| |
| |||||||
Log-Analyse und Auswertung: Skype virusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.05.2013, 19:51
| #1 |
 |  Skype virus Hallo meine freundi hat heute bei skype von einen bekannt ein link bekommen und ihm probiert zu öffnen jetzt kriegen alle eine fehler meldung vor angst das es immer so weiter geht hat sie skype vom rechner geworfen jetzt wollt ich wissen da es sich dabei ja um ein virus handelt is die sache damit gelöst oder wird wenn sie skype wieder rauf macht das problem wieder da sein,und falls das problem wieder das ist was kann ich dagegen tun? achso hab vergessen zu schreiben bei ihren antiviren programm kommt auch eine meldung von wegen, Worm:win32/dorkbot falls euch das weiter hilft Geändert von busa (21.05.2013 um 19:58 Uhr) |
|
21.05.2013, 23:44
| #3 |
| | Skype virus hier nochmal die datein
__________________ |
|
21.05.2013, 23:47
| #4 |
| /// TB-Ausbilder   | Skype virus Kannst du die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code]. Danke.
__________________ cheers, Leo |
|
21.05.2013, 23:52
| #5 |
| | Skype virus jetzt bin ich total verwirrt ich kenn mich mit computer nicht wirklich aus sorry.deswegen versteh ich jetzt gar nicht mehr |
|
21.05.2013, 23:56
| #6 |
| /// TB-Ausbilder | Skype virus Ok, egal, dann lass das. Aber hänge die OTL.txt nochmals als zip-File und nicht als *.7z hier an.
__________________ --> Skype virus |
|
21.05.2013, 23:57
| #7 |
| | Skype virusCode:
ATTFilter OTL logfile created on: 21.05.2013 23:33:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 65,37% Memory free 12,00 Gb Paging File | 10,28 Gb Available in Paging File | 85,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 247,82 Gb Total Space | 23,22 Gb Free Space | 9,37% Space Free | Partition Type: NTFS Drive D: | 683,59 Gb Total Space | 139,17 Gb Free Space | 20,36% Space Free | Partition Type: NTFS Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M] [2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions [2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com [2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com [2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com [2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de [2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml [2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml [2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2012.01.14 02:31:49 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll뀀;㶉噯 佃䑎䥕ㅾ䐮䱌 File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll File not found O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PokerStars] C:\Users\user\Documents\PokerStars\PokerStars.scr File not found O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [fcfccbdcadbsacfsfdsf] C:\ProgramData\fcfccbdcadbsacfsfdsf.exe () O4 - HKCU..\Run: [Integrated Driver] C:\Users\user\AppData\Roaming\Mozilla\winmgr.exe File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PokerStars = C:\Users\user\Documents\PokerStars\PokerStars.scr O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: PokerStars - C:\Users\user\Documents\PokerStars\PokerStars.scr - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ] O33 - MountPoints2\{03f6a33c-8c90-11e1-b9d2-0025227cbc5f}\Shell - "" = AutoRun O33 - MountPoints2\{03f6a33c-8c90-11e1-b9d2-0025227cbc5f}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012.08.13 19:56:20 | 000,183,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{2dc5649c-2828-11e2-ba09-0025227cbc5f}\Shell - "" = AutoRun O33 - MountPoints2\{2dc5649c-2828-11e2-ba09-0025227cbc5f}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{52b8a7d7-3f24-11e1-bac4-0025227cbc5f}\Shell - "" = AutoRun O33 - MountPoints2\{52b8a7d7-3f24-11e1-bac4-0025227cbc5f}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{52b8a7e3-3f24-11e1-bac4-0025227cbc5f}\Shell - "" = AutoRun O33 - MountPoints2\{52b8a7e3-3f24-11e1-bac4-0025227cbc5f}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{e05ef057-a4c5-11e1-ab79-0025227cbc5f}\Shell - "" = AutoRun O33 - MountPoints2\{e05ef057-a4c5-11e1-ab79-0025227cbc5f}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.16 02:52:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 02:52:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 02:52:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.16 02:52:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.16 02:52:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.16 02:52:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.16 02:52:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.16 02:52:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 02:52:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.16 02:52:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.16 02:52:38 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.16 02:52:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.16 02:52:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.16 02:52:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 02:52:35 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 12:00:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 12:00:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 12:00:17 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 12:00:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 12:00:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 12:00:15 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 12:00:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.14 23:26:11 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.14 21:39:04 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.14 21:39:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.14 21:39:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.14 21:39:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game [2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe [2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3 [2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin [2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin [2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.21 23:37:12 | 000,091,136 | ---- | M] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe [2013.05.21 23:32:16 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 23:32:16 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.21 23:26:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.21 23:24:30 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.21 23:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.21 23:24:09 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 22:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job [2013.05.21 22:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.21 22:23:31 | 000,071,680 | ---- | M] () -- C:\ProgramData\4619.exe [2013.05.21 22:08:31 | 000,071,680 | ---- | M] () -- C:\ProgramData\8866.exe [2013.05.21 21:53:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\CC0A.exe [2013.05.21 21:38:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\FBE.exe [2013.05.21 21:23:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\5373.exe [2013.05.21 21:08:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\96AA.exe [2013.05.21 20:53:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\DA2F.exe [2013.05.21 20:38:29 | 000,071,680 | ---- | M] () -- C:\ProgramData\1596.exe [2013.05.21 20:33:27 | 000,071,680 | ---- | M] () -- C:\ProgramData\FA2A.exe [2013.05.21 20:18:29 | 000,071,680 | ---- | M] () -- C:\ProgramData\3B8D.exe [2013.05.21 20:10:02 | 000,071,680 | ---- | M] () -- C:\ProgramData\DF4B.exe [2013.05.21 19:54:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\1CB6.exe [2013.05.21 19:39:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\602C.exe [2013.05.21 19:33:37 | 000,071,680 | ---- | M] () -- C:\ProgramData\F0FD.exe [2013.05.21 19:18:37 | 000,071,680 | ---- | M] () -- C:\ProgramData\3359.exe [2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf [2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job [2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf [2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url [2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.14 23:26:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.14 23:26:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.14 23:26:12 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.14 21:38:57 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.14 21:38:55 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.14 21:38:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.14 21:38:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.14 21:38:54 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.05.14 21:38:54 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url [2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.21 22:23:30 | 000,071,680 | ---- | C] () -- C:\ProgramData\4619.exe [2013.05.21 22:08:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\8866.exe [2013.05.21 21:53:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\CC0A.exe [2013.05.21 21:38:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\FBE.exe [2013.05.21 21:23:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\5373.exe [2013.05.21 21:08:28 | 000,071,680 | ---- | C] () -- C:\ProgramData\96AA.exe [2013.05.21 20:53:28 | 000,071,680 | ---- | C] () -- C:\ProgramData\DA2F.exe [2013.05.21 20:38:27 | 000,071,680 | ---- | C] () -- C:\ProgramData\1596.exe [2013.05.21 20:33:25 | 000,071,680 | ---- | C] () -- C:\ProgramData\FA2A.exe [2013.05.21 20:18:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\3B8D.exe [2013.05.21 20:09:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\DF4B.exe [2013.05.21 19:54:55 | 000,071,680 | ---- | C] () -- C:\ProgramData\1CB6.exe [2013.05.21 19:39:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\602C.exe [2013.05.21 19:33:37 | 000,071,680 | ---- | C] () -- C:\ProgramData\F0FD.exe [2013.05.21 19:18:36 | 000,071,680 | ---- | C] () -- C:\ProgramData\3359.exe [2013.05.21 19:18:34 | 000,091,136 | ---- | C] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe [2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf [2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf [2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url [2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url [2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url [2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg [2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini [2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll [2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg [2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini [2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B < End of report > |
|
21.05.2013, 23:58
| #8 |
| /// TB-Ausbilder | Skype virus Prima, genau so meinte ich. 
__________________ cheers, Leo |
|
21.05.2013, 23:59
| #9 |
| | Skype virusCode:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 23:50:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033ac000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800033ac02f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[1732] C:\Windows\SYSTEM32\ntdll.dll!atan 0000000077959604 39 bytes [40, 53, 48, 83, EC, 30, 80, ...]
.text C:\Windows\Explorer.EXE[1732] C:\Windows\SYSTEM32\ntdll.dll!atan + 40 000000007795962c 1 byte [F8]
.text C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\1&1\IGDCTRL.EXE[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\1&1\IGDCTRL.EXE[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072bb1a22 2 bytes [BB, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072bb1ad0 2 bytes [BB, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072bb1b08 2 bytes [BB, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072bb1bba 2 bytes [BB, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072bb1bda 2 bytes [BB, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\Winamp\winampa.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\Winamp\winampa.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
.text C:\Users\user\Downloads\gmer_2.1.19163.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076221465 2 bytes [22, 76]
.text C:\Users\user\Downloads\gmer_2.1.19163.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762214bb 2 bytes [22, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Explorer.EXE [1732:3412] 00000000056548b0
Thread C:\Windows\Explorer.EXE [1732:3416] 00000000056557a0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:4900] 000007fefbce2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:4908] 000007fee34ed618
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL Extras logfile created on: 21.05.2013 23:33:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 65,37% Memory free
12,00 Gb Paging File | 10,28 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 23,22 Gb Free Space | 9,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,17 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4319:TCP" = 4319:TCP:*:Enabled:Remote Assistance Local
"5812:TCP" = 5812:TCP:*:Enabled:Remote Assistance Remote
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Combat Arms EU\CombatArms.exe" = D:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Combat Arms EU\Engine.exe" = D:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Combat Arms EU\CombatArms.exe" = D:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Combat Arms EU\Engine.exe" = D:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024490DC-DC56-4DAA-B9B2-80B58BDE029D}" = lport=58530 | protocol=6 | dir=in | name=pando media booster |
"{037E821B-841F-4C69-BCA0-A344E27572A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{0425BCDF-08A4-4C21-93E6-41815451C7AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{071DABEE-402B-4869-AC3F-DECF8D04B1E5}" = lport=58530 | protocol=17 | dir=in | name=pando media booster |
"{2AED87C9-9501-41A9-9040-F5FD8F0C5C83}" = lport=58530 | protocol=6 | dir=in | name=pando media booster |
"{3151696E-65EE-4812-B02B-A94F64D58C68}" = lport=58445 | protocol=17 | dir=in | name=pando media booster |
"{348CEBFA-508A-4C67-AF5D-676816B5D1B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{37CBFEF5-19DF-4EA0-A1BC-86BFE13C3C31}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe |
"{4C98CBB7-C520-46D8-A420-EF2F9D87F4CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E461E35-1595-4996-B831-ACE266F73D0E}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\tools\launcher.exe |
"{570D004B-D1B4-4409-8D25-6003847CB302}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{580D1AC6-E965-4910-A65B-4982102AE3B0}" = lport=49235 | protocol=6 | dir=in | name=akamai netsession interface |
"{587D5537-350C-4E39-AC82-3A9F3EA6EF02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5C5B287C-DE35-41D8-8FCC-27AAEE4C6D20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E54C900-9577-4D5F-9EFD-7D7B3AE8911F}" = rport=138 | protocol=17 | dir=out | app=system |
"{656C6A7D-3BD3-410E-80DF-90472221CDF4}" = rport=445 | protocol=6 | dir=out | app=system |
"{732BA7A7-49A0-4D42-BBBB-4D5C53ADAF5F}" = lport=445 | protocol=6 | dir=in | app=system |
"{7AB9F357-13A4-4A23-BD35-D62834F1CE08}" = lport=56544 | protocol=17 | dir=in | name=pando media booster |
"{7FAE09BE-6193-4E45-9996-578C220AD82E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{859E2FD3-54DA-451A-ACCE-B548B1159B84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{863A9064-953F-40B5-A55A-967BB4557B97}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86F5F435-049A-429A-8B08-F63773F09C3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87F0099B-0E30-4A38-B4FA-60FA768203BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E440427-780D-49C7-9735-CCDD81EB665A}" = lport=58445 | protocol=6 | dir=in | name=pando media booster |
"{93E41EC4-B597-4CDD-B09D-0546691FE6AE}" = lport=58530 | protocol=17 | dir=in | name=pando media booster |
"{94671735-2C2A-4C90-A385-FA3D489DA303}" = lport=56544 | protocol=6 | dir=in | name=pando media booster |
"{9AA20F22-95B1-4F4D-97B9-CFE3B6BBEDAC}" = lport=56544 | protocol=17 | dir=in | name=pando media booster |
"{9ADDFA46-8DEB-4357-AB3E-B0AF374FF119}" = lport=58445 | protocol=6 | dir=in | name=pando media booster |
"{A2CA7A8B-7219-4BA4-A550-4B52D02B8309}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A70EF457-65FA-4CBE-AA6F-2B6F5F9D52A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7994482-27B9-4BE9-B2E3-A534C286D8C0}" = lport=56544 | protocol=6 | dir=in | name=pando media booster |
"{BB13B974-4855-4FB4-9E75-61305C9D79E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC191E7A-6542-4BD9-83B6-AA3057A7553F}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC275F8B-D1F1-40DE-AB21-D581D6CA2A04}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.exe |
"{D4C5291D-4141-4F7A-8619-C28261A33EEE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D86D62B1-442E-4C35-BEBB-3DED209CF0DE}" = lport=58445 | protocol=17 | dir=in | name=pando media booster |
"{EB3985A1-CDE0-4A07-932C-3951CC3D2119}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED9F17F5-6E0C-4655-A10B-163D16853A1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FDFD3546-B47B-41E6-B837-CCC79775E202}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012B7A71-012F-47E9-9C7E-68A060FEFA53}" = protocol=17 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"{028D80BB-B70D-4B61-8518-0555B3F127F9}" = protocol=6 | dir=out | app=system |
"{051963BC-DAF5-4C8A-A6F9-170E2FCD3C9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{095071B6-903E-4B57-AB82-90D566E374F8}" = protocol=17 | dir=in | app=d:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"{0AAE1B9A-05AB-4495-9A64-EFE2BF0328F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B10F62F-B56A-4A6B-8A76-AFE03380673F}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe |
"{0BCFC4E4-06A3-4062-9E46-FD73AD8ADA57}" = dir=in | app=levelr.bin |
"{0D1E8651-1AE2-4C3C-85DC-F7E5604AE609}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{0FAA446D-7339-466A-AF08-5B277047E588}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"{10E9D0BA-7C1D-4614-BC5D-1F827CF01C0E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{11F15D93-D443-4B1B-8EA8-15370144B46F}" = protocol=17 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe |
"{12A4AD2E-F22E-46C8-B5BD-59E6AC4B0E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{12B6B00E-8526-4380-A5D7-CE1AFD048CF4}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{13331879-4F9D-49D5-A7B4-9EF98278EDA3}" = protocol=17 | dir=in | app=c:\users\user\downloads\utorrent.exe |
"{13CB2A47-C42C-42C9-80D1-621095A1956D}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{13EB0206-DE55-4BD4-AFDA-C1355B5CC050}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{148AF18F-53C2-4BF3-B2D0-3A5B866E52E9}" = protocol=6 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe |
"{14C21B87-F7A5-43B0-ABCB-11ED911E7341}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"{154396AE-1CF5-41CE-9657-633E7A3228B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{156E318E-F3EE-46CB-A5FE-B3CB3EB3938C}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{1570FF38-576E-4298-B1C3-5F724D3EF0E8}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstar.exe |
"{163EDD2D-B74F-4FB5-AA60-5559AF2C039C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{17F1B9A8-021E-48CE-9237-C1062402D564}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"{1917BC30-6A20-4253-B901-4A8F451569AB}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{1A86B1B4-A6EF-417D-A3B4-8B4C59254750}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{229E7E9D-E06F-42F2-B7AF-433361D6B691}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"{22B39F94-4F7C-4055-A86D-5DF4732749E9}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{23222283-2D56-42CB-9BD9-CFE30657381F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{23EB719F-E63B-493F-B1A3-825CF7C08CFB}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{263881B7-BBD1-4E8C-B046-7E79AFEFA72C}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{2650B705-5EE7-4E2C-B8C5-D03047084A7C}" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{29A2FA4A-3246-4925-A55D-52B110012ED7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DC870EC-6FFD-41A5-908F-703B8341F9A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2F872DD0-901A-4D97-919B-D040AF6BC0CD}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{32484BBB-1F69-42C6-A48F-EFA8911BEE89}" = protocol=17 | dir=in | app=d:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{33033F9C-4051-4F75-A103-15D17648B200}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34346DB5-BF1C-438E-9A5A-184E597D962C}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe |
"{347CD297-8E59-44E3-90B3-4C4CDC45B47C}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{34D4DC71-8C37-4768-A217-3CD7B792E2AC}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\warframe\warframe.exe |
"{366E29A6-EA9C-4021-81B3-26092F7C5A06}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{3693DC16-D881-4511-BE58-8B42D2BE48ED}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{3806D649-5D12-411A-8503-B7BB984C6B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{3A9760F1-3A8B-4208-B292-72F8B54072A2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{3C010C19-9C6C-4745-B17E-414D57A7B365}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstarpatcherloader.exe |
"{3EF1A9E3-9388-4523-8179-19A7CB570BF4}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{421EF5DC-F68F-4DED-8690-AE6D58ADFAC7}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"{4263C3DD-0C33-4475-8096-DF35FD9622A1}" = protocol=6 | dir=in | app=c:\users\user\downloads\utorrent.exe |
"{455CA5E4-6DF0-432E-A4CA-2880E1E59888}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\girafficwatchdog.exe |
"{4611D45A-359F-4C2E-BD14-77D8E11B6AA9}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstarpatcher.exe |
"{46CE64F1-9C1D-4AD5-9139-0D00711AC2E1}" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{46F2598F-061B-4B3C-B5CE-DF0675FAC5BC}" = protocol=17 | dir=in | app=d:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{4898D1E4-F96A-4648-963C-CAE10FD1393F}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{49495210-AD27-4FC5-84E9-1E43ADCC79E4}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"{4E17F503-322D-4A6D-A24B-1A7E566AD22B}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{4E324369-F0D3-4FBF-8482-20A484C8C05C}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"{50E226DC-0EC4-4C7A-A858-8D403285BD64}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{52A7E715-30EE-41DE-B4FA-B882C844AFE3}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe |
"{52B94BCB-9E37-4C83-9F59-C6DD167002BB}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe |
"{5497FD1F-8C93-4E94-9949-C9D861943D1A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{54F311AB-BCFC-415B-9C3F-DC29302C523F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{54FA24A9-79B3-4E01-B671-552EF8551914}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe |
"{5526A378-B2DD-4368-A9CE-3AEE4937BA66}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{56B4D626-CEDD-4925-BB79-D047B3D88B66}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstar.exe |
"{574682E0-AB62-45E6-80D7-579DF91AD41B}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{577745A5-0573-4324-89ED-0899D7A43C44}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5AD5FF7C-E3AE-4FDE-9D77-575BC4C1E55A}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{5C6D1E0F-BBBC-4FA8-ABCD-7993E684EEED}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5D2B7928-A3C6-4648-A326-38FF02F9A197}" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"{5D96F1DA-129B-45D3-8BD9-4415291316A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5DC8484F-D1B8-4CED-8201-EBF8B22AE4FA}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"{5E89604E-27B8-46F2-A080-3FEF265484F5}" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"{5EE1B7F0-E910-479A-B3F7-876D3ADD8AB5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{6098F3CD-F958-46AE-9091-3FC8A2992BE1}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{624DC7BA-72DD-4751-878E-8A345193B536}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{63AEDED1-51C8-4023-9AEA-07CCDA025996}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6474899D-1595-4C1A-A43D-5E8AE8EB6E05}" = protocol=6 | dir=in | app=d:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"{655A1AF1-8E79-454B-A09B-753FBDE07683}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"{6681EA39-D829-4A82-907B-8F1709CF1ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{66F18244-C809-42CA-82FB-13D45ABC49CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{68129668-8EB5-441C-AF58-18BC960DDDC4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{696470EB-7493-4F9A-A3CB-A1931EFB4C45}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe |
"{6965C9EF-68A5-462B-8E4D-DD5119D20C76}" = protocol=6 | dir=in | app=d:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{69A40B8A-3D62-4C64-B309-20CB1125C888}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{6B9BCC58-7507-4886-AA0E-B368758865D9}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{6BC2878D-F010-4D57-A0B3-EBDF312A5049}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6C04D010-DF07-4D74-86AC-874AE11CE07C}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{6D65B78E-3094-4DFC-AAC8-EEF0423D0394}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6DC7AF4D-B35C-4C59-84CF-F7ED22367FF5}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6FFB2AE0-0DC2-4D66-9995-7E7985FAED99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{712D619C-83A3-4F9B-BA9D-409786B1B311}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{714464B2-C76F-49D5-8E6E-FE1D45C96A6F}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{728B55B8-1D74-472D-BC4C-154BAFD2D3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7316061E-06FA-467F-9C2D-E3A9F33B97A8}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"{73852FBB-F9C4-4C2B-990F-2D78A400EBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{7454DD7E-4306-4E64-96C2-767200BF4159}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{75902E15-779B-4522-8F5B-6C081161B4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{763A6A5B-1DBC-49AB-8249-528D9B4EC352}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{78D9D35C-C145-42B6-B2C2-47AF2A9A6D61}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78F025A2-4291-4DD4-B04D-00CF36E2D0DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{795967E2-B607-4EC5-A6D0-76C17585FBDA}" = protocol=6 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"{7EF4FA6E-7022-4B33-8745-A3907A0F4EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe |
"{7F7598E8-9334-4BCB-AE97-D4294B9B6969}" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{8061D75E-6B57-4DC2-961F-629A49A11EE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{81BC1E5F-F3B6-473E-B33C-EEE458752235}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{844DA98A-489D-4B5A-B8CF-78E1414594AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{87A0929E-02F9-40B0-95CB-924F4CCD18B7}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{8D0A2C76-0448-4CB0-8F7B-10CD3BC05410}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"{8D77A37B-858D-4EA3-B6F0-38C8E5F7BDF8}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{8EFEEA82-0CA8-43A8-AA23-18AB9D1C1192}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{900CEA9E-76C7-4402-A526-6C425D836017}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{90B1D026-CC40-4AAF-B88B-270BCDD851EA}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{92D82719-7C2C-4233-B8A1-C6CCC56FBCB0}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe |
"{95775531-06AB-414C-B89F-CFE0ECC02B1E}" = protocol=6 | dir=in | app=c:\brawlbustersdownloader\bbdownloader.exe |
"{991FF523-1B8B-4A2E-956C-EF2240982A22}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe |
"{9B2EDDA2-060D-4A72-A111-B5D50CF11BC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9B6FB34B-1C7C-4E62-AAAF-62A2D7EEDFBA}" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"{9DA6CC4C-CF2C-4934-BB78-2C9879CA0892}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{9FB6223F-8956-41D2-A38D-8DBAE50316CB}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{9FE461AA-8B90-486E-A065-73F69D9450FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A16AF5C1-0CBB-4DE1-8AE2-D5ABDF22B211}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"{A1AF426E-33E4-4A91-8B88-69A3BA10C420}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A28E333B-428E-41A6-987E-3438F0B4FD30}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{A367B2DC-390E-4E4C-9AC2-9F8970DC2561}" = protocol=17 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"{A397F26B-4461-4477-A7E5-E2BEFC36771D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A747B66B-19A1-4293-96CB-5F850EB62B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{AA5B5D69-D0CD-4873-9FD6-587CB34050E8}" = protocol=17 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe |
"{AB480A07-7C04-482F-B476-98DBAE704D66}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{ACC455B0-97FA-4F1F-B8BB-5F4FF30797C8}" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"{ADA3743D-58BD-48BE-A2F4-BE48B90F4F74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B03DD69D-FF59-437D-ACBA-1BD0AEDB8363}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"{B3CBF20F-4D82-4F4D-9822-5B67C53AA62B}" = protocol=17 | dir=in | app=c:\brawlbustersdownloader\bbdownloader.exe |
"{B42B8C4E-8C6C-407C-A9EE-7E0085C73D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{B4AECC43-7259-44CC-B188-9BB18D16B056}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{B68118BC-D191-4AB0-8B58-2AB92EAD9BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\girafficwatchdog.exe |
"{BBD60DC7-9F57-408F-B65A-31BF5CE3E3DC}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{BCD53722-45F2-4046-BF82-CA73D66A0C9F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE832C31-F3E4-45BD-92DF-0A4DEA441535}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"{C34C8BA8-011B-4DD5-849A-52E226DBDCB1}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstarpatcherloader.exe |
"{C3AFD985-0828-4205-954B-0AF111B66188}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5252961-6AAF-419D-9DA7-F393FA16CF92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6D9F675-36A0-44B9-A4DE-69C7861B6AD2}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"{C7F89184-3610-432B-AA82-41175C0CE36F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C822F2F7-81E1-4F39-BCFE-0B62B44CF127}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"{C89C3188-3AF1-4BF6-82F3-97850D1F5BB0}" = protocol=6 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"{CA2BDF41-7629-4EE3-BA96-10B512EE7F3A}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"{CAEA4AD1-0962-48EC-8B1A-2EC8793EF9A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC5224FD-C7FE-49C6-8445-7CCCD6D76120}" = protocol=17 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe |
"{CDACA8DE-FF06-444A-89A6-D25BC10B77F5}" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe |
"{CDE946DF-A63D-41CB-B7D7-294BB944D5B6}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{D121A5E4-72AE-4E43-8016-9BBD8946231E}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{D531E277-6C1B-4E0C-8228-84E01DF09D02}" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{D6893CD3-B70F-46BB-BE95-6C1A75071408}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D72B96FB-D2B5-422B-8CA9-80DD6E85644B}" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe |
"{D85E8ED7-8266-4D76-94B0-FB8D552363AD}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"{D8EF3E74-CE18-40C6-8297-2C0FCB30D961}" = protocol=17 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.exe |
"{D93FEF3D-3E59-49B6-B3F1-7985B31DB0BC}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"{DA76710D-206B-4239-851B-5D6624D8860B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCB8A490-E508-474C-9CB6-1D1233DE8933}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DEEB17BF-2507-48B1-A131-A5AE606E02D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{E0F718B0-1C5F-4E47-A60C-CAE002C1CE22}" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"{E21F5D54-232D-4452-82FC-CB604639538D}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstarpatcher.exe |
"{E2D427F3-24DA-4C68-9DB7-EF828998C1F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4D3DEBF-7D29-4BB8-8D94-CCEC7A9705BB}" = protocol=6 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe |
"{E536A6C2-C11C-4865-80C0-DA9D6F74AEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{E691AD3B-652C-47F8-AEBF-8C4DE114582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E71B68D9-8B93-4C50-AE7C-B59582B0ECFD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{E8FEBCC3-32C7-4C90-898D-0A9661DC9B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"{E9F65E66-7514-4960-8E45-F65AA737A740}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{EA8D9709-477A-4D54-82CF-2564231A1463}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{EB629D38-F128-4BEC-A503-79866F78E6C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{ED72AA1B-CE5F-4EDB-9B9E-CB1F4E49EEE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDA1A2E0-8542-4512-9D9E-7062FF85D242}" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"{EE613A8F-1134-4B92-998B-56CC795588EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{F2A897C2-5952-40A8-90AE-9A1E9E838048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{F3F01057-4547-46C9-93B8-56DD8817399A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F64FC1B4-E297-4450-8CC9-AD20E9CEC7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe |
"{F724F2BC-ACFA-41D2-AD23-69803A7FB335}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{F8B7722B-15D2-45DE-9A59-0952E00BA3F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9F0144B-2CE1-4BCF-A10A-B8A294E494E8}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe |
"{FA78AC4A-7379-4CC9-9ABA-5A9DE541105F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{FD8746F4-8E28-404E-A799-1F3BA92CCD5E}" = protocol=6 | dir=in | app=d:\program files (x86)\efusion\blackshot\system\blackshot.exe |
"{FECA4F58-8861-44A8-8B3B-AAD0B67FE27E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFC4295B-4E30-447A-A83D-A23F19D606E3}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"TCP Query User{0744FDA1-78FD-4E6B-ACA9-F9AD485990CA}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"TCP Query User{07F422C5-816D-497C-B08C-26BD9FFAA6E2}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"TCP Query User{0AAF023D-8E9D-4060-A921-42DF881A3D9F}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{126EE4AA-570A-4AA6-BB9F-5F982F83A3F6}D:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"TCP Query User{16E97906-9C69-4472-9B26-A61DBEB749CA}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{2348C923-9803-4235-A55C-BDC503AAC28A}C:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe |
"TCP Query User{24654ECD-2119-4FD7-96EB-337D9436FC09}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"TCP Query User{2BAC8F82-183D-4AB1-A1C0-A3A9D6CFEB9E}C:\users\user\desktop\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"TCP Query User{362CCED2-8337-41E9-B5FF-CAD5AF0F3CAF}D:\di\deadislandgame.exe" = protocol=6 | dir=in | app=d:\di\deadislandgame.exe |
"TCP Query User{3F9CC23A-89BD-4EFE-AF7C-564E902EB021}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"TCP Query User{5126378B-CF52-4176-ADF2-F51E4DCA160E}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{5A04FB88-ED3A-40B1-8E31-33D5658EF4C6}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"TCP Query User{5D3A2685-B936-4DD0-9CC2-0A80E3B80DC7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5F93DA30-8C47-4F62-9D64-5A3F64EA0AEB}D:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{61BFCCE9-BB99-48D3-9645-972C759298CC}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{68A8E39C-375F-4335-B901-D7ED56E52844}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"TCP Query User{6B0AEFFD-23E8-4A4D-8134-B3177CDB0483}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"TCP Query User{72FDE2DB-ED92-4C33-92AC-FA08D67039B6}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"TCP Query User{76BEC1A8-2C78-46F2-856C-4D8262D103A8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{7DAF71EF-F927-45EA-850F-24C2352B7BDA}D:\skyrim\steamapps\common\dota 2 beta\dota.exe" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{7EA77A10-07A8-44DE-8017-464EA62E0902}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"TCP Query User{896AA2FB-8ED8-42F0-9263-EE70E76D6B78}C:\program files\gamigo\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"TCP Query User{91BB64BC-A19F-40C5-BAAE-F84B125259FA}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"TCP Query User{9202B557-B0A3-4088-8F15-006D9714B2A2}C:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe |
"TCP Query User{9BF4FC09-4D5D-4D23-92D5-D332EDB34FE3}C:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"TCP Query User{9C7EC8D4-7ECC-4CD2-87F7-AEEA2BE9C90D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{A0604FDF-04D0-4A4A-884A-885384DA656F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B0BE1425-2696-41FB-9EEC-7491E09BCBA4}D:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=d:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"TCP Query User{B29974A4-E982-4E46-9A89-5680C2287AF4}D:\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=d:\candisoft_load!_0.7.2\load.exe |
"TCP Query User{B983E990-42A1-478A-BF2A-33BBC7957832}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{C388C7E5-6A7E-4456-BF61-0894A3AEE575}D:\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe |
"TCP Query User{D1569EB9-26B5-4FD3-8F9B-4DD268E203C9}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{DC655847-5026-485D-BD73-314DC3D4B884}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{E3B1472A-06AF-4105-A3E5-E9CA098E810B}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{E49C3ADC-78D7-460C-89C7-64BB3BC6ABB8}C:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"TCP Query User{EC5A3825-8EFD-4B75-A245-D57D4022181A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{F8614C83-5762-40DE-B887-07779E78E4B5}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{F949D56E-8937-4CEE-9927-A183F3AEFE5F}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{FFB2BDCD-1BCE-413E-9F21-1C48D27111E1}C:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe |
"UDP Query User{00B16FA7-DDB3-42B8-8091-EF35DA431D34}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{01183963-785D-47B7-BEFB-EC6DC2C191E6}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{09BC906C-B8CD-4DC0-86D8-91CFF850EEE9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{0DE095A4-9FE6-4D36-9396-50549E0D0653}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{14CB14F2-850C-4B86-8C1E-302D76616715}D:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"UDP Query User{1C255329-EFFD-4086-98D4-20BE449916B9}D:\skyrim\steamapps\common\dota 2 beta\dota.exe" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\dota 2 beta\dota.exe |
"UDP Query User{1C6C4398-EE6E-4219-8313-C77ACDE41562}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{2E5DAA7D-F92B-45BA-8CAC-22701BCFB101}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"UDP Query User{329A8240-8078-4948-81FA-5435329060BF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{347182ED-575F-4728-A9DE-6FC8C739D65E}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{3EE38F09-CD9D-4FD9-95D2-8B5BB9B612AC}D:\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe |
"UDP Query User{4159C364-69E7-45BA-8CC6-C887315DAF8A}C:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"UDP Query User{57D8B9C9-C7C9-482F-90C3-82F36A047AEB}D:\di\deadislandgame.exe" = protocol=17 | dir=in | app=d:\di\deadislandgame.exe |
"UDP Query User{68E16083-4360-4606-9D96-4C39715FA10E}C:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe |
"UDP Query User{692670F3-4ECA-4565-BC3A-8AB956B0757C}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{7266CB73-9877-4FD8-9E25-7A5F9AB67F89}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |
"UDP Query User{7CD37311-245B-482C-967A-58B323264275}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"UDP Query User{7EA73ECD-D5FE-4726-80E5-03A1C9A480C6}D:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{852778E8-699D-4A0B-ACC8-56C3F22C85E0}C:\program files\gamigo\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"UDP Query User{864C9DA6-E62E-47B3-8C8A-552873C91301}C:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe |
"UDP Query User{87B5D65D-510C-4A47-A689-6F89A581858A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{8D6EC5DB-3FA9-4D93-9F84-EC8F9A932BF7}C:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe |
"UDP Query User{9266EC45-D9C5-44DE-A8F4-A362025D91B4}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat |
"UDP Query User{9A58D0B8-B365-445B-BCA3-DF29A9E26377}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{AA435997-6D53-4706-A930-1EAE08F2F470}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"UDP Query User{B66F766F-FC1F-4AEC-B8EA-CAD0223DB762}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe |
"UDP Query User{BB33F0FA-DFFB-40CA-AB40-E3734EDFD87B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{C68E281D-27C1-410B-AE74-053BD5501A4A}D:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=d:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{C7D49D84-B3DB-46CE-B7E5-550EA9D12DB9}C:\users\user\desktop\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin |
"UDP Query User{D8F23CE9-E720-49A7-AB88-C74B737446E7}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe |
"UDP Query User{DAD3404A-8176-4479-AA8C-5EED061B0BA1}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{DB8D3AB0-D6EF-4261-B027-313DBC634C63}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe |
"UDP Query User{E53BAFD3-0F24-4725-97F3-3B9506F15E9A}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{E6E32BC1-AC7C-4E27-9FFE-D938ABFB4909}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe |
"UDP Query User{EC49F6C2-9037-46F6-8899-4B9C362E72DF}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"UDP Query User{EFCF4504-997D-47FC-B2A2-08A4AFB76364}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F51B46CF-E08D-458B-9543-D6EEFF293389}C:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe |
"UDP Query User{F9A8D3E2-C35C-42B2-BAE1-6A1C4BE9B18F}D:\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=d:\candisoft_load!_0.7.2\load.exe |
"UDP Query User{FBA6195B-F039-42BF-9F6C-078230ADA4B2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"C-Media CM106 Like Sound Driver" = Trust 5.1 Gaming Headset
"HoneyView3" = HoneyView3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E892FBB-0060-44C9-9E8C-017855956193}" = DBO_CT_TW
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{A3EBC021-4FBA-40DB-BC59-9C5ECEF3514E}_is1" = PESJP Patch 2013 version 3.0.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = Movie2KDownloader
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"aTube Catcher" = aTube Catcher
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlackShot" = BlackShot
"Borderlands 2_is1" = Borderlands 2
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DMO" = GDMO
"facemoods" = Facemoods Toolbar
"Generic USB 108 Sound" = TEAC
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"Giraffic" = Veoh Giraffic Video Accelerator
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Pangya" = Pangya (Ntreev SG Interactive)
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PlayCatan Client" = PlayCatan Zugangssoftware
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12900" = Audiosurf
"Steam App 230410" = Warframe
"Steam App 234710" = Poker Night 2
"Steam App 24240" = PAYDAY: The Heist
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"Steam App 91310" = Dead Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"SOE-C:/Users/user/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-D:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2013 05:41:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 06:38:09 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.05.2013 13:40:31 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 14:19:08 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 14:39:19 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2013 16:13:54 | Computer Name = user-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 21.05.2013 16:13:55 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PESEDIT.exe, Version: 2.1.0.0, Zeitstempel:
0x51706042 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x2e8 Startzeit der fehlerhaften Anwendung: 0x01ce565fb4367964 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEDIT.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: f631dafc-c252-11e2-8386-0025227cbc5f
Error - 21.05.2013 16:30:59 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.05.2013 17:06:54 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.05.2013 17:26:04 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 21.05.2013 05:40:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 21.05.2013 05:40:26 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64
Error - 21.05.2013 13:38:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 21.05.2013 13:39:24 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64
Error - 21.05.2013 14:17:32 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 21.05.2013 14:17:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64
Error - 21.05.2013 14:37:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 21.05.2013 14:38:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64
Error - 21.05.2013 17:24:28 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
beendet: %%126
Error - 21.05.2013 17:24:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHlpa64
< End of report >
|
|
22.05.2013, 00:03
| #10 |
| /// TB-Ausbilder | Skype virus Ja da läuft doch einiges an Malware... Hier sind die nächsten Schritte für dich: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
22.05.2013, 00:20
| #11 |
| | Skype virus AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 22/05/2013 um 01:10:23 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA15A143-FB6D-44E1-93BD-B0EAAB84C725}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA8D8EED-ECE0-41B6-ACF5-4E57E9E95F24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6D80289-F2FA-4DCA-997C-F2BC885330E6}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AA15A143-FB6D-44E1-93BD-B0EAAB84C725}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA8D8EED-ECE0-41B6-ACF5-4E57E9E95F24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F6D80289-F2FA-4DCA-997C-F2BC885330E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE3E4F76-730F-4A7A-B79A-1A51F7096121}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC9054C1-3CB4-445F-8623-C16134852DD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
-\\ Google Chrome v [Version kann nicht ermittelt werden]
-\\ Chromium v directory_upgrade: true
}
-\\ Opera v [Version kann nicht ermittelt werden]
*************************
AdwCleaner[S1].txt - [15070 octets] - [22/05/2013 01:10:23]
########## EOF - C:\AdwCleaner[S1].txt - [15131 octets] ##########
Code:
ATTFilter ComboFix 13-05-21.01 - user 22.05.2013 1:26.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6143.4795 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\programdata\1596.exe
c:\programdata\1CB6.exe
c:\programdata\3359.exe
c:\programdata\3B8D.exe
c:\programdata\4619.exe
c:\programdata\5373.exe
c:\programdata\602C.exe
c:\programdata\8866.exe
c:\programdata\96AA.exe
c:\programdata\CC0A.exe
c:\programdata\DA2F.exe
c:\programdata\DF4B.exe
c:\programdata\F0FD.exe
c:\programdata\FA2A.exe
c:\programdata\FBE.exe
c:\programdata\fcfccbdcadbsacfsfdsf.exe
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmp79C2.tmp
c:\windows\SysWow64\tmp79C3.tmp
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-21 bis 2013-05-21 ))))))))))))))))))))))))))))))
.
.
2013-05-21 23:07 . 2013-05-21 23:29 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\offreg.dll
2013-05-21 21:54 . 2013-05-21 21:54 -------- d-----w- c:\program files (x86)\7-Zip
2013-05-21 17:54 . 2013-05-21 17:50 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B362F80F-DE1A-4E5D-99AB-FF56CB8042ED}\gapaengine.dll
2013-05-21 17:51 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\mpengine.dll
2013-05-21 17:18 . 2013-05-21 23:38 91136 ----a-w- c:\programdata\fcfccbdcadbsacfsfdsf.exe
2013-05-20 11:05 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 10:00 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 21:26 . 2013-05-14 21:26 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 19:39 . 2013-05-14 19:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-14 19:39 . 2013-05-14 19:38 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 15:19 . 2013-05-08 15:19 -------- d-----w- c:\program files (x86)\World of Warcraft
2013-05-08 15:19 . 2013-05-08 15:19 -------- d-----w- c:\program files (x86)\Rift Game
2013-05-07 17:20 . 2013-05-11 20:21 -------- d-----w- c:\programdata\EA Logs
2013-05-07 17:17 . 2013-05-08 15:55 -------- d-----w- c:\users\user\AppData\Local\Warframe
2013-05-07 14:57 . 2013-05-07 14:57 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-05-07 12:38 . 2013-05-08 16:44 -------- d-----w- c:\users\user\AppData\Roaming\Origin
2013-05-07 12:38 . 2013-05-07 12:38 -------- d-----w- c:\program files (x86)\Origin Games
2013-05-07 12:38 . 2013-05-07 12:47 -------- d-----w- c:\users\user\AppData\Local\Origin
2013-05-07 12:37 . 2013-05-07 12:47 -------- d-----w- c:\programdata\Origin
2013-05-07 12:37 . 2013-05-07 12:38 -------- d-----w- c:\program files (x86)\Origin
2013-04-24 12:45 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 12:24 . 2013-04-23 12:24 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 00:57 . 2011-04-04 14:15 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 21:26 . 2012-05-03 00:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 21:26 . 2012-05-03 00:57 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 19:38 . 2012-04-04 01:41 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-14 19:38 . 2011-04-04 13:56 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 12:49 . 2013-03-12 16:45 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-15 10:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-29 03:41 . 2013-03-29 03:41 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 03:41 . 2013-03-29 03:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-29 03:41 . 2013-03-29 03:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-29 03:41 . 2013-03-29 03:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-29 03:41 . 2013-03-29 03:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 03:41 . 2013-03-29 03:41 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 03:41 . 2013-03-29 03:41 441856 ----a-w- c:\windows\system32\html.iec
2013-03-29 03:41 . 2013-03-29 03:41 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-29 03:41 . 2013-03-29 03:41 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 03:41 . 2013-03-29 03:41 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-29 03:41 . 2013-03-29 03:41 235008 ----a-w- c:\windows\system32\url.dll
2013-03-29 03:41 . 2013-03-29 03:41 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-29 03:41 . 2013-03-29 03:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 03:41 . 2013-03-29 03:41 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-29 03:41 . 2013-03-29 03:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-29 03:41 . 2013-03-29 03:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 03:41 . 2013-03-29 03:41 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-29 03:41 . 2013-03-29 03:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-29 03:41 . 2013-03-29 03:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-10 10:40 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:40 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:40 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:40 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:40 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:40 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2011-11-05 17:28 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-22 2648184]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"fcfccbdcadbsacfsfdsf"="c:\programdata\fcfccbdcadbsacfsfdsf.exe" [2013-05-21 91136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
R3 X6va006;X6va006;c:\users\user\AppData\Local\Temp\00630D4.tmp [x]
R3 X6va007;X6va007;c:\users\user\AppData\Local\Temp\00719DE.tmp [x]
R3 X6va008;X6va008;c:\users\user\AppData\Local\Temp\0085C08.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-06 283200]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2013-05-13 2245232]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:26]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.cpl" [2007-06-07 6402048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-08 8757248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Integrated Driver - c:\users\user\AppData\Roaming\Mozilla\winmgr.exe
Wow6432Node-HKLM-Run-PokerStars - c:\users\user\Documents\PokerStars\PokerStars.scr
SSODL-PokerStars-c:\users\user\Documents\PokerStars\PokerStars.scr - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Ashampoo Burning Studio 6 FREE_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe
AddRemove-pcsx2-r4600 - c:\program files (x86)\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-PunkBusterSvc - d:\ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
AddRemove-PlanetSide 2 PSG - d:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00630D4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00719DE.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\0085C08.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22 01:39:42
ComboFix-quarantined-files.txt 2013-05-21 23:39
.
Vor Suchlauf: 15 Verzeichnis(se), 23.475.597.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 30.261.698.560 Bytes frei
.
- - End Of File - - 444A3CC7D6743978931F4BAB6652DF3E
Code:
ATTFilter OTL logfile created on: 22.05.2013 01:55:33 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,08 Gb Available Physical Memory | 67,94% Memory free 12,00 Gb Paging File | 10,39 Gb Available in Paging File | 86,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 247,82 Gb Total Space | 27,83 Gb Free Space | 11,23% Space Free | Partition Type: NTFS Drive D: | 683,59 Gb Total Space | 136,02 Gb Free Space | 19,90% Space Free | Partition Type: NTFS Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M] [2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions [2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com [2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com [2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com [2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de [2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml [2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml [2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2013.05.22 01:37:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [fcfccbdcadbsacfsfdsf] C:\ProgramData\fcfccbdcadbsacfsfdsf.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 01:53:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.22 01:39:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.22 01:23:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.22 01:23:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.22 01:23:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.22 01:23:37 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.22 01:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.22 01:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.22 01:08:38 | 005,068,564 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013.05.21 23:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.05.21 23:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.05.21 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\otl.exe [2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game [2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe [2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3 [2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin [2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin [2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.22 01:54:15 | 000,091,136 | ---- | M] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe [2013.05.22 01:53:09 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 01:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 01:52:50 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 01:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job [2013.05.22 01:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 01:37:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.22 01:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 01:19:18 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 01:19:18 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 01:08:43 | 005,068,564 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf [2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job [2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf [2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url [2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url [2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.22 01:23:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.22 01:23:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.22 01:23:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.22 01:23:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.22 01:23:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.21 19:18:34 | 000,091,136 | ---- | C] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe [2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf [2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf [2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url [2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url [2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url [2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg [2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini [2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll [2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg [2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini [2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft [2011.04.04 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo [2012.04.22 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite [2011.08.28 05:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations [2011.08.31 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ijjigame [2011.07.21 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lionhead Studios [2012.08.22 03:48:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient [2013.05.21 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble [2011.07.03 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World [2012.11.07 01:41:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy [2012.11.13 10:14:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2011.11.25 03:49:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera [2013.05.08 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin [2013.02.11 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayCatanClient [2013.05.22 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RIFT [2012.11.14 21:38:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer [2013.05.22 01:09:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client [2012.08.14 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle [2013.04.21 00:54:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B < End of report > |
|
22.05.2013, 01:40
| #12 |
| /// TB-Ausbilder | Skype virus Lass bitte Combofix noch einmal genau gleich durchlaufen und poste das neue Logfile.
__________________ cheers, Leo |
|
22.05.2013, 12:02
| #13 |
| | Skype virusCode:
ATTFilter ComboFix 13-05-21.01 - user 22.05.2013 12:21:35.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6143.4462 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fcfccbdcadbsacfsfdsf.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-22 bis 2013-05-22 ))))))))))))))))))))))))))))))
.
.
2013-05-22 10:29 . 2013-05-22 10:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-22 10:29 . 2013-05-22 10:29 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-05-22 10:29 . 2013-05-22 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-21 23:07 . 2013-05-22 09:58 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\offreg.dll
2013-05-21 21:54 . 2013-05-21 21:54 -------- d-----w- c:\program files (x86)\7-Zip
2013-05-21 17:54 . 2013-05-21 17:50 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B362F80F-DE1A-4E5D-99AB-FF56CB8042ED}\gapaengine.dll
2013-05-21 17:51 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\mpengine.dll
2013-05-20 11:05 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 10:00 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 21:26 . 2013-05-14 21:26 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 19:39 . 2013-05-14 19:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-14 19:39 . 2013-05-14 19:38 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 15:19 . 2013-05-08 15:19 -------- d-----w- c:\program files (x86)\World of Warcraft
2013-05-08 15:19 . 2013-05-08 15:19 -------- d-----w- c:\program files (x86)\Rift Game
2013-05-07 17:20 . 2013-05-11 20:21 -------- d-----w- c:\programdata\EA Logs
2013-05-07 17:17 . 2013-05-08 15:55 -------- d-----w- c:\users\user\AppData\Local\Warframe
2013-05-07 14:57 . 2013-05-07 14:57 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-05-07 12:38 . 2013-05-08 16:44 -------- d-----w- c:\users\user\AppData\Roaming\Origin
2013-05-07 12:38 . 2013-05-07 12:38 -------- d-----w- c:\program files (x86)\Origin Games
2013-05-07 12:38 . 2013-05-07 12:47 -------- d-----w- c:\users\user\AppData\Local\Origin
2013-05-07 12:37 . 2013-05-07 12:47 -------- d-----w- c:\programdata\Origin
2013-05-07 12:37 . 2013-05-07 12:38 -------- d-----w- c:\program files (x86)\Origin
2013-04-24 12:45 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 00:57 . 2011-04-04 14:15 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 21:26 . 2012-05-03 00:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 21:26 . 2012-05-03 00:57 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 19:38 . 2012-04-04 01:41 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-14 19:38 . 2011-04-04 13:56 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 12:49 . 2013-03-12 16:45 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-23 12:24 . 2013-04-23 12:24 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 10:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-29 03:41 . 2013-03-29 03:41 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 03:41 . 2013-03-29 03:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-29 03:41 . 2013-03-29 03:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-29 03:41 . 2013-03-29 03:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-29 03:41 . 2013-03-29 03:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 03:41 . 2013-03-29 03:41 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 03:41 . 2013-03-29 03:41 441856 ----a-w- c:\windows\system32\html.iec
2013-03-29 03:41 . 2013-03-29 03:41 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-29 03:41 . 2013-03-29 03:41 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 03:41 . 2013-03-29 03:41 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-29 03:41 . 2013-03-29 03:41 235008 ----a-w- c:\windows\system32\url.dll
2013-03-29 03:41 . 2013-03-29 03:41 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-29 03:41 . 2013-03-29 03:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 03:41 . 2013-03-29 03:41 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-29 03:41 . 2013-03-29 03:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-29 03:41 . 2013-03-29 03:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 03:41 . 2013-03-29 03:41 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-29 03:41 . 2013-03-29 03:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-29 03:41 . 2013-03-29 03:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-10 10:40 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:40 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:40 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:40 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:40 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:40 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2011-11-05 17:28 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-22 2648184]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R1 tuxnrfkk;tuxnrfkk;c:\windows\system32\drivers\tuxnrfkk.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
R3 X6va006;X6va006;c:\users\user\AppData\Local\Temp\00630D4.tmp [x]
R3 X6va007;X6va007;c:\users\user\AppData\Local\Temp\00719DE.tmp [x]
R3 X6va008;X6va008;c:\users\user\AppData\Local\Temp\0085C08.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-06 283200]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2013-05-13 2245232]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:26]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.cpl" [2007-06-07 6402048]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-08 8757248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-fcfccbdcadbsacfsfdsf - c:\programdata\fcfccbdcadbsacfsfdsf.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Ashampoo Burning Studio 6 FREE_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe
AddRemove-pcsx2-r4600 - c:\program files (x86)\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-PunkBusterSvc - d:\ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00630D4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00719DE.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\0085C08.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-22 12:38:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-22 10:38
ComboFix2.txt 2013-05-21 23:39
.
Vor Suchlauf: 16 Verzeichnis(se), 34.166.403.072 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 33.855.541.248 Bytes frei
.
- - End Of File - - 1F38C38F6C69A9AFFEDC312A2CDB193E
|
|
22.05.2013, 12:20
| #14 |
| /// TB-Ausbilder | Skype virus Jep, dann so weiter: Schritt 1 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
22.05.2013, 13:07
| #15 |
| | Skype virusCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.22.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [administrator]
22.05.2013 13:35:53
mbar-log-2013-05-22 (13-35-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30618
Time elapsed: 8 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
c:\Users\user\AppData\Roaming\Macromedia\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\OpenOffice.org\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\TeamViewer\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\vlc\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.22.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [administrator]
22.05.2013 13:58:43
mbar-log-2013-05-22 (13-58-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30638
Time elapsed: 10 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
| Themen zu Skype virus |
| angst, fehler, gelöst, geworfen, heute, kriege, link, meldung, probiert, problem, rechner, sache, skype, skype virus, virus, wissen, öffnen |
WARNUNG an die MITLESER: 
Linear-Darstellung
