FF - prefs.js..browser.search.defaultenginename: "u-Search" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://u-search.net/?a=1&e=2&q=" FF - prefs.js..browser.search.order.1: "u-Search" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1 FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: addon%40foxtab.com:1.4.51 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: adonis.cuhk%40gmail.com:1.8.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..keyword.URL: "hxxp://u-search.net/?a=1&e=2&q=" FF - prefs.js..browser.startup.homepage: "hxxp://u-search.net/?a=1&e=1" FF - user.js..browser.search.defaultengine: "u-Search" FF - user.js..browser.search.defaultenginename: "u-Search" FF - user.js..browser.search.order.1: "u-Search" FF - user.js..browser.startup.homepage: "hxxp://u-search.net/?a=1&e=1" FF - user.js..browser.search.defaulturl: "hxxp://u-search.net/?a=1&e=2&q=" FF - user.js..keyword.URL: "hxxp://u-search.net/?a=1&e=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 13:40:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.14 22:01:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 13:40:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.14 22:01:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.31 13:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.08 18:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions [2013.02.23 17:43:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.04.03 23:24:32 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\addon@foxtab.com [2013.02.17 19:32:24 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\foxyproxy@eric.h.jung [2013.04.06 10:21:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\ich@maltegoetz.de [2013.04.04 18:10:20 | 000,000,000 | ---D | M] (BRowsE2soave) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e0e7iwdh.default\extensions\oyoe1-iea@vqtgk-aie.com [2013.04.08 18:13:21 | 000,005,781 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\adonis.cuhk@gmail.com.xpi [2013.02.23 17:43:06 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.01.28 19:32:37 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\unplug@compunach.xpi [2013.03.14 16:35:17 | 000,552,809 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\uriloader@pdf.js.xpi [2012.09.17 15:57:22 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013.02.14 22:26:47 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.10 11:05:17 | 000,001,210 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\searchplugins\search.xml [2012.09.29 11:03:39 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\searchplugins\sweetim.xml [2012.09.12 22:40:57 | 000,002,017 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e0e7iwdh.default\searchplugins\u-search.xml [2013.04.04 13:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.04 13:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.04 13:38:59 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2013.04.04 13:40:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 16:08:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: BRowsE2soave = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\omijpafilmeabcfknpnecgdnmpooanie\1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (BRowsE2soave) - {2AF83333-6EB3-0F49-434E-A97D72D7C58D} - C:\ProgramData\BRowsE2soave\515da54828573.dll () O2 - BHO: (FoxTab) - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - C:\Users\***\AppData\LocalLow\FoxTab\IE\FoxTab.dll (The FoxTab Team) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [phonostar-Player] C:\Program Files (x86)\phonostar-Player\phonostarStarter.exe File not found O4 - HKCU..\Run: [Torrent2Exe[a9ef6dee1c772f6dbd50c99b4a0bd4dd968b7ec3]] D:\hdr\The_Lord_of_the_Rings__The_Fellowship_of_the_Ring_10.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.27.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E17A7B-286B-45FF-8D95-B8E47C0E083F}: DhcpNameServer = 192.168.27.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3A2165-EDC6-4E1A-AE4A-FC43A9BD1989}: DhcpNameServer = 192.168.10.33 O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{561c0e3b-a1ab-11e1-8b04-5404a671f5a2}\Shell - "" = AutoRun O33 - MountPoints2\{561c0e3b-a1ab-11e1-8b04-5404a671f5a2}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE O33 - MountPoints2\{74b76b2b-33c6-11e1-b9a2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74b76b2b-33c6-11e1-b9a2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe O33 - MountPoints2\{a5b73620-9787-11e1-88a0-7ede2bd680d8}\Shell - "" = AutoRun O33 - MountPoints2\{a5b73620-9787-11e1-88a0-7ede2bd680d8}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 09:37:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.07 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ConvertXToDVD [2013.04.04 18:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.04.04 18:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe [2013.04.04 18:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave [2013.04.04 18:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BRowsE2soave [2013.04.04 18:08:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.04.04 18:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BRowsE2soave [2013.04.04 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.04.04 17:08:55 | 000,000,000 | ---D | C] -- C:\Fraps [2013.04.04 13:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.03 23:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemium TubeBox [2013.04.03 23:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemium [2013.04.03 23:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SelfUpdater [2013.04.03 22:36:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.03 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage [2013.04.03 22:32:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Freemium [2013.04.03 22:32:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Freemium TubeBox [2013.04.03 22:32:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Freemium TubeBox 3.6.1 Portable [2013.04.03 20:43:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ashampoo [2013.04.03 20:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo [2013.04.03 18:17:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Freetec [2013.04.03 18:16:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TubeBox [2013.04.03 18:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater [2013.04.03 18:10:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DownloadGuide [2013.03.14 22:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.14 15:35:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Video deluxe 2013 [2013.03.14 15:35:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX [2013.03.14 15:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2013.03.14 15:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared [2013.03.14 15:08:18 | 000,000,000 | ---D | C] -- C:\Programme (x86) [2013.03.14 15:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2013.03.14 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2013.03.14 15:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.10 17:24:11 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2013.03.10 17:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 [2013.03.10 17:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Postal2 [2012.05.27 15:52:29 | 000,118,400 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\ezplay.sys ========== Files - Modified Within 30 Days ========== [2013.04.09 09:42:26 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 09:42:26 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 09:40:09 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.09 09:40:09 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.09 09:40:09 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.09 09:40:09 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.09 09:40:09 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.09 09:37:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.09 09:33:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 09:33:35 | 1292,673,024 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 09:32:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 09:31:16 | 000,000,188 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.09 09:26:21 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.08 22:38:29 | 000,017,308 | ---- | M] () -- C:\Users\***\Documents\Schriftliche Äußerung zum Sachverhalt.odt [2013.04.08 07:36:08 | 000,001,189 | ---- | M] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml [2013.04.05 22:26:06 | 000,000,443 | ---- | M] () -- C:\Windows\cedt.INI [2013.04.04 18:11:36 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.04.03 23:45:56 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Freemium TubeBox.lnk [2013.04.03 23:36:16 | 000,001,049 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.03 23:35:49 | 000,001,015 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [2013.03.18 16:31:02 | 000,942,027 | ---- | M] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.odt [2013.03.18 08:07:31 | 000,294,099 | ---- | M] () -- C:\Users\***\Desktop\Von Schengen nach Maastricht.pdf [2013.03.15 21:16:25 | 268,259,728 | ---- | M] () -- C:\Users\***\Desktop\video.mp4 [2013.03.15 17:55:18 | 000,002,112 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2013.03.15 17:49:11 | 000,210,913 | ---- | M] () -- C:\Users\***\Documents\Lissabonner Vertrag.jpg [2013.03.15 17:43:14 | 000,295,624 | ---- | M] () -- C:\Users\***\Documents\Lissabonner Vertrag.pdf [2013.03.15 17:19:38 | 000,062,320 | ---- | M] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.pdf [2013.03.14 17:59:32 | 000,419,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.14 15:12:04 | 000,120,200 | ---- | M] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2013.03.14 15:10:48 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk [2013.03.11 21:47:03 | 000,000,103 | -H-- | M] () -- C:\Users\***\Desktop\.~lock.deutschlisa.odt# [2013.03.11 18:19:52 | 006,388,093 | ---- | M] () -- C:\Users\***\Documents\Cannabis.odp ========== Files Created - No Company Name ========== [2013.04.09 09:31:16 | 000,000,188 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.09 09:26:08 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.08 19:11:18 | 000,017,308 | ---- | C] () -- C:\Users\***\Documents\Schriftliche Äußerung zum Sachverhalt.odt [2013.04.04 18:11:36 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.04.03 23:45:56 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Freemium TubeBox.lnk [2013.03.18 08:07:27 | 000,294,099 | ---- | C] () -- C:\Users\***\Desktop\Von Schengen nach Maastricht.pdf [2013.03.15 19:49:55 | 268,259,728 | ---- | C] () -- C:\Users\***\Desktop\video.mp4 [2013.03.15 17:55:18 | 000,002,112 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2013.03.15 17:43:09 | 000,295,624 | ---- | C] () -- C:\Users\***\Documents\Lissabonner Vertrag.pdf [2013.03.15 17:38:10 | 000,210,913 | ---- | C] () -- C:\Users\***\Documents\Lissabonner Vertrag.jpg [2013.03.15 17:10:22 | 000,062,320 | ---- | C] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.pdf [2013.03.14 17:40:20 | 000,942,027 | ---- | C] () -- C:\Users\***\Documents\Von Schengen nach Maastricht.odt [2013.03.14 15:10:48 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk [2013.03.11 21:47:03 | 000,000,103 | -H-- | C] () -- C:\Users\***\Desktop\.~lock.deutschlisa.odt# [2013.03.11 18:19:41 | 006,388,093 | ---- | C] () -- C:\Users\***\Documents\Cannabis.odp [2012.12.01 15:34:13 | 000,000,244 | ---- | C] () -- C:\Users\***\.swfinfo [2012.11.08 18:27:35 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll [2012.09.29 09:49:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.09.23 18:20:56 | 000,001,189 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml [2012.09.11 18:56:48 | 000,000,024 | ---- | C] () -- C:\Windows\Medi8or.ini [2012.09.11 18:56:36 | 000,001,304 | ---- | C] () -- C:\Windows\mediator.dat [2012.08.10 19:15:22 | 000,000,142 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.06.16 17:31:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.27 15:52:29 | 000,099,384 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2012.05.27 15:52:29 | 000,007,833 | ---- | C] () -- C:\Users\***\AppData\Roaming\ezplay.cat [2012.05.27 15:52:29 | 000,001,126 | ---- | C] () -- C:\Users\***\AppData\Roaming\ezplay.inf [2012.05.27 15:52:29 | 000,000,125 | ---- | C] () -- C:\Users\***\AppData\Roaming\ezplay.ini [2012.05.20 12:13:14 | 000,000,521 | ---- | C] () -- C:\Windows\eReg.dat [2012.04.09 19:43:38 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.26 12:27:34 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.02.05 18:51:36 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.04 19:29:02 | 000,000,443 | ---- | C] () -- C:\Windows\cedt.INI [2012.01.04 03:06:23 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.01.02 20:28:49 | 000,006,160 | ---- | C] () -- C:\Users\***\AppData\Roaming\gd.db [2012.01.02 20:28:49 | 000,000,242 | ---- | C] () -- C:\Users\***\AppData\Roaming\groovedown.settings [2011.12.31 20:40:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.26 18:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2013.04.03 20:43:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2013.02.22 23:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2013.03.06 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux [2012.02.26 12:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.05.20 11:10:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.11.09 17:34:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.12.16 15:57:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dev-Cpp [2012.09.22 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Digiarty [2013.04.09 09:35:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.12.04 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.11.08 13:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog [2013.04.07 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2013.04.03 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Freemium [2012.12.17 15:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeMoviesToDVD [2012.09.12 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown [2012.09.12 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown_Uninstall [2013.03.15 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.06.16 15:20:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2012.01.02 20:28:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lang [2013.03.14 15:35:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2012.01.10 13:45:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.02.27 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.10.21 00:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH [2012.11.08 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Replay Media Catcher 4 [2012.01.10 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2013.04.08 06:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.04.2013 09:39:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,61 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 35,03% Memory free
3,21 Gb Paging File | 1,86 Gb Available in Paging File | 57,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,09 Gb Total Space | 29,98 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
Drive D: | 152,00 Gb Total Space | 55,97 Gb Free Space | 36,82% Space Free | Partition Type: NTFS
Computer Name: ***-ASUS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F4DA35-93B4-4EE5-8F07-D20F5C2DEB99}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0A47694A-0592-4932-911C-255363211CB2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0FD74214-A025-4B9F-ABAD-A18BA73A5F60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11FED726-D47A-408E-83F9-9F9EEE66BB1A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1688719C-99CB-4FF3-A511-43EC4F897E9B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1722B74A-8693-4349-BCEF-D9F46D241517}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1B024AB0-8D11-403A-9B76-BE6E8383F664}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1F08706C-202D-48E2-AE47-66883BC40C19}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{20C473B9-8D48-4755-BCDF-9F464BF818EC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{25E98F3E-2D47-4A09-B433-785EA9CB1245}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{32DB14E4-57A6-4A3F-9FCD-553412C2F6C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3CF1C591-94F8-4753-BE82-562A3DC3531F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3F15C3AB-7FB7-4E9D-8B80-02B83CF700B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{45B62E7F-3B44-4E74-97B7-9A077CA9A551}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{47E9A09F-E551-420A-B720-48C75FE3207B}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BD0DF3F-4FD1-4BAF-983B-765AE38CB9C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4FC5659C-2981-4E58-9E07-1328545FDF1C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{53EA49B9-ADDE-4FBE-91B1-7717C4F8C68F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5824FFCC-2E10-49E7-88C9-B37C4A8D257E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5F04A618-6860-41D0-A624-AD15CCE157E7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5F69A8C1-12FA-473D-9817-6384CC8A9A04}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{630F2579-90AF-4F3A-BD1F-5C14F2B1963D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6406C847-A818-4B58-9CE8-B2A1F75625BF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{659B30FC-E534-4A9B-9CCD-B18D70812F30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{663A69DD-C317-4444-8B3A-075B34ECF978}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{695368AE-A8B8-4B21-9BCC-A6BC72C0B5F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A17699C-A3BA-408F-A3DC-E0D515580B74}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6AF543AE-C654-4C3D-82FC-D5C7BA554BA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6F7C270D-240C-4683-BD8A-B334B2AD9FB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70B6056B-C13B-41EA-B463-8FCCFE4A0EC0}" = rport=139 | protocol=6 | dir=out | app=system |
"{717A8EFE-2B73-4A0E-A445-ACA74744E151}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72A4BE9B-885D-4BAD-866D-98DD76022B62}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{747EAB9C-277E-4D16-A052-F668BDF4F1F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7567E01B-B044-478E-A8E1-ACF2B603FFCE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E040544-0863-4695-B6AE-A0C01AD6BECB}" = rport=445 | protocol=6 | dir=out | app=system |
"{84046E89-3AF9-4EEB-9ABC-AC385CDE22E3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8BED41D8-FAF1-4E44-B47A-1E9711E0C98D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8E65E84D-DB13-4048-9EE9-21A4A79023AC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8F399E1C-BC66-4C2E-9C70-6A3F6AB79143}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9176A182-D8B6-463C-9994-122F67D40129}" = lport=137 | protocol=17 | dir=in | app=system |
"{9282D338-5025-4EEE-B9E9-599B126AFBBA}" = lport=138 | protocol=17 | dir=in | app=system |
"{95A19215-8BE6-48DF-BF6C-DD981EECB698}" = lport=10243 | protocol=6 | dir=in | app=system |
"{976E8094-E8B2-4D09-806A-94D0AF7F8308}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9862BFB2-4BFC-4C73-B486-299B5FDB1EAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EE0117B-49A5-4EC3-9367-A719546554E7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9FEDB2DE-CEC3-4739-B78F-804E785BC95A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A88DDCA7-994C-4D3E-9E84-95C26C16768A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AB8227F2-D357-4998-990E-020EBE588DD0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B15AF2B6-CCCB-469D-866F-AE0F4065CC83}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B85C3CED-0E52-405A-898F-AB383BE64BA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC11FE91-05F5-46C8-8BCE-2BB606300C1E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BF289483-FE33-44DE-AF64-B41D332BF642}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C03D564D-5655-4246-849B-AE264612BF33}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C3B0E199-9A77-49DF-A977-199E32CBEC36}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C7BE285D-EC93-40EF-BA46-3E25437BC4FC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C8CCCA07-FF31-4DF3-88D9-1398D5CC9B7E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C92731F0-9C9F-4963-A9B6-F4EC28D77DFA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D00658A9-3161-4C0B-811D-A5F18B6ADC12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D090B816-406E-49DA-BB6E-F02E03FA977D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D12D777D-860E-43A5-9F0C-F5D8C6ACCF70}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D96C33CA-F15E-491F-8BB9-908CF94EB3F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E3F9A1D2-D32E-4979-9414-24475F96F367}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0B85121-FA8B-41F7-846A-A3F2566700AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9167BDD-7911-4C1C-A986-DE5B50106330}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC706D1E-1E7D-49AE-AA3A-840FFBD9BEB8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FFEAE8B8-2D2B-417C-A6AA-485C35B8595C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B07402-3410-4D7D-A999-865B2993E281}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{094B2455-3DE8-4F07-AA87-27DD4BBA1A02}" = protocol=6 | dir=out | app=system |
"{0AD7C013-1EAC-4AAF-8663-CCD136A4FEC9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0D735C61-7250-4362-A8AF-147582A4B753}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1215004F-CC9A-4E53-9562-03A3C5D0A553}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1374A1F6-169E-489D-BCDA-C963201F1CF1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1DDA3641-D0FD-4A7F-8B9D-0ED2365060D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{37AB9D0F-80BB-4805-9D5C-DFFB13203B73}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{3D439E63-AA62-4C4C-9FC8-02E471893D0C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{468F0BEB-51B0-4720-B90F-622961FB4BA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{472AA3CD-CF99-4DC5-986C-29B1B8526643}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47B0C4BA-1B51-4B12-83A3-D6EA25F0637D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D6AAC7D-8147-4361-9672-5E87F199473F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5516041B-AF1C-49F5-8361-8124D15C34F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58D48ABF-CCF9-4A94-99D1-3A71FFD52748}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6824FD90-6BEC-45E7-BEEC-417AA2D7C61F}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{74123421-95B8-420E-89A1-690F25206416}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{835082E7-0B9D-4A3F-A7F1-D3B8A6985F47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{846B87C0-26F6-426B-8E9D-4EB65207E430}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AD58ADB-05ED-47C9-A9DC-D3604C02A7F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9188CFC6-4932-4861-A84A-24FC74645902}" = protocol=6 | dir=in | app=c:\program files (x86)\downloadtoolz\hulu video downloader\hulu_d.exe |
"{943F4C43-ADEB-4867-AD19-DD49096C48F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97832A68-5D5C-4FB7-9679-8308FBBED566}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9CA0E70C-799F-417F-874C-B319C01941F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BF7EDEC7-4505-43CF-9F21-14D008DA5DF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1EBAFF8-4BFA-4524-8F27-921E48F61290}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5A6FEAC-9CAC-4DAC-8B49-92368E2A22E4}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{C60BB474-949D-4B45-B1B8-17702633D0A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFB17DF1-0324-48BB-9EB2-CC7E55E575F1}" = protocol=17 | dir=in | app=c:\program files (x86)\downloadtoolz\hulu video downloader\hulu_d.exe |
"{E1B49AAB-8A11-4038-A8F2-A9845B749FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{E40F666A-A581-4949-A809-29A6D1215D65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6C527CA-B5C8-40F2-A7D5-9989C5108774}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF796DBF-15D6-461E-AC53-910448AAB9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{F76B73DA-2D48-4770-9D81-6EFA5FFA5699}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB4D7BE2-F2FA-42FD-AF79-57A7B49A2DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{002FA12C-A174-4E71-AF8D-C787E2CAFF94}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{0BAF23D1-913B-4863-90E7-9A0484C2594F}D:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe" = protocol=6 | dir=in | app=d:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe |
"TCP Query User{0D6537EA-5109-45E1-B8FA-3EB3F194D470}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{0F38FEAC-7C7D-4433-85AE-811E7B74FBE0}C:\users\***\desktop\spiele\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\cod4\iw3mp.exe |
"TCP Query User{2138F118-8F5F-4F43-9529-6F44370C118E}D:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe" = protocol=6 | dir=in | app=d:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe |
"TCP Query User{3A1B21C2-ED21-4ACA-B159-238704F97E39}C:\users\***\desktop\rtmpexplorer\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv.exe |
"TCP Query User{3A985E8A-F3D3-490A-956F-D9E89D9BE6E8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{44033CA5-60FF-4A11-8961-09B72232FA37}C:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe |
"TCP Query User{5A8613BE-4CE3-4F21-9EB9-81A71078224D}C:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe |
"TCP Query User{6EACA207-5D66-4ED0-BDB1-5A1E45BF8F03}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{87334105-F209-4F88-8FF2-F4E18590143A}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe |
"TCP Query User{9071C708-53E0-4AE2-B2E4-6763878B30A8}D:\otrkeys\half life 2\hl2.exe" = protocol=6 | dir=in | app=d:\otrkeys\half life 2\hl2.exe |
"TCP Query User{940DA95D-69C2-422A-850A-4BB10555CB8B}C:\users\***\desktop\rtmpexplorer\rtmpsuck.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsuck.exe |
"TCP Query User{A299B8A4-16A1-4099-A1E8-B70BD6B78E9A}C:\users\***\desktop\spiele\counter-strike\hltv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hltv.exe |
"TCP Query User{ACFEABBC-657C-4F0E-9A1C-2D66B6FB27A8}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{ADD25604-0D07-4741-A5F0-159F7365A89E}C:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe |
"TCP Query User{B66A31D0-49D0-4FCB-97A9-7EEC19CC4A63}C:\users\***\desktop\spiele\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hl.exe |
"TCP Query User{D065624A-5F8F-42A5-A1A7-06FF84B0E8F0}C:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe |
"TCP Query User{E8D3AEC4-F0B4-452F-947D-B290F25C1056}C:\users\***\desktop\rtmpexplorer\rtmpgw.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpgw.exe |
"UDP Query User{18A72E5E-1A91-4E5D-A2D6-98AFFADA246B}C:\users\***\desktop\rtmpexplorer\rtmpgw.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpgw.exe |
"UDP Query User{198B79A8-35FF-4A13-BF70-3C57AD5B3A3D}C:\users\***\desktop\spiele\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\cod4\iw3mp.exe |
"UDP Query User{22C1DB5F-3D74-4302-BF4D-D2544EA4DD89}C:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpdump-2.4-git-010913-windows\rtmpsrv.exe |
"UDP Query User{247FEE0A-9BC3-4FE6-9B25-615E1617C7E6}C:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer2\rtmpsrv.exe |
"UDP Query User{26149AF1-F5FE-4DC0-B51F-56F67E9DA608}C:\users\***\desktop\rtmpexplorer\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv.exe |
"UDP Query User{27959DD7-DEB9-451B-9356-A4292E02834C}D:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe" = protocol=17 | dir=in | app=d:\hdr\the_lord_of_the_rings__the_fellowship_of_the_ring_10.exe |
"UDP Query User{2A009D67-048A-41C3-8E79-BC16FDA2A090}D:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe" = protocol=17 | dir=in | app=d:\otrkeys\half life 2 by happy.part05\half life 2\hl2.exe |
"UDP Query User{2BD7400C-664C-4B51-A6BA-FBDDF33D4DDD}D:\otrkeys\half life 2\hl2.exe" = protocol=17 | dir=in | app=d:\otrkeys\half life 2\hl2.exe |
"UDP Query User{3CFCA7CB-F8D5-4D38-882E-7CBAD04EDBA3}C:\users\***\desktop\spiele\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hl.exe |
"UDP Query User{43BE88E7-81B0-4037-A728-9C951B36B857}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{46420E65-9F12-4499-83E3-AF8A5BA443F7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4E829E1F-006E-4008-A443-B7823F702809}C:\users\***\desktop\rtmpexplorer\rtmpsuck.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsuck.exe |
"UDP Query User{7862F8CC-D874-4AB6-9420-731514C46D4E}C:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\rtmpexplorer\rtmpsrv-vlc.exe |
"UDP Query User{8AFAB0C8-B6AF-4249-8165-A44E6A732358}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{9BC3E318-FE74-41DA-AC25-37DBF2F26A76}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe |
"UDP Query User{9F83E311-E63A-4BCD-AFE7-E73DA7C3BDDD}C:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\age of empires ii the conquerors\empires2.exe |
"UDP Query User{AD73F28C-6F93-4B4F-A298-6BB14E839B3F}C:\users\***\desktop\spiele\counter-strike\hltv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\counter-strike\hltv.exe |
"UDP Query User{C1F48B88-241A-4F64-A193-96067218892B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{F20CFA62-8AC7-479F-A088-3CFD997EC4E1}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D04B2F4-BD8F-B8CE-DC9F-54369EC2783A}" = AMD Fuel
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}" = AMD Catalyst Install Manager
"{3C32C938-3071-BEF0-1EA5-403A420031A0}" = ccc-utility64
"{3F372A41-8007-012F-F5AE-685F588FC897}" = AMD Media Foundation Decoders
"{48E18BB4-394D-4976-AB9D-716F9302A942}" = BrowseToSave
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.1.3476 [2010-06-15]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2461E016-9FB4-B233-A74D-91D11A664342}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51002784-18FA-8FF9-9A1A-2468E7FCA096}" = Catalyst Control Center Graphics Previews Common
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{BAAE49C1-2844-4614-BCB9-1485569E344D}" = pdfforge Toolbar v6.9
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" =
"{C454E7DD-A09A-6D06-7FF9-59753475FC09}" = AMD VISION Engine Control Center
"{CE23BD08-F6FD-3337-D8BC-5B55E69263A5}" = Catalyst Control Center InstallProxy
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84
"{DA109884-7CDC-5F21-5F0B-742AA74F84E1}" = Catalyst Control Center Localization All
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2471277-4C40-44B8-9A5D-D170F237673C}" = TubeBox
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.3.4
"Audacity_is1" = Audacity 2.0.2
"AudibleManager" = AudibleManager
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crimson Editor SVN286M" = Crimson Editor SVN286M
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ffdshow_is1" = ffdshow v1.1.3476 [2010-06-15]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Fraps" = Fraps (remove only)
"Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0
"Groovedown" = Groovedown
"HotspotShield" = Hotspot Shield 2.88
"ImgBurn" = ImgBurn
"LAME_is1" = LAME v3.99.3 (for Windows)
"MAGIX_{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Postal 2" = Postal 2
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 3.01
"SP_f2a323db" =
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Textaizer Pro_is1" = Textaizer Pro v4.0
"The KMPlayer" = The KMPlayer (remove only)
"tint" = Tint
"TmNationsForever_is1" = TmNationsForever
"TubeBox 3.5.3" = TubeBox
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WinX DVD Author_is1" = WinX DVD Author 6.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.04.2013 16:36:09 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15320
Error - 08.04.2013 16:36:13 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 16:36:13 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19454
Error - 08.04.2013 16:36:13 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19454
Error - 08.04.2013 16:36:14 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 16:36:14 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20452
Error - 08.04.2013 16:36:14 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20452
Error - 08.04.2013 16:36:18 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 16:36:18 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24851
Error - 08.04.2013 16:36:18 | Computer Name = ***-Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24851
[ System Events ]
Error - 06.04.2013 04:20:52 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 06.04.2013 04:37:28 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Hotspot Shield Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 06.04.2013 04:37:40 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.04.2013 04:37:42 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 06.04.2013 09:05:32 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Hotspot Shield Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 06.04.2013 09:05:44 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
Dies ist bereits 2 Mal passiert.
Error - 06.04.2013 09:06:44 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.04.2013 09:55:01 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 09.04.2013 02:48:55 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.04.2013 03:34:01 | Computer Name = ***-Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-09 11:50:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST932032 rev.0003 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kwtcapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1840] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32076 4 bytes [24, D9, B9, 68]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1840] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37283 4 bytes [74, 4C, 09, 66]
.text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[1840] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab751a6 4 bytes [20, EF, B9, 68]
.text C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2360] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x92 0xE4 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x06 0x6D 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x00 0xF3 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x10 0x6F 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x92 0xE4 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x06 0x6D 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x00 0xF3 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x10 0x6F 0x75 ...
---- EOF - GMER 2.1 ----
 Mojodo Geändert von mojodo (09.04.2013 um 11:44 Uhr) |
| Themen zu Click to Continue > by Browse to to Save und http://searchiu.com/?affil=141 Startseite - Malware |
| any video converter, application/pdf:, browse to save, continue, converter, downloader, flash player, focus, freemium, hotspot, html/scrinject.b.gen, installation, jdownloader, msiexec.exe, pdfforge toolbar, plug-in, searchiu, searchiu.com, softwareupdater, super, svchost.exe, tracker, trojan.startpage, unterstrichen, win32/adware.multiplug.h, win32/adware.multiplug.i, windows, wlansvc |
Baum-Darstellung