| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Internet lahmgelegt - Ddos / Anpingen?Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
13.03.2011, 10:42
| #1 |
| |  Internet lahmgelegt - Ddos / Anpingen? Hallo liebes TB-Team, Also mein Problem ist folgendes: Seit gestern Abend ist mein Internet sogut wie lahmgelegt. Seiten aufzubauen dauern sehr lange und bricht oftmals einfach ab. Ich Downloade nicht mehr mit voller Geschwindigkeit ( zumindest meiner Meinung nach ), und der Ping schwankt beispielwesie bein Onlinegames von normal zb. 30 hoch auf 150, mal wiede runter auf 75 wieder hoch etc. , sprich wilkürlich. Die Vermutung das es daran liegt das ich von einem anderen Rechner geDosd werde oder ähnliches, liegt daran, dass ich gestern mit drei Freunden in einem Voicechatt war, wir gegen ein gegnerisches Team gespielt haben, und nach deren vermeindlichen Niederlage bei allen dreien von uns das Internet wie oben beschrieben so gut wie down ist. Router RR bringt 2-5 Minuten was aber auch nicht ernsthaft irgendwelche Besserungen. Ich kenne mich leider nicht sehr gut aus mit solchen Beschwerden, und hoffe das ich hier vielleicht schnelle und gute Hilfe bekommen kann =/ Was mir persönlich noch aufgefallen ist wenn ich per cmd - netstate öffne steht dort zu haufe TCP 192.168.178.35:49170 217.118.170.204:http FIN_WARTEN_1 TCP 192.168.178.35:49171 217.118.170.204:http FIN_WARTEN_1 TCP 192.168.178.35:49172 217.118.170.204:http FIN_WARTEN_1 TCP 192.168.178.35:49173... usw. War der erste Anhaltspunkt der mir eingefallen ist, da ich wie gesagt, mich da leider nicht so wahnsinnig gut auskenne. Anbei dürften die Log Daten von MAM sein, sowie die von OTL Benutzen tue ich die FritzBox 7270. Bin natürlich für alle Fragen offen! Mit freundlichen Grüßen Jakob Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6039
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
13.03.2011 10:28:29
mbam-log-2011-03-13 (10-28-29).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159351
Laufzeit: 1 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> 1688 -> Not selected for removal.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 2932 -> Not selected for removal.
Infizierte Speichermodule:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Not selected for removal.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal.
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files (x86)\pdfforge toolbar\IE\4.3\pdfforgetoolbarie.dll (PUP.Dealio) -> Not selected for removal.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Not selected for removal.
Code:
ATTFilter OTL logfile created on: 13.03.2011 09:01:49 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jakob\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 468,71 Gb Free Space | 78,63% Space Free | Partition Type: NTFS Computer Name: JAKOB-PC | User Name: Jakob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jakob\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Jakob\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Creative HOAL Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (SSHDRV76) -- C:\Windows\SysWOW64\drivers\SSHDRV76.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 59 F8 72 37 70 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.05 09:43:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.05 09:43:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.01.03 17:25:07 | 000,000,000 | ---D | M] [2010.10.21 20:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Extensions [2010.10.21 20:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.12 21:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions [2010.12.13 18:55:22 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.11.22 22:49:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.10.21 18:15:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.28 10:32:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.02.28 10:32:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.09 17:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.02.28 10:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\staged-xpis [2011.03.08 22:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.10.20 17:13:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.22 22:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.28 10:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.08 22:00:13 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2011.03.08 22:00:13 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.12 21:24:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.12 21:24:52 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.12 21:24:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.12 21:24:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.12 21:24:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.06 20:45:56 | 000,424,779 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14636 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~2\PESTPA~1\CookiePatrol.exe (Computer Associates International) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~2\PESTPA~1\PPControl.exe () O4 - HKLM..\Run: [PestPatrolCL] File not found O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Updater.exe] C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0cba7d49-4bd5-11e0-8472-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{0cba7d49-4bd5-11e0-8472-00ff01000001}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{f42bb76a-2eec-11e0-a52f-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{f42bb76a-2eec-11e0-a52f-00ff01000001}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.13 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Malwarebytes [2011.03.13 08:56:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.03.13 08:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.13 08:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.13 08:56:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.03.13 08:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.03.13 08:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.03.13 07:45:43 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PestPatrol [2011.03.13 07:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PestPatrol [2011.03.13 07:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PestPatrol [2011.03.13 01:34:56 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\TrojanHunter [2011.03.13 01:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.3 [2011.03.13 01:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojancheck 6 [2011.03.13 00:51:12 | 000,000,000 | ---D | C] -- C:\kav [2011.03.12 22:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.03.12 11:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC [2011.03.12 11:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC [2011.03.12 11:42:18 | 000,000,000 | -HSD | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011 [2011.03.11 16:09:29 | 000,000,000 | ---D | C] -- C:\Users\Jakob\Desktop\bin [2011.03.09 16:38:05 | 000,000,000 | R--D | C] -- C:\Users\Jakob\Dropbox [2011.03.09 16:37:04 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.03.09 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Dropbox [2011.03.09 06:57:00 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.03.09 06:57:00 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.03.09 06:57:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.03.09 06:57:00 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.03.09 06:56:59 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.03.09 06:56:58 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.03.09 06:56:58 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2011.03.09 06:56:58 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.03.09 06:56:58 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2011.03.09 06:56:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.03.09 06:56:58 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.03.09 06:56:58 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.03.09 06:56:57 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.03.09 06:56:57 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011.03.09 06:56:57 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011.03.09 06:56:57 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011.03.08 22:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2011.03.08 22:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2011.03.08 22:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2011.03.08 21:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.03.08 21:59:45 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2011.03.08 21:59:45 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2011.03.08 21:59:44 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2011.03.08 21:59:44 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2011.03.08 21:59:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2011.03.08 21:59:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2011.03.08 21:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2011.02.28 10:06:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.02.28 10:06:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.02.28 10:06:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.02.28 08:48:17 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\.minecraft [2011.02.28 08:38:08 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Sun [2011.02.26 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\InstallShield Installation Information [2011.02.26 14:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament 3 (LG) [2011.02.26 14:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unreal Tournament 3 (LG) [2011.02.25 23:48:42 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.02.25 23:48:38 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.02.25 23:48:37 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.02.25 23:48:37 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.02.25 23:48:37 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.02.25 23:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.02.25 23:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011 [2011.02.25 23:47:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.02.24 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r.u.s.e [2011.02.24 17:07:00 | 000,000,000 | ---D | C] -- C:\Users\Jakob\Documents\Roaming [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ [2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA [2011.02.24 15:47:20 | 004,514,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe [2011.02.24 15:47:20 | 002,264,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe [2011.02.24 15:47:20 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe [2011.02.24 15:47:20 | 000,360,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys [2011.02.24 15:32:54 | 000,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys [2011.02.24 15:32:54 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcvmm.sys.mui [2011.02.24 15:32:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui [2011.02.24 15:32:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe [2011.02.24 15:32:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui [2011.02.24 15:32:53 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui [2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui [2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui [2011.02.24 15:32:51 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys [2011.02.24 15:32:51 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys [2011.02.24 15:32:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui [2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui [2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui [2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui [2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui [2011.02.24 15:32:50 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe [2011.02.24 15:32:50 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll [2011.02.24 15:32:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcusb.sys.mui [2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui [2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui [2011.02.24 15:32:46 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe [2011.02.24 15:20:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011.02.24 15:20:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011.02.24 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SSI [2011.02.24 15:06:04 | 000,305,664 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2011.02.23 22:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paradox Interactive [2011.02.23 15:46:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.02.23 15:46:11 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.02.23 15:46:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.02.23 15:46:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.02.16 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jakob\Desktop\Sourcejunkies [2011.02.15 15:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4PL-Insight [2011.02.13 22:32:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CoffeeCup Software [2011.02.13 22:32:33 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\CoffeeCup Software [2011.02.13 22:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\CoffeeCup Software [2011.02.13 22:32:28 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software [2011.02.13 22:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software [2011.02.13 22:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoffeeCup Software [2011.02.13 22:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\GlobalSCAPE [2011.02.13 22:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Local\GlobalSCAPE [2011.02.13 22:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\GlobalSCAPE [2011.02.11 12:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.13 08:56:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.13 07:45:51 | 000,001,736 | ---- | M] () -- C:\Windows\SetupPestPatrolCorporate.mif [2011.03.13 07:20:02 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 07:20:02 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 07:17:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.13 07:17:21 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.13 07:17:21 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.13 07:17:21 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.13 07:17:21 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.13 07:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.13 07:12:43 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.03.13 01:32:11 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll [2011.03.11 16:11:52 | 000,096,220 | ---- | M] () -- C:\Users\Jakob\Desktop\ItemslistV110.png [2011.03.11 08:33:51 | 000,149,504 | ---- | M] () -- C:\Users\Jakob\AppData\Roaming\SharedSettings.ccs [2011.02.21 16:59:58 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.02.21 16:59:52 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2011.02.21 16:59:52 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.02.19 07:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.02.19 07:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.02.18 13:10:36 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.02.18 13:06:02 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.02.18 13:06:00 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.02.18 13:05:56 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.02.18 13:05:52 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.02.14 15:47:10 | 000,005,120 | ---- | M] () -- C:\Users\Jakob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.13 08:56:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.13 07:45:21 | 000,001,736 | ---- | C] () -- C:\Windows\SetupPestPatrolCorporate.mif [2011.03.13 01:32:06 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll [2011.03.11 16:11:51 | 000,096,220 | ---- | C] () -- C:\Users\Jakob\Desktop\ItemslistV110.png [2011.03.08 21:59:45 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2011.02.25 23:48:37 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.02.21 16:59:54 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.02.21 16:59:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.02.21 16:59:52 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.02.13 22:32:32 | 000,149,504 | ---- | C] () -- C:\Users\Jakob\AppData\Roaming\SharedSettings.ccs [2011.02.08 16:20:03 | 000,001,129 | ---- | C] () -- C:\Windows\Settings.ini [2011.01.24 09:24:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE [2011.01.21 17:52:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.03 23:13:16 | 000,000,132 | ---- | C] () -- C:\Users\Jakob\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.03 19:00:03 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfot.dat [2010.12.04 19:26:58 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.12.04 19:26:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.11.23 17:01:23 | 000,001,442 | ---- | C] () -- C:\Windows\cwxdbb48.ini [2010.11.23 17:01:22 | 000,004,303 | ---- | C] () -- C:\Windows\jcxq_pzk48.ini [2010.11.12 21:29:00 | 000,005,120 | ---- | C] () -- C:\Users\Jakob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.10 16:11:45 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV76.sys [2010.10.20 09:44:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.20 09:42:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2008.09.19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2007.12.06 08:53:48 | 000,001,209 | R--- | C] () -- C:\Windows\xfiskcfg.ini ========== LOP Check ========== [2011.03.11 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\.minecraft [2011.02.13 22:49:02 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\CoffeeCup Software [2010.10.30 11:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\DAEMON Tools Lite [2011.03.10 08:39:41 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Dropbox [2011.02.19 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.24 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\FileZilla [2010.11.27 11:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\GHISLER [2011.02.13 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\GlobalSCAPE [2011.03.13 01:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\HLSW [2011.03.07 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\ICQ [2011.03.13 01:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\IrfanView [2011.02.06 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Octoshape [2010.10.20 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\OpenOffice.org [2011.01.30 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Publish Providers [2011.03.13 01:24:42 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Rainmeter [2011.01.30 20:39:45 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Sony [2011.01.31 15:30:46 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc [2010.10.21 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Thunderbird [2011.03.13 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\TrojanHunter [2011.03.13 01:24:42 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\TS3Client [2011.02.25 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\TuneUp Software [2011.01.18 13:43:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.03.2011 09:01:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jakob\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 468,71 Gb Free Space | 78,63% Space Free | Partition Type: NTFS
Computer Name: JAKOB-PC | User Name: Jakob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{203DE003-C392-FF19-BCA2-3F775477BC94}" = AMD Drag and Drop Transcoding
"{33A49BF2-CB4F-5E54-D7F5-25502CAB6B70}" = ATI AVIVO64 Codecs
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{397878FC-1B1B-EED7-04A8-3184CE494A3B}" = ATI Catalyst Install Manager
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{752CCAEE-8E33-DE50-9454-B377A2205193}" = ccc-utility64
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{D3A82E80-D0A5-11DF-B425-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.9.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00FE2654-4377-8F53-55F4-83B70EE44C73}" = CCC Help Dutch
"{01DD9D3D-FA8A-E148-008D-5CDF1BE8911F}" = CCC Help Korean
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{072224C5-0C98-0902-9A71-89D4A8F3E810}" = CCC Help Thai
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{27C6CB2E-415B-6020-91FC-BA5CE3B912AC}" = CCC Help Russian
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{48D5DBBA-7B60-B832-59DB-BE252C2E5A23}" = CCC Help Finnish
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53AFCE35-1653-91F4-8991-900731F32111}" = CCC Help Norwegian
"{568EF3B9-C672-E82A-BCD4-A88072578521}" = CCC Help Swedish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{654733F2-22EC-776F-9C2D-CF3C4F578768}" = CCC Help Danish
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6F235FE4-8EC6-3FAB-1739-A434BFE76E27}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A317EF8E-66FB-94B6-C4FA-96A0AED1AB2F}" = CCC Help Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{B2AF5585-FACF-7760-5C68-F2DC6BBACE47}" = CCC Help Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D5134D14-A38D-A217-4310-5C8B6DFA08D0}" = HydraVision
"{D79E2563-3FDD-0A62-187A-5BE5F920F317}" = CCC Help Turkish
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FFB4E67D-DEF9-30BC-39F6-E9C1B05539F9}" = CCC Help Japanese
"4PL-Insight" = 4PL-Insight!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CoffeeCup Free FTP 4.3.2" = CoffeeCup Free FTP
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GameWiz32" = GameWiz32
"HLSW_is1" = HLSW v1.3.3.7b
"Host OpenAL" = Host OpenAL
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"StarCraft II" = StarCraft II
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 80" = Counter-Strike: Condition Zero
"SysInfo" = Creative Systeminformationen
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"VTFEdit_is1" = VTFEdit 1.2.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.5.1
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.03.2011 11:03:09 | Computer Name = Jakob-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 12.03.2011 06:38:56 | Computer Name = Jakob-PC | Source = VSS | ID = 8194
Description =
Error - 12.03.2011 08:22:01 | Computer Name = Jakob-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 12.03.2011 20:18:27 | Computer Name = Jakob-PC | Source = System Restore | ID = 8200
Description =
Error - 12.03.2011 20:21:43 | Computer Name = Jakob-PC | Source = System Restore | ID = 8210
Description =
Error - 12.03.2011 20:22:15 | Computer Name = Jakob-PC | Source = System Restore | ID = 8200
Description =
Error - 12.03.2011 20:22:50 | Computer Name = Jakob-PC | Source = System Restore | ID = 8200
Description =
Error - 12.03.2011 20:25:44 | Computer Name = Jakob-PC | Source = System Restore | ID = 8210
Description =
Error - 12.03.2011 20:33:07 | Computer Name = Jakob-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001f63 ID des fehlerhaften Prozesses:
0xdc Startzeit der fehlerhaften Anwendung: 0x01cbe11603776749 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Trojancheck 6\tc6.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Trojancheck 6\tc6.exe Berichtskennung: 76ed4894-4d09-11e0-ace8-00ff01000001
Error - 13.03.2011 02:45:03 | Computer Name = Jakob-PC | Source = MsiInstaller | ID = 10005
Description =
[ System Events ]
Error - 13.03.2011 02:12:41 | Computer Name = Jakob-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\SSHDRV76.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 13.03.2011 02:13:08 | Computer Name = Jakob-PC | Source = PNRPSvc | ID = 102
Description =
Error - 13.03.2011 02:13:08 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 13.03.2011 02:13:08 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = PNRPSvc | ID = 102
Description =
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = PNRPSvc | ID = 102
Description =
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
|
|
13.03.2011, 15:14
| #2 |
| |  Internet lahmgelegt - Ddos / Anpingen? Hey morfer,
__________________laut den Verbindungen wirst nicht du "gedost", sondern du dost die IP 217.118.170.204, welche zu wer-kennt-wen.de gehört. Lad dir mal TCPView runter technet.microsoft.com/de-de/sysinternals/bb897437, damit lässt sich dann feststellen, welcher Prozess für die Verbindungen verantwortlich ist. Seltsam erscheint mir auf jeden Fall folgende Datei: C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe Mfg, Noutbuk Geändert von Noutbuk (13.03.2011 um 15:18 Uhr) Grund: Link |
|
13.03.2011, 16:00
| #3 | ||
| | Internet lahmgelegt - Ddos / Anpingen?Zitat:
Zitat:
Hab das eben nochmal deaktiviert damit ich per TCPView mir den Verlauf anschauen kann, und siehe da wie du es vermutet hast das Verzeichniss is exakt das oben genannte. Wenn ich nun allerdings in den Roaming Ordner gehe sehe ich diesen Ordner nicht, nur der normale Microsoftordner ist vorhanden =/ Danke schonmal bis hierhin, hast du nun weitere Vorschläge? edit: So hab ihn per Interner Suche gefunden, und so den Pfad öffnen können. In dem Ordner liegt einmal die Updater Anwendung (805KB groß) und eine Autorun VBscript-Skriptdatei. Diese Datei geöffnet mit dem Edior zeigt folgendes an : Code:
ATTFilter Set MyShell = CreateObject("Wscript.Shell")
on error resume next
MyShell.Regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater.exe", Chr(34) & "C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe" & Chr(34), "REG_SZ"
Geändert von morfer (13.03.2011 um 16:06 Uhr) |
|
13.03.2011, 16:07
| #4 |
| | Internet lahmgelegt - Ddos / Anpingen? Hast du auch im Explorer die Optionen für "Ausgeblendete Dateien, Ordner und Laufwerke anzeigen" aktiviert sowie für "Geschützte Systemdateien ausblenden(empfohlen)" deaktiviert? Edit: Die .vbs datei legt nur einen Autostarteintrag an. Zu finden dann in der Registry unter dem Schlüssel "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater.exe". Die Updater.exe evtl. mal bei virustotal.com hochladen und gucken, was dabei rauskommt. |
|
13.03.2011, 16:24
| #5 | ||
| | Internet lahmgelegt - Ddos / Anpingen?Zitat:
Zitat:
Bei Virustotal ist das hier rausgekommen Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2011.03.13.00 2011.03.12 -
AntiVir 7.11.4.177 2011.03.12 -
Antiy-AVL 2.0.3.7 2011.03.12 -
Avast 4.8.1351.0 2011.03.13 -
Avast5 5.0.677.0 2011.03.13 -
AVG 10.0.0.1190 2011.03.13 -
BitDefender 7.2 2011.03.13 -
CAT-QuickHeal 11.00 2011.03.13 -
ClamAV 0.96.4.0 2011.03.13 -
Commtouch 5.2.11.5 2011.03.12 -
Comodo 7967 2011.03.13 -
DrWeb 5.0.2.03300 2011.03.13 -
Emsisoft 5.1.0.2 2011.03.13 -
eSafe 7.0.17.0 2011.03.13 -
eTrust-Vet 36.1.8211 2011.03.11 -
F-Prot 4.6.2.117 2011.03.12 -
F-Secure 9.0.16440.0 2011.03.13 -
Fortinet 4.2.254.0 2011.03.13 -
GData 21 2011.03.13 -
Ikarus T3.1.1.97.0 2011.03.13 -
Jiangmin 13.0.900 2011.03.13 -
K7AntiVirus 9.93.4087 2011.03.11 -
Kaspersky 7.0.0.125 2011.03.13 -
McAfee 5.400.0.1158 2011.03.13 -
McAfee-GW-Edition 2010.1C 2011.03.13 -
Microsoft 1.6603 2011.03.13 -
NOD32 5949 2011.03.13 -
Norman 6.07.03 2011.03.12 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.13 -
PCTools 7.0.3.5 2011.03.11 -
Prevx 3.0 2011.03.13 -
Rising 23.48.05.03 2011.03.12 -
Sophos 4.63.0 2011.03.13 -
SUPERAntiSpyware 4.40.0.1006 2011.03.13 -
Symantec 20101.3.0.103 2011.03.13 -
TheHacker 6.7.0.1.149 2011.03.12 -
TrendMicro 9.200.0.1012 2011.03.13 Possible_Virus
TrendMicro-HouseCall 9.200.0.1012 2011.03.13 Possible_Virus
VBA32 3.12.14.3 2011.03.12 -
VIPRE 8691 2011.03.13 -
ViRobot 2011.3.12.4354 2011.03.13 -
VirusBuster 13.6.248.0 2011.03.13
Danke nochmals bis hierhin! Weitere Ideen? |
|
13.03.2011, 16:35
| #6 |
| | Internet lahmgelegt - Ddos / Anpingen? Den Reg-Schlüssel auf jeden fall löschen. Dann müsste auch noch ein Prozess im Task-Manager laufen, der auch "Updater.exe" heißt, welchen du auch beenden kannst. Prüfe dann mal nach einem Neustart, ob der Prozess wieder läuft oder nicht. |
|
14.03.2011, 14:21
| #7 | |
| | Internet lahmgelegt - Ddos / Anpingen?Zitat:
Hey, so sorry das ich dir erst jetzt antworte, da ich gestern noch weg musste  Ich muss dir echt mega danken Noutbuk, hat alles wunderbar geklappt und der scheiß scheint gelöscht zu sein. Nachdem ich dann ZoneAlarm wieder runtergehauen habe, tauchte das Problem auch nicht mehr auf! Werde zwar vorsichtshalber im näheren Zeitraum den Pc neu aufsetzen da ich keine Lust auf nen Backdoor Zeugs habe, aber jetzt habe ich erstmal etwas ruhe! Wirklich vielen vielen dank an dich das du mir direkt nach deiner Anmeldung helfen konntest! Mal wieder ne Bestätigung warum ich hier soviel mitlese  |
|
15.03.2011, 14:23
| #8 |
| | Internet lahmgelegt - Ddos / Anpingen? Freut mich, dass ich dir erstmal helfen konnte  Neu aufsetzen ist wirklich eine sinnvolle Maßnahme, man kann ja nie wissen, ob da nicht doch noch was geblieben ist. Gruß Noutbuk |
|
| Themen zu Internet lahmgelegt - Ddos / Anpingen? |
| 64-bit, adblock, antivir, avgntflt.sys, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, converter, desktop, error, firefox, flash player, helper, home, install.exe, jdownloader, kaspersky, langs, location, logfile, mozilla thunderbird, mp3, msiinstaller, msvcrt, oldtimer, otl.exe, pdfforge toolbar, plug-in, popup, problem, programdata, realtek, registry, richtlinie, safer networking, saver, sched.exe, searchplugins, security, shell32.dll, shortcut, software, spigot, sptd.sys, start menu, system, syswow64, teamspeak, updates, webcheck |
Internet lahmgelegt - Ddos / Anpingen?
Linear-Darstellung
