| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.03.2011, 19:50
| #1 |
 |  Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. So. Nach ein wenig eigeninitiative (Versuch das Problem durch google durchschauen zu lösen) gebe ich nun auf. Und muss nun um Hilfe bitten. Ich habe bereits ein Malewarebytes Log, ein OTL Log und ein "Extras" log. Ich will es übersichtlich halten. Wo werden die OTLs gespeichert? (Sodass ich sie dann einfach hochladen kann.) Bin ziemlich neu in solchen Sachen. (Habe aber eine gute Aufassungsgabe  ) Also, wie oben gefragt. Wo werden die OTLs gespeichert? |
|
16.03.2011, 20:15
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Diese Fragen sollten dort beantwortet sein => http://www.trojaner-board.de/85104-o...-oldtimer.html
__________________
__________________ |
|
16.03.2011, 20:53
| #3 | |
| | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Mmh... Dateien scheinen zu groß zu sein.
__________________Bleibt mir Wohl oder Übel nichts übrig als "Copy und Paste" Mbam Log. Zitat:
OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 16.03.2011 17:42:02 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gamer-Pro\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 230,93 Gb Total Space | 34,08 Gb Free Space | 14,76% Space Free | Partition Type: NTFS Drive D: | 1,95 Gb Total Space | 1,70 Gb Free Space | 86,86% Space Free | Partition Type: NTFS Computer Name: GAMER-PRO-PC | User Name: Gamer-Pro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.16 17:40:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gamer-Pro\Downloads\OTL.exe PRC - [2011.03.05 13:45:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.02.23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2010.11.30 18:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.10.17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.05 02:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2008.07.25 12:31:16 | 000,020,480 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe PRC - [2008.07.19 11:40:58 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe PRC - [2008.07.19 11:40:52 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2008.06.23 13:13:30 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2008.06.18 13:10:02 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- C:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2008.04.07 06:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe PRC - [2008.01.21 03:25:56 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:56 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.11.27 16:42:14 | 000,185,896 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accoca.exe PRC - [2007.11.27 16:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\acevents.exe PRC - [2000.01.01 01:00:00 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (SafeList) ========== MOD - [2011.03.16 17:40:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gamer-Pro\Downloads\OTL.exe MOD - [2011.02.23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\snxhk.dll MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2008.06.18 13:05:18 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (myAgtSvc) SRV - File not found [Auto | Stopped] -- -- (0065941272830566mcinstcleanup) McAfee Application Installer Cleanup (0065941272830566) SRV - [2011.03.16 16:16:35 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai) SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.01.29 19:57:59 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.12.07 21:21:09 | 003,988,144 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.30 18:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010.10.17 23:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010.06.18 22:22:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.07.25 12:31:16 | 000,020,480 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2008.07.19 11:40:58 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2008.07.19 11:40:52 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) Intel(R) SRV - [2008.06.23 13:13:30 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2008.06.18 13:05:28 | 000,126,736 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2008.06.18 13:05:24 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2008.04.21 12:27:58 | 000,349,432 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK) SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.04.07 06:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.27 16:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2000.01.01 01:00:00 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (XDva384) DRV - [2011.03.09 15:38:09 | 000,065,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\GAMER-~1\AppData\Local\Temp\xspirit.sys -- (xspirit) DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.10.17 23:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.10.08 14:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010.10.08 14:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010.10.08 14:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010.10.08 14:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010.09.22 15:17:23 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt) DRV - [2010.09.22 15:17:14 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt) DRV - [2010.06.08 12:30:16 | 000,031,504 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2010.05.22 08:35:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.05.22 08:35:06 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.05.07 19:56:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.12.10 16:40:52 | 000,197,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress) Intel(R) DRV - [2009.10.07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC) DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008.09.05 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2008.07.19 11:40:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2008.07.11 13:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\fslx.sys -- (FSLX) DRV - [2008.04.09 14:05:00 | 000,032,256 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2008.02.06 03:21:25 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.02.06 03:20:40 | 000,628,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2008.01.21 03:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=smb&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=smb&pf=desktop IE - HKLM\..\URLSearchHook: {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Programme\midicase\prxtbmidi.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components: C:\Program Files\Virtual Firefox\components [2011.01.11 15:03:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2010.12.22 18:00:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.10.16 12:33:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.02.20 20:00:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 13:45:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 13:45:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 9\components [2011.02.16 22:08:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugins [2011.02.16 22:08:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.12.22 18:00:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.10.16 20:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Extensions [2010.09.03 15:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.03.16 17:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Firefox\Profiles\1qbfj4l8.default\extensions [2011.03.13 16:51:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Firefox\Profiles\1qbfj4l8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.26 20:57:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Firefox\Profiles\1qbfj4l8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.01 20:51:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Firefox\Profiles\1qbfj4l8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.01.11 19:29:32 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Firefox\Profiles\1qbfj4l8.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011.03.13 16:51:19 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Firefox\Profiles\1qbfj4l8.default\extensions\personas@christopher.beard [2011.03.13 16:51:19 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\Gamer-Pro\AppData\Roaming\mozilla\Firefox\Profiles\1qbfj4l8.default\extensions\testpilot@labs.mozilla.com [2010.12.13 16:44:32 | 000,003,915 | ---- | M] () -- C:\Users\Gamer-Pro\AppData\Roaming\Mozilla\Firefox\Profiles\1qbfj4l8.default\searchplugins\sweetim.xml [2011.03.16 17:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.09 19:29:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.23 14:06:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.09 14:57:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.15 16:40:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.20 20:00:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2010.05.09 19:29:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.23 14:06:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.09 14:57:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.15 16:40:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.05.04 14:21:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.05 13:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.05 13:45:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.05 13:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.05 13:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.05 13:45:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.06 21:07:36 | 000,000,801 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 50.23.193.194 download.gameclub.com O2 - BHO: (QuickStores-Toolbar) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (midicase Toolbar) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Programme\midicase\prxtbmidi.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll () O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (QuickStores-Toolbar) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (midicase Toolbar) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Programme\midicase\prxtbmidi.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (midicase Toolbar) - {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - C:\Programme\midicase\prxtbmidi.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe (MAGIX AG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} hxxp://channel.dontblynk.com/Launcher/StWbUsa.CAB (StWbUsa Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Gamer-Pro\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gamer-Pro\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3e94a053-84f7-11df-af58-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3e94a053-84f7-11df-af58-806e6f6e6963}\Shell\AutoRun\command - "" = H:\pushinst.exe O33 - MountPoints2\{60579eca-64de-11df-97b2-001a4f9f76df}\Shell - "" = AutoRun O33 - MountPoints2\{60579eca-64de-11df-97b2-001a4f9f76df}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE O33 - MountPoints2\{6d65ca9a-5a0a-11df-b6f8-001a4f9f76df}\Shell - "" = AutoRun O33 - MountPoints2\{6d65ca9a-5a0a-11df-b6f8-001a4f9f76df}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{7a001e31-5623-11df-8782-002264af9d1e}\Shell - "" = AutoRun O33 - MountPoints2\{7a001e31-5623-11df-8782-002264af9d1e}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{9ff8c48f-7f77-11df-b290-002264af9d1e}\Shell - "" = AutoRun O33 - MountPoints2\{9ff8c48f-7f77-11df-b290-002264af9d1e}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.15 22:35:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.03.15 22:14:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.03.15 22:14:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.03.15 22:14:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.03.15 22:13:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.03.15 22:13:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.03.15 22:13:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.03.15 22:13:55 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.03.15 22:13:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.03.15 22:13:47 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.03.15 22:13:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.03.15 22:13:45 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.03.15 22:13:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.03.15 22:13:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.03.15 22:13:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.03.15 22:13:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.03.15 22:13:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.03.15 22:13:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.03.15 22:13:35 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.03.15 22:13:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.03.15 22:13:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.03.15 22:13:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.03.15 22:13:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.03.15 22:13:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.03.15 22:13:21 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.03.15 22:13:19 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.15 22:13:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.03.15 22:13:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.03.15 22:13:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.03.15 22:13:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.03.15 22:13:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.03.15 22:13:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.03.15 22:13:02 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.03.15 22:13:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.03.15 22:13:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.03.15 22:12:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.03.15 22:12:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.03.15 22:12:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.03.15 22:12:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.03.15 22:12:49 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.03.15 21:05:50 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\AppData\Roaming\Sun [2011.03.15 21:05:33 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\Desktop\Neuer Ordner [2011.03.13 20:47:35 | 000,000,000 | ---D | C] -- C:\SAVE [2011.03.13 20:46:13 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra [2011.03.13 20:45:15 | 000,000,000 | ---D | C] -- C:\Sierra [2011.03.13 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\AppData\Roaming\Minetographer [2011.03.13 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\.tectonicus [2011.03.13 16:57:48 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\Minetographer [2011.03.13 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\Desktop\Minetographer0.7.2 [2011.03.11 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\Documents\MAGIX [2011.03.11 22:27:46 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\Documents\MAGIX_MusicEditor [2011.03.11 22:27:44 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\AppData\Local\Xara [2011.03.11 22:27:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MAGIX Shared [2011.03.11 22:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.03.11 22:23:51 | 000,000,000 | ---D | C] -- C:\Programme\MAGIX [2011.03.11 22:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2011.03.11 22:23:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MAGIX Services [2011.03.11 22:03:16 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\Documents\MAGIX Downloads [2011.03.11 22:03:15 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\AppData\Roaming\MAGIX [2011.03.11 20:43:15 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gamer-Pro\Desktop\MinecraftSP.exe [2011.03.09 14:53:43 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 14:53:43 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 14:53:42 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 14:53:42 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.08 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2011.03.08 17:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2011.03.07 16:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHi_USA [2011.03.06 21:02:23 | 000,000,000 | ---D | C] -- C:\Programme\Eternia CrossFire [2011.03.05 07:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runes of Magic [2011.03.05 07:32:19 | 000,000,000 | ---D | C] -- C:\Programme\Runes of Magic [2011.03.04 20:19:38 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2011.03.04 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.02.27 19:36:52 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011 [2011.02.27 19:35:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.02.27 19:25:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Te_mp_B_S!! [2011.02.24 19:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2011.02.24 19:28:38 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick [2011.02.24 19:28:31 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2011.02.23 16:01:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.23 16:00:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.23 16:00:53 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.23 16:00:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.23 16:00:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.23 16:00:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.23 16:00:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.23 16:00:50 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.23 16:00:50 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.23 16:00:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.23 16:00:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.23 16:00:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.23 16:00:43 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.23 16:00:43 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.23 16:00:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.02.23 16:00:42 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.21 16:31:15 | 000,000,000 | ---D | C] -- C:\Users\Gamer-Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F.E.A.R. 2 [2011.02.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Programme\F.E.A.R. 2 [2011.02.17 19:19:47 | 000,000,000 | ---D | C] -- C:\LocalDumps [2011.02.16 22:09:53 | 000,000,000 | ---D | C] -- C:\478fde374e3ba64a6f5633690822ee84 [2011.02.16 18:14:19 | 000,000,000 | ---D | C] -- C:\Programme\Feedback Tool [2011.02.15 16:39:25 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2011.02.15 16:39:25 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2011.02.15 16:39:25 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2011.02.15 16:39:25 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2011.02.15 16:39:25 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2011.02.15 16:39:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2011.02.15 16:39:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2011.02.15 16:39:24 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2011.02.15 16:39:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2011.02.15 16:39:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2011.02.15 16:39:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2011.02.14 23:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2011.02.14 23:16:22 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.02.14 23:16:22 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.02.14 23:14:58 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.02.14 23:14:58 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.02.14 23:14:57 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.02.14 23:14:56 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.02.14 23:14:25 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.02.14 23:14:23 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.02.14 23:13:58 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2011.02.14 23:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.02.14 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2010.12.04 16:15:04 | 000,411,136 | ---- | C] (BEA5T) -- C:\Users\Gamer-Pro\AppData\Roaming\Black Inject.exe [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [9 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.16 17:21:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.16 17:15:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3126018047-4160642244-3195430115-1001UA.job [2011.03.16 17:12:55 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.16 17:12:55 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.16 15:12:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.15 22:28:17 | 000,000,875 | ---- | M] () -- C:\Users\Gamer-Pro\Desktop\Internet Explorer.lnk [2011.03.15 22:14:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.03.15 22:14:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.03.15 22:14:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.03.15 22:13:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.03.15 22:13:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.03.15 22:13:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.03.15 22:13:55 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.03.15 22:13:54 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.03.15 22:13:47 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.03.15 22:13:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.03.15 22:13:45 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.03.15 22:13:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.03.15 22:13:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.03.15 22:13:39 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.03.15 22:13:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.03.15 22:13:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.03.15 22:13:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.03.15 22:13:35 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.03.15 22:13:33 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.03.15 22:13:30 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.03.15 22:13:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.03.15 22:13:24 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.03.15 22:13:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.03.15 22:13:21 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.03.15 22:13:19 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.15 22:13:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.03.15 22:13:14 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.03.15 22:13:11 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.03.15 22:13:06 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.03.15 22:13:06 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.03.15 22:13:05 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.03.15 22:13:02 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.03.15 22:13:02 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.03.15 22:13:01 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.03.15 22:12:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.03.15 22:12:54 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.03.15 22:12:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.03.15 22:12:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.03.15 22:12:49 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.03.14 16:33:36 | 000,001,520 | ---- | M] () -- C:\Users\Gamer-Pro\Desktop\Half-Life.lnk [2011.03.13 20:46:13 | 000,000,057 | ---- | M] () -- C:\Windows\sierra.ini [2011.03.13 19:26:35 | 000,158,208 | ---- | M] () -- C:\Users\Gamer-Pro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.12 23:15:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3126018047-4160642244-3195430115-1001Core.job [2011.03.12 09:19:24 | 003,805,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.11 22:29:16 | 000,001,109 | ---- | M] () -- C:\Users\Gamer-Pro\Desktop\MAGIX Video deluxe 17 Premium.lnk [2011.03.11 20:45:30 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Gamer-Pro\Desktop\MinecraftSP.exe [2011.03.11 20:26:23 | 000,001,513 | ---- | M] () -- C:\Users\Gamer-Pro\Documents\mcedit.ini [2011.03.11 17:28:24 | 000,003,082 | ---- | M] () -- C:\Windows\System32\wbers.dat [2011.03.11 17:28:23 | 000,052,689 | ---- | M] () -- C:\Windows\System32\wbers.dat.dmp [2011.03.11 17:27:53 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\GenesisAD.lnk [2011.03.07 16:30:49 | 000,000,761 | ---- | M] () -- C:\Users\Gamer-Pro\Desktop\SuddenAttack.lnk [2011.03.06 21:07:36 | 000,000,801 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.03.05 07:30:16 | 000,000,680 | ---- | M] () -- C:\Users\Gamer-Pro\AppData\Local\d3d9caps.dat [2011.02.28 12:23:41 | 000,000,117 | ---- | M] () -- C:\Users\Gamer-Pro\jagex_runescape_preferences2.dat [2011.02.28 12:23:41 | 000,000,046 | ---- | M] () -- C:\Users\Gamer-Pro\jagex_runescape_preferences.dat [2011.02.26 02:19:32 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2011.02.24 14:51:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.02.23 12:44:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.02.19 06:48:55 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.02.17 20:58:28 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.02.16 18:20:56 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.02.16 18:20:56 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.02.16 18:19:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.02.15 15:41:41 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk [9 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.13 20:46:13 | 000,001,520 | ---- | C] () -- C:\Users\Gamer-Pro\Desktop\Half-Life.lnk [2011.03.13 20:46:13 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini [2011.03.11 22:29:16 | 000,001,109 | ---- | C] () -- C:\Users\Gamer-Pro\Desktop\MAGIX Video deluxe 17 Premium.lnk [2011.03.07 16:30:49 | 000,000,761 | ---- | C] () -- C:\Users\Gamer-Pro\Desktop\SuddenAttack.lnk [2011.03.06 14:23:23 | 000,003,082 | ---- | C] () -- C:\Windows\System32\wbers.dat [2011.03.06 14:23:22 | 000,052,689 | ---- | C] () -- C:\Windows\System32\wbers.dat.dmp [2011.03.06 13:49:37 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\GenesisAD.lnk [2011.02.28 12:16:48 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll [2011.02.26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011.02.24 19:28:40 | 000,012,976 | R--- | C] () -- C:\Windows\instwcli.inf [2011.02.23 16:00:45 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.23 16:00:45 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.02.23 16:00:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.17 19:38:27 | 000,001,626 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.02.16 18:19:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.02.15 15:41:41 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk [2011.02.09 21:23:00 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.01.31 19:12:09 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.01.18 18:27:22 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2011.01.13 23:42:48 | 000,000,028 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Roaming\RSBot_Accounts.ini [2011.01.10 20:13:41 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin [2010.12.30 01:14:06 | 000,000,552 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Local\d3d8caps.dat [2010.12.07 14:36:41 | 000,079,400 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2010.12.05 19:40:08 | 000,138,056 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Roaming\PnkBstrK.sys [2010.12.05 19:40:08 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.12.05 19:39:43 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.12.05 19:39:42 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.12.05 19:39:41 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.12.04 16:15:08 | 000,245,760 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Roaming\chrtmp [2010.12.03 19:33:05 | 000,002,360 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.10.29 23:10:51 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.10.06 21:18:38 | 000,000,097 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Local\fusioncache.dat [2010.09.22 15:17:23 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys [2010.09.22 15:17:14 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys [2010.08.22 12:53:31 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2010.07.22 21:48:46 | 000,000,016 | ---- | C] () -- C:\Windows\System32\PCProxyOff.ini [2010.07.22 21:48:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll [2010.07.17 14:53:27 | 000,005,120 | ---- | C] () -- C:\Windows\System32\BReWErS.dll [2010.07.17 11:12:09 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini [2010.07.12 17:26:48 | 000,000,085 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Roaming\RSBot Accounts.ini [2010.06.25 16:07:10 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini [2010.06.25 14:50:31 | 000,001,327 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.06.25 14:45:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.06.16 18:40:54 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.06.16 18:40:54 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.06.16 18:35:36 | 000,000,081 | ---- | C] () -- C:\Windows\brmx2001.ini [2010.06.16 18:35:36 | 000,000,040 | ---- | C] () -- C:\Windows\opt_2460.ini [2010.06.04 23:45:45 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.06.04 23:45:45 | 000,000,000 | ---- | C] () -- C:\Windows\brwmark.ini [2010.05.22 08:35:07 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.05.22 08:35:06 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.05.18 18:21:34 | 000,000,320 | ---- | C] () -- C:\Windows\System32\lkfl.dat [2010.05.18 18:21:34 | 000,000,096 | ---- | C] () -- C:\Windows\System32\pdfl.dat [2010.05.18 18:21:34 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat [2010.05.14 19:34:12 | 000,000,680 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Local\d3d9caps.dat [2010.05.07 19:01:40 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.05.06 15:39:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.05.06 15:38:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.05.04 14:14:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.05.04 14:14:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.05.04 14:14:10 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.05.03 21:57:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.05.03 18:51:45 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.03 18:51:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.03 18:44:18 | 000,158,208 | ---- | C] () -- C:\Users\Gamer-Pro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.03 06:25:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll [2010.05.03 06:25:40 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2010.05.03 06:21:00 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.05.03 06:21:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.05.03 06:21:00 | 000,131,012 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.05.03 06:21:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.05.02 20:56:26 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2010.04.21 10:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.04.21 10:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.04.21 10:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.04.21 09:29:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.04.21 09:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.04.21 09:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2008.04.21 10:43:54 | 000,294,912 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2007.11.27 16:41:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\aicext.dll [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 003,805,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\scardsyn.dll [1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.03.15 21:05:03 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\.minecraft [2010.05.08 22:21:20 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\AnvSoft [2010.05.23 18:43:47 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Any Video Converter Professional [2010.09.26 17:07:14 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\ASCOMP Software [2010.08.25 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Ashampoo [2011.01.03 20:16:53 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\AVG [2010.12.07 20:31:09 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\AVG10 [2010.09.24 16:39:10 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Blender Foundation [2010.11.23 17:51:09 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Canneverbe Limited [2010.11.27 23:23:47 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\casanova [2010.05.30 10:21:16 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\CheckPoint [2010.05.07 20:04:59 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\DAEMON Tools Lite [2011.01.15 12:23:57 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\EpicBot [2011.03.05 07:29:23 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\FOG Downloader [2010.07.13 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\FreeHideIP [2010.06.15 16:55:00 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\GetRightToGo [2010.05.04 21:59:14 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\GrabPro [2010.10.11 00:55:39 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\HideIPEasy [2011.01.27 20:34:22 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Hive Cluster [2011.02.03 18:38:02 | 000,000,000 | -H-D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\ijjigame [2010.09.14 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\IObit [2010.05.02 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Leadertech [2010.09.03 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\LimeWire [2011.03.11 22:27:41 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\MAGIX [2010.05.24 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\MessengerDiscovery 2 [2011.03.13 17:00:32 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Minetographer [2010.06.28 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Notepad++ [2010.10.20 22:45:46 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Opera [2010.11.05 18:58:14 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Orbit [2010.06.16 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\PC Suite [2010.07.18 22:11:59 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\ProgSense [2010.07.19 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Publish Providers [2010.12.07 14:37:10 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\QuickScan [2010.10.07 18:24:15 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\QuickStoresToolbar [2010.06.16 19:16:27 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Samsung [2011.01.07 18:52:46 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Sony [2010.07.12 15:04:30 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Sony Creative Software [2010.12.30 02:12:54 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Sony Creative Software Inc [2010.12.29 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Sytexis Software [2010.12.13 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\TeamViewer [2010.06.05 22:32:11 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Tencent [2011.01.11 15:56:28 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\TS3Client [2011.02.27 19:37:07 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\TuneUp Software [2010.10.06 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Turbine [2010.05.27 12:59:53 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\Ubisoft [2011.03.13 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\Gamer-Pro\AppData\Roaming\uTorrent [2011.03.15 22:50:10 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.12.27 18:05:16 | 000,000,000 | ---D | M](C:\Users\Gamer-Pro\Documents\?? ???) -- C:\Users\Gamer-Pro\Documents\넥슨 플러그 [2010.12.27 18:05:16 | 000,000,000 | ---D | C](C:\Users\Gamer-Pro\Documents\?? ???) -- C:\Users\Gamer-Pro\Documents\넥슨 플러그 [2010.06.28 14:11:05 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?k) -- C:\Windows\System32\̘ķ [2010.06.28 14:11:05 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?k) -- C:\Windows\System32\̘ķ ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:7CC8249B25710D07 @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > --- --- --- Extras Log OTL Extras logfile created on: 16.03.2011 17:42:02 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gamer-Pro\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 230,93 Gb Total Space | 34,08 Gb Free Space | 14,76% Space Free | Partition Type: NTFS Drive D: | 1,95 Gb Total Space | 1,70 Gb Free Space | 86,86% Space Free | Partition Type: NTFS Computer Name: GAMER-PRO-PC | User Name: Gamer-Pro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes] "C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe "C:\Users\Gamer-Pro\AppData\Local\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe" = [String data over 1000 bytes] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0340D9E8-F84D-4A03-8C1F-85E2DD3D0A2E}" = lport=137 | protocol=17 | dir=in | app=system | "{03CE963C-B5D4-4BCA-9285-9FBEFF60143E}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 | "{03E0341C-14C3-41F1-9535-9A4AEB94FE93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0649C2DF-9339-4405-BF0E-D219C6CA93A8}" = lport=10002 | protocol=17 | dir=in | name=blackshot | "{0AB01CFA-D9B8-42A7-BC8A-E57F2D366DF7}" = rport=138 | protocol=17 | dir=out | app=system | "{0CA71C90-3C07-4B46-94A0-B0BA364E8E4E}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe | "{10AA8869-7E95-4972-A274-CA39276D7C1C}" = lport=1701 | protocol=17 | dir=in | app=system | "{136AD204-E932-4088-8514-C9041C7BD165}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{181B6416-58D7-4954-AEBD-EE78FB52F6F9}" = lport=25565 | protocol=6 | dir=in | name=minecraft | "{1A902E78-7B27-4831-87A1-627A44CAD0F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{1CB8AE30-8A5C-43E9-B302-C77695087CD5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe | "{1D01BB03-9141-4A1E-A43B-357FA355DED9}" = rport=139 | protocol=6 | dir=out | app=system | "{201E86B5-48DF-437F-A35D-025CE7C2DE3F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{24C5E23F-6DEC-43A3-86F7-DA2713547AE0}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | "{27A46181-09CC-4593-93F2-DAFA91B33ABC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{2E332593-2A8E-48C7-932E-B9F3B94CC264}" = lport=443 | protocol=6 | dir=in | app=system | "{3144462F-DE00-4DBE-8A04-A22AB338A6C8}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{32938BB3-F56D-42CB-896E-A336BC26B32E}" = lport=5985 | protocol=6 | dir=in | app=system | "{3416B95A-47B7-43FD-994E-158890959DFD}" = lport=10243 | protocol=6 | dir=in | app=system | "{407134CC-EB23-4450-A145-C6024BCB4BE3}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface | "{425A6701-17E7-4863-A434-D41759957B65}" = lport=56794 | protocol=6 | dir=in | name=pando media booster | "{431CDAB6-D906-4631-9672-B2E6A4B84759}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47173DA7-3D0A-4314-BA63-72ED1FE95280}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe | "{47419AF1-63DB-42C1-985F-CE2DCD13091D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe | "{491850AE-1A7A-462B-B8B7-F8C6DD736FFB}" = lport=30001 | protocol=6 | dir=in | name=blackshot | "{499A148A-45A2-463A-B6BA-062849A55A2E}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{4AFC3587-39DB-4960-BED6-48CDB9A98087}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{4F1AE387-43CD-4736-B681-AEF6234997EA}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | "{52180637-0A24-4BFF-85A9-0991280211D5}" = lport=2869 | protocol=6 | dir=in | app=system | "{5B523CAF-6169-4455-8592-1B6B8ADC7F9A}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe | "{5CF6FE45-C0AD-4101-B35E-36FC4C892127}" = lport=445 | protocol=6 | dir=in | app=system | "{5EF80652-B25A-49E5-B2F6-6BEC25D5C5E3}" = lport=10003 | protocol=17 | dir=in | name=blackshot | "{5F0461BB-1945-486A-8271-AB34A50B50BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{61717BC7-2243-49EC-81E8-73D0CE675149}" = lport=5357 | protocol=6 | dir=in | app=system | "{6530BABA-3AC4-4B6C-ADCF-BC0E0132C397}" = lport=2869 | protocol=6 | dir=in | app=system | "{692F299E-F4BC-4864-9935-C8FCD3BE3D95}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | "{6B88EEB2-603B-4A2F-98F8-27DEF4067387}" = lport=1688 | protocol=6 | dir=in | svc=slsvc | app=c:\windows\system32\slsvc.exe | "{6CC2E705-FA71-4FC7-A4B3-34F270D015CB}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | "{6D8B9D07-AA9E-4B7F-8CB3-625966C450AC}" = lport=445 | protocol=6 | dir=in | app=system | "{707C42D6-3AC2-4120-9C62-06FD9E19414B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{74560A8E-D56F-4D07-BE4A-3ABC83C22B1C}" = lport=56794 | protocol=17 | dir=in | name=pando media booster | "{79129C4D-1D2F-46AA-B3EE-5888A57B8C0C}" = lport=138 | protocol=17 | dir=in | app=system | "{79B399AF-A16B-4AEC-81D9-9B60F5087FBB}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{7A2AE80D-644C-4EA6-B5B6-AC3E921B9367}" = lport=139 | protocol=6 | dir=in | app=system | "{7AA45724-4069-4E85-9D61-ACBF785AA8A8}" = rport=10243 | protocol=6 | dir=out | app=system | "{7CC3BC4B-A25A-40E1-A56F-EDE40425A80F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{7E69064C-2760-4D87-A8A7-2DB221D54A72}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe | "{81940798-7461-4706-B222-7F360634F7C9}" = lport=10000 | protocol=6 | dir=in | name=port | "{87C88DEF-C581-48A8-804D-352680E13A1E}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe | "{8DD6A048-FF28-4CD2-A688-72E81C1DE00D}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{8F9068F3-610D-4018-B831-630E63352002}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{9014DD8A-99E8-45F6-89F8-77DBC06FA171}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{90EADA6B-7B97-4EC0-92A8-668938974978}" = lport=2178 | protocol=6 | dir=in | app=system | "{9271974F-39BF-47BD-A79D-9CBC9F856AF4}" = lport=25667 | protocol=6 | dir=in | name=mcadmin | "{9669A151-6E85-4AF4-9A61-453B03FD9DE4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{9C0A19EF-8B1C-4A1C-90FD-9AD99AB13005}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{9D3ED0E0-FC5F-496E-AA9E-813461C53A7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{A1613FF0-DAE4-4504-9607-E8C722274358}" = rport=2178 | protocol=6 | dir=out | app=system | "{A409FEC6-DA2F-414C-B2F4-B02273945904}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | "{A65A7118-4183-4EF4-8705-90F7D5C838E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{A92ECADB-837B-45F9-B5A5-FCE04C1063EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{ADBCF71E-C149-4C5A-A00A-790E3C41948C}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe | "{B112E20C-2951-4674-A783-FAF9491F2842}" = rport=445 | protocol=6 | dir=out | app=system | "{BA134E9E-D82E-44C0-B4F5-96B061E887CB}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{BA926FEA-8F27-4B7B-B7D9-454221962AE2}" = lport=1723 | protocol=6 | dir=in | app=system | "{BB49EF0F-8DF1-4536-B6F6-DA0010F95BE3}" = rport=5358 | protocol=6 | dir=out | app=system | "{BBC913BA-ED3C-4666-AEF4-EEE371946487}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | "{C202AD1E-D252-4654-B7BC-500765E0BE25}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{C2AF3C1D-A8D7-4B84-A664-D17DAD9092EB}" = rport=137 | protocol=17 | dir=out | app=system | "{C46C286F-E042-4C3D-B527-3F7095488279}" = lport=445 | protocol=6 | dir=in | app=system | "{C4805B29-2B41-4282-BA12-6CB89476B7A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{D0E42379-B12C-4F22-BB2F-CF40E8F6DD2A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{D4828DFF-6E8B-4066-B1EA-4C45BF1A9FD1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{D5375D8E-204E-47F6-BC59-9C78BDC75938}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D6C5C3F3-F2C1-40EA-A307-1DC842DB7E45}" = rport=1723 | protocol=6 | dir=out | app=system | "{D73AB454-28A1-4F0C-B512-8D5D60E528E6}" = lport=445 | protocol=6 | dir=in | app=system | "{D8F3236F-C881-41F8-AA0C-F983E585C6C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DCCCB891-96E3-424B-A827-6C61F7DFEC20}" = lport=57110 | protocol=17 | dir=in | name=pando media booster | "{DEF94C6A-8AE6-4D60-B7F7-BE833FA0631E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{DF8FE780-C7C2-48C5-AD42-083A756971F0}" = lport=12000 | protocol=6 | dir=in | name=blackshot | "{E1443FA6-1D78-4BCC-A385-F443CC1DEA25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{E57BA087-B837-41DD-A35D-5A56BDEADCDA}" = lport=57110 | protocol=6 | dir=in | name=pando media booster | "{ECAC3BDF-C1B9-4383-BE97-35CF15FADD8F}" = lport=5358 | protocol=6 | dir=in | app=system | "{EDF00113-2945-4D29-A9BA-E32D91E69669}" = lport=445 | protocol=6 | dir=in | app=system | "{EE86F3E8-8218-4C88-AAFC-D8B745712D49}" = lport=50302 | protocol=6 | dir=in | name=akamai netsession interface | "{F21D39F4-9E12-48F8-9AC9-27282C6CCF26}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe | "{F2DA43BB-85B6-4C22-BB27-69745A0D670E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{F38E25D1-8A0F-4E81-8CF5-7F25B8EE1A4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F43E3141-A5F7-43B9-B153-85D5C697B305}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | "{F759D9ED-8B9A-4C2C-BB2C-714709D8372A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{F884D324-AEAE-4C9D-BD4E-8F40690FCCD2}" = lport=2869 | protocol=6 | dir=in | app=system | "{F9DC9720-0700-46D5-A75D-6DF9B7419DD5}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe | "{FBA9D1F2-9F20-4C61-B188-0E459BA92FC6}" = rport=1701 | protocol=17 | dir=out | app=system | "{FD1E56AD-DC25-41B5-B175-307876784DF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FDE2A457-5592-4B9B-830E-8E7DB12C7898}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{FE79851C-CE8B-4F91-AB0C-717E4E4294E7}" = rport=5357 | protocol=6 | dir=out | app=system | "{FFFD26EF-0F7A-47F1-926E-3DC5D4C23704}" = lport=80 | protocol=6 | dir=in | name=hypergts.exe | Ach, und nochwas. Das ist der PC meines Sohnes der da nicht so richtig funktionieren will. - Mit den Shootern dort hab ich Persönlich nichts am Hut. Und es wäre nett , wenn du mich auf "Dubiose" Dinge hinweisen könntest. (Mein Sohn weiß ganz genau was ich von Software Piraterie halte.) Ich sage ihm auch immer. "Lädst du dir sowas runter, brauchste dich nicht wundern, das dein PC mit Viren überfüllt ist. (Da fehlt noch ein Kleiner Teil vom extras log) Also. MFG Jörg. |
|
16.03.2011, 20:54
| #4 |
| | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{026CE01C-2819-42E6-A90A-30615D561529}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{0345808C-6766-47D3-9D51-B21A462A93FD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0357A389-A6A4-437E-8922-12895CF2C3A7}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe | "{04D2389A-4E7E-41EE-B8AD-3996E3D22D94}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | "{04EE0AD0-77EF-4EB7-965D-911FFCCA75C0}" = protocol=17 | dir=in | app=c:\users\gamer-pro\appdata\local\microsoft\windows\temporary internet files\content.ie5\f1pt1xib\index[1].nhn_from=desktop | "{0A39113D-D74C-416E-B2D7-65AF799A39F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0C8B0E0C-4B6B-42B9-A3B9-9459606DF097}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | "{0E5EF86B-F430-4870-8FEA-80689E898E9F}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{117B9245-3E1C-4618-B30F-3AFF3CEC7898}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{13EB349E-583E-4B66-ACA7-2721D35CE156}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{14F681BC-D89A-4A65-A7DC-2CFD6A0B4B92}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{17265F8A-2ED1-4C8C-B59E-5F33E17B5CDF}" = protocol=17 | dir=in | app=c:\program files\efusion\blackshot\system\blackshot.exe | "{1BF38A9D-BFBB-478E-8E7B-DE955ABF0548}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{1C61A8B2-1716-4CC8-9E3F-7658F04BA6EE}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{21597371-23D5-4FC0-AEC8-E7838AE6D143}" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe | "{22A697ED-6D7A-4EB1-80D8-B83C16A569D0}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | "{22B43FFA-6C28-435D-BF5A-91018FA75720}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe | "{230422D9-F1D6-4F7C-935B-B890E2EDE83E}" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\gameguard\gameguard.des | "{255407FF-268B-4B36-A38F-FA101C4376DC}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | "{2846B53B-3744-4FCE-9B94-947A3F485A8C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{29815ED1-D786-48F5-8CC0-9C53FCF8466B}" = protocol=6 | dir=in | app=c:\program files\efusion\blackshot\system\blackshot.exe | "{2EE7B4FE-42AC-4C17-9782-3762692A0771}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqimeregdict.exe | "{314484BE-EC76-4011-8ED2-CAD407262A5A}" = protocol=6 | dir=in | app=c:\program files\efusion\blackshot\system\blackshot.exe | "{347C1239-DA85-409A-B10B-311E3D81B7A3}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpyliveup.exe | "{36384461-8C71-45DF-A349-E6BC791140F5}" = protocol=17 | dir=in | app=c:\program files\efusion\blackshot\system\blackshot.exe | "{3C635A5F-56D9-41CD-98CA-2A0DA1F3F89A}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | "{3E2B8CD3-192D-4D5B-8F06-743EAAB1E58C}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqimeregskin.exe | "{3E409EA2-DBF1-4F28-B466-AB63C7DBD333}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3FB64F9F-DA01-4398-914C-5A10AFEA33D8}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpylevel.exe | "{42E84542-1EA2-4527-945D-78BB12E497EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{43F4DEB8-0F4A-4F3C-BCE6-1B662EFD1739}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{4545D6F2-3D3A-451A-A23D-94486A874B99}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{47D69719-29FC-4B72-BDF5-7363ADFC71A9}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe | "{483489A2-6B0D-4484-97C4-DE5FFDF11D38}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4876541C-6EAB-4A1B-8E20-938165F48ADC}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe | "{4EC2AC76-5288-4B52-8D3A-9997171D7288}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{5055852F-90E7-4B2D-B65B-DD3C6480C522}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe | "{50F209EC-A987-435B-8AD7-922C05C0D4FB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5167F569-D9F5-4F32-92A1-43EC9D3FC651}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{52B6E4D6-8131-4D14-81C2-165538F5FF65}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe | "{552DD624-7ED9-4B1A-BC12-2B66E13D95E6}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\live!\live.exe | "{569474D0-1896-4415-8EB3-1D87E33D864E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{56D13F06-ECFD-40EE-8A71-321B972B0C36}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | "{57FE6EE3-2BCC-463F-8D1B-BFA6C91106CD}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{59AB07D2-F39B-4742-A4F8-2947B10034CB}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | "{5E10CC13-325F-48BC-91FC-D4B4BF0D2FB0}" = protocol=6 | dir=out | app=system | "{5EFAB899-081B-451C-A46C-B43A9AD10517}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqwubidownload.exe | "{60CE92C1-F0FE-4BC8-A360-738E4B19BD97}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\war rock\wrlauncher.exe | "{63724DCC-1C07-4F51-8D2C-E2023ED1F321}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{64232480-C95F-44C6-A241-14B5EBFEBCC2}" = protocol=17 | dir=in | app=c:\users\gamer-pro\desktop\aufgeräumte spiele\neuer ordner\minecraftsp.exe | "{66BF9872-DA0F-42D1-8909-F525A6E8EC2B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | "{683FB1C8-9E0B-4574-9188-83410A0C54B8}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe | "{6CE35222-5540-4790-A8D7-8614C9E1938F}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpylevel.exe | "{6DC6070F-1A09-471C-B18E-29F2B1F925A8}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{72B4E865-1554-46EB-ABA3-D9C325FC53AE}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{72BE44AE-5965-4E8A-85F4-D94B69621048}" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\gameguard\gamemon.des | "{73C4D376-5CA0-446F-9224-2346E09BE8B4}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqwubidownload.exe | "{76DB7B71-6258-44D2-ACAA-DE0EAA4E25CE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{7A6CC12B-6EE7-4B58-960B-79678622CDDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7AC21713-26A1-4A3B-8BA4-6CD1CF4B608C}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe | "{7C3CE811-96BD-4701-ADED-C4C1491DC438}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{7DEE332E-84B2-4FE3-8EFA-95EC701E0CF7}" = protocol=17 | dir=in | app=c:\program files\techsmith\camtasia studio 7\camtasiastudio.exe | "{7F1DFEA0-6BBF-483D-8EF8-4DA5D1C07776}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe | "{81F7199D-6D33-4E1A-8EE7-1D00EA912912}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8228C7A2-13F2-4F67-8D04-65B15CBC38BB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{8234AD70-BB14-463F-8BEA-971776BD7DE4}" = protocol=17 | dir=in | app=c:\users\gamer-pro\downloads\sweetimsetup.exe | "{835BA0AC-1E93-417C-9EB3-569E4AEFE388}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | "{84270526-CBD7-4FE1-9FCF-1F5DF52E4079}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{86359691-B955-4856-B76F-EC921BAFA82E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{89E17BE2-FA30-400B-9F0E-FF5662F22DA7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{8AD84060-2850-4C25-88C9-3B6248C00DF9}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | "{8BEEBAE4-C124-449C-BC9E-CFB1F81E0C12}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{8F0F1428-9307-491D-B406-0D0DA2C58ABA}" = protocol=6 | dir=out | app=system | "{91A07A67-C7D1-4349-9C2F-083B95BF48CD}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqimeregdict.exe | "{9233B81C-7DCC-464A-9805-E20ED2DEB0E6}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{956F3AEF-229E-4BE5-9CB9-015B0F660A8F}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | "{97AC6212-9B70-40CC-875F-1505DC8B0878}" = protocol=6 | dir=in | app=c:\users\gamer-pro\desktop\aufgeräumte spiele\neuer ordner\minecraftsp.exe | "{999DD7EC-13FE-4F6C-AF96-D2915EBD57AF}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqimeregskin.exe | "{9AC48DF8-760E-403B-8BB7-2B864857E930}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpydict.exe | "{9BDE90A8-6CCE-42F5-BAE3-38B4FBC53E03}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{9CDDC962-1126-4826-84F1-213D9A66F657}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{A0AD84F6-BFE5-47BB-8C1E-FB8933366AC2}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{A1153E2C-E9E2-45C8-86BB-BF214BE638C4}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{A5770322-33EB-4C85-862B-9AC72A3A34DA}" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\gameguard\gameguard.ver | "{A72F8355-BDC9-4790-9F73-F36C14D43D4F}" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\gameguard\gameguard.ver | "{A9A7C0FC-82C4-4845-BF70-C4FA596F57EE}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{AA324133-BD21-4E7B-BF7C-88D17270F16A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC8B2A8F-894A-4DC8-8969-2BEA7E7A4E8E}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{ACE6F5C6-A7EE-4DDB-B7F7-59DEE21D950E}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\live!\live.exe | "{AD59A577-8C1A-43FD-93E5-E6B6565C9AEA}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{AF341AB2-325F-41CE-985F-74E81E271DE1}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{B13072D4-A1FF-415A-A316-6B9E69EE2E78}" = protocol=6 | dir=in | app=c:\users\gamer-pro\appdata\local\microsoft\windows\temporary internet files\content.ie5\f1pt1xib\index[1].nhn_from=desktop | "{B48023C2-4D8E-469C-B8F4-FDADBB151B92}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{B5415CFA-CD0C-432B-BA76-D249E3CD8660}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{B5C28F31-C25C-4FBA-A595-1BCAEF56D5CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B5DA12BC-5701-498E-A3B4-6262B5FF431B}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | "{B718B238-E73C-4107-90EB-6C5361591AA1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B8EF26EF-691B-4E14-A9B1-D414C57F62D5}" = protocol=6 | dir=in | app=c:\program files\techsmith\camtasia studio 7\camtasiastudio.exe | "{B9E5477A-4DCD-4A64-AC71-56FCE49A82FF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{BB8E7765-0647-4818-8EE7-79BFB94FA2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BD975365-4104-4644-AA5D-01B44A89C2EA}" = protocol=17 | dir=in | app=c:\users\gamer-pro\appdata\local\temp\ijjioptimizer.exe | "{BDFBFF4B-9C48-4ED3-BBF6-2131B8A1C185}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{C1110ECB-8861-4705-80D7-C0C15927259B}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\war rock\wrlauncher.exe | "{C1B092C5-2067-4B8C-A40A-C697760D61FB}" = protocol=6 | dir=in | app=c:\users\gamer-pro\downloads\sweetimsetup.exe | "{C205E077-152B-4EE7-8C26-C07CF6865984}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{C2A1DCD3-1354-47EB-8D95-89240C3CC254}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpyliveup.exe | "{C47248CA-9063-4C82-A2E5-851B37DF1B40}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{C8F02CB9-3F41-4D9D-9005-FB7C16E28E74}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C9E00E39-F923-43F2-BD08-CD0EA7CB4F6A}" = protocol=6 | dir=in | app=c:\users\gamer-pro\appdata\local\temp\ijjioptimizer.exe | "{CB663394-17E5-4BF5-AB7F-476F8636E110}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{CC197DA4-B2E2-4050-ABAE-E4047290CC0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CC6E42F5-D236-4CE8-9897-CC1E98FCD20E}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{CDCEDEA5-3221-4B06-A1CB-9FCAB30244F6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CEB6571E-DB4C-464A-ABF0-485B120D1193}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CF36C0A3-C22D-4CFF-BA58-817FBB13F44B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D2753932-4737-4330-B28E-0C67E98FE43E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{D2FDDB14-9893-45B5-B656-794B8924DC33}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{D804E996-A15A-4B94-B317-BC2418D19942}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D828B908-79EE-4336-BA16-9F0F58866BA0}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{D86B1C95-BF00-496F-8884-F891B40C4E3D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{DC07E1E1-C6F1-45FD-85E4-6C878FBD1B29}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{DD87330E-A784-4D4C-B8DD-0D822988AF50}" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\gameguard\gameguard.des | "{DF3C5282-026E-4927-9CE3-059322FAF383}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{DFC10D31-2139-4139-B220-BB011C006A82}" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe | "{E4CFA707-9025-4AB1-81E4-4CAE2B283659}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe | "{E5F235FA-5A53-4B9D-B89D-2C00F7ABCCF2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{E735C61D-46CE-4F7A-A669-9B0688191F1C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{EAB97194-86E7-49EC-960B-3B6894269D3E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{EBB49147-B8A2-459A-A702-EB95988349D0}" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\gameguard\gamemon.des | "{EC70029B-CFD3-462F-ABCE-27A2F07F4718}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe | "{EC8F5E95-1D2B-454D-B937-E005A4A3ACDF}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe | "{EFC4F379-AA03-4A49-8376-D9255D71F0E4}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpydict.exe | "{EFF54DF7-F442-4CAB-BB30-CB782301E7F3}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpyconfig.exe | "{F0CE3F0F-C078-48F9-8BA4-C2F4AF8B5884}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | "{F11CE493-5D2B-41DA-BED9-892DA10965C0}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.2.805.201\qqpyconfig.exe | "{F144DB97-C65D-466A-B7FE-49615282F189}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F4A28C1A-BD6C-423F-8191-408E9EF881B1}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{F4EEEE58-E3D1-43EC-8025-504237CA6D7D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{F5E0B1BE-E509-41AA-BE58-F1D00AFFFD6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FB692B37-0B35-4CAA-9C45-7F042717B086}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FFF57C43-E33B-44B8-A72B-16FCA96C191D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "TCP Query User{065ABC14-634D-45C8-B50E-EFB92BDD27D4}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{06A7C9E7-DC6B-43E7-AA25-D241E022AB7A}C:\users\gamer-pro\desktop\hypergts\hypergts.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\desktop\hypergts\hypergts.exe | "TCP Query User{0AB810ED-1A1D-49D5-ABD3-41EBD1A8E8FD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0CA67FDA-BA90-4636-BC08-E6F467B5041D}C:\program files\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\reactor\reactor.exe | "TCP Query User{30DB6CA5-266D-40A1-B457-3F33C0DC08C7}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{346A7B96-A4E3-4B5C-A339-FE006C4150B4}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "TCP Query User{4448E775-41C7-4C52-B103-4771ED3DF96B}C:\program files\counter-strike 1.6 v35\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6 v35\hl.exe | "TCP Query User{46AD97C6-941E-4D40-99E8-AA83761D6019}C:\users\gamer-pro\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\appdata\local\temp\7zipsfx.000\cf_downloader.exe | "TCP Query User{49F43BFF-A7DE-4525-A17E-C13D8BA29FB0}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | "TCP Query User{4BCD0C9A-54F7-4339-A65B-D2DEA5AE8794}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{4C390726-14DA-46D5-9A26-4085F48460BB}C:\users\gamer-pro\desktop\neuer ordner\launchserver.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\desktop\neuer ordner\launchserver.exe | "TCP Query User{4CC01F0B-5730-42F9-91A9-CCEA90367F42}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4D35F2B6-28D4-44AF-9B93-F2F054B47F48}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "TCP Query User{4E96D9C3-0B85-4DC8-A496-B577B8E7A5BF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{5253149C-D6E0-4219-B616-60C62BF10F3F}C:\users\gamer-pro\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\program files\dna\btdna.exe | "TCP Query User{584027E3-72D0-4D7E-87BD-2F2B18AF7216}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{59EFD7C3-FB91-485E-BD9E-3B6BC5285197}C:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiß wohin sie gehören\hypergts\hypergts.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiss wohin sie gehören\hypergts\hypergts.exe | "TCP Query User{5E043488-C40C-4C75-8C62-CEF5ADB54B94}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe | "TCP Query User{62503B94-E1C9-4DFA-A535-27D093D29BEF}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | "TCP Query User{6D9F7FFC-4AA6-4CE6-B4DF-9B5C03A081E0}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe | "TCP Query User{82E62ACA-0BA6-40B6-902E-E28320B09F8B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{82FF8376-E9EA-4B33-969D-1CF39471E75C}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{85211709-7BFA-42A1-BD9F-BB45A30A5849}C:\users\gamer-pro\desktop\aufgeräumte spiele\neuer ordner\mcadmin.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\desktop\aufgeräumte spiele\neuer ordner\mcadmin.exe | "TCP Query User{86FFE72F-EABE-4FDB-9629-60CCFE425282}C:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe | "TCP Query User{8E5E165C-03B6-40DE-BD44-26A6EA9C24E8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{9E2A11BA-C4B9-4559-88FA-D121FA9CDBC6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A5AB4B1A-8A22-4B9F-AA02-1B3E101857F8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{AEC597C7-25F6-43EC-ADAB-07B5BFF2C4FD}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "TCP Query User{B0764E86-07C7-4034-A90C-F9766B920E03}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{B4CADD24-EB14-4045-A5F2-0DD8912946AB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{B51B2ABC-73D1-4AF1-B0DD-765A1071934A}C:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262.exe | "TCP Query User{C5C0FADE-7CA7-4BEE-A230-C91A5A86C11E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{C614EB58-BF7F-4B7A-908A-31182CA09E34}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe | "TCP Query User{CDC795E7-DEE5-4CCB-98FE-23EA120DB866}C:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262_slim.exe | "TCP Query User{D1A865F2-25AD-4840-A186-061F891137DC}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{D58B77D6-97C6-4986-8B5E-2227CB7B3E51}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{DAAB68D3-41D3-43E6-A34F-798D9274EF65}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | "TCP Query User{E05C17D0-B5C1-4E81-93AC-29FC97539822}C:\users\gamer-pro\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | "TCP Query User{E0CECDE1-7C60-409D-81C6-02AC03EE5AB9}C:\program files\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steamless counterstrikesource pack\hl2.exe | "TCP Query User{EC826970-9D7F-47E1-8582-632D3E16C919}C:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiß wohin sie gehören\hypergts\hypergts.exe" = protocol=6 | dir=in | app=c:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiss wohin sie gehören\hypergts\hypergts.exe | "TCP Query User{F33067DB-FB5D-4266-BBF1-5866E06C168E}C:\program files\counter strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter strike 1.6\hl.exe | "TCP Query User{F9CEB216-73E5-423A-9D1B-0A88C1E34FEC}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{04514E41-1262-402A-8D2A-D7BB6283C672}C:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262.exe | "UDP Query User{123A4EE0-6C30-4C46-9FF4-B6FEE81C3BB7}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{1A506AE2-9547-4AE8-ABE3-AC06557130ED}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "UDP Query User{2121CD03-51BC-476D-9D7F-2D10F7929E37}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{21A0CCEA-1D3A-4D7D-88A1-39497974373B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{277D72BB-3948-4933-B655-AB4F59A3CB95}C:\users\gamer-pro\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | "UDP Query User{2D186F08-8BE4-4BC1-9CF7-F83BEAD8E7BB}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{332428F3-1865-4DE2-80E3-36440B488025}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{43E4726F-B77E-485D-AF14-A2E2E0104AC7}C:\program files\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\reactor\reactor.exe | "UDP Query User{4B36B077-0009-4CE1-97DF-F66261880607}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4D21543E-4309-4221-9D2A-DCD478DDA210}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{56AD3BF4-DC97-40D2-AC24-C7347AA6F50D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{5AED11E3-2AB3-4190-AA4C-3A792DAA3DE8}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe | "UDP Query User{6173626C-63A4-4FB0-B555-8B44E646E822}C:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiß wohin sie gehören\hypergts\hypergts.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiss wohin sie gehören\hypergts\hypergts.exe | "UDP Query User{627A30BD-3FF4-4D8E-9F06-6BC6081EF943}C:\program files\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steamless counterstrikesource pack\hl2.exe | "UDP Query User{719B0323-E642-4AA9-AC8E-C4BC81542390}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe | "UDP Query User{72B94C19-39EA-4081-9AED-E20E9EC3FEE2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{7D4D4F27-22D6-4C6F-97B0-5FA58CA39214}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | "UDP Query User{846A689F-D030-42EA-98A5-E315276FB40C}C:\program files\counter-strike 1.6 v35\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6 v35\hl.exe | "UDP Query User{8D581E28-1E24-4EE1-88C0-B1057B6B7325}C:\program files\counter strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter strike 1.6\hl.exe | "UDP Query User{929B03FB-CDE7-4187-8900-B450B92487BC}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "UDP Query User{9474584D-9330-4B26-A989-40B8DAAAF1CE}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{94AFBC34-B77E-46D7-B42E-76809BC0CFCD}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{A159C74A-4DCA-4FF5-81A3-377BB723DC18}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "UDP Query User{A21D0772-DCF2-4D82-9056-0EFB40E64838}C:\users\gamer-pro\desktop\neuer ordner\launchserver.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\desktop\neuer ordner\launchserver.exe | "UDP Query User{A2301F86-A595-4EF8-8D59-811391A77F88}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | "UDP Query User{A36B99A4-A3FB-4F11-8D5F-EF3374915C14}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{A7EE1DFA-94D2-420C-8833-FDE159CBDC01}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{AEBC2C55-49FD-48B2-9D40-EEA4770C6AD1}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | "UDP Query User{B35E97F4-28ED-45A9-9DF7-58C4526FBC6C}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe | "UDP Query User{B6536A9A-5DED-41F6-867F-172293964E0A}C:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe | "UDP Query User{BECED517-F098-426E-9E3E-EC88008620B4}C:\users\gamer-pro\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\appdata\local\temp\7zipsfx.000\cf_downloader.exe | "UDP Query User{CACD2BFD-B238-4A55-BD61-6F933D1F4117}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{D3C62650-4250-4F76-9D66-5FB8D033E13E}C:\users\gamer-pro\desktop\hypergts\hypergts.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\desktop\hypergts\hypergts.exe | "UDP Query User{D41381E3-8DB4-47D7-A412-81E753F250FA}C:\users\gamer-pro\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\program files\dna\btdna.exe | "UDP Query User{DE880ED2-072E-4A08-8F38-8D354CD4F868}C:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\downloads\yuleech-runes_of_magic_3_0_5_2262_slim.exe | "UDP Query User{DFDD38B3-F9D5-4454-8DB8-18DF1399556D}C:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiß wohin sie gehören\hypergts\hypergts.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\desktop\alles sonstige wo ich nicht weiss wohin sie gehören\hypergts\hypergts.exe | "UDP Query User{E300BE90-C652-4B5B-A0EA-BBC06159B85B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{E85CC5A0-9701-41CB-B0AA-ECBDA5CC55A3}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{F1136881-9FA8-4E00-AC06-82842CA277D6}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{F15D6886-3710-42FB-A8B3-566FDC7A115C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{F4512AF9-CEA5-42D7-96D0-80B1295095E0}C:\users\gamer-pro\desktop\aufgeräumte spiele\neuer ordner\mcadmin.exe" = protocol=17 | dir=in | app=c:\users\gamer-pro\desktop\aufgeräumte spiele\neuer ordner\mcadmin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{17C58D81-1544-46C1-9B97-D99BECAF4509}" = HP JavaCard for HP ProtectTools "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7 "{1A621A2F-98F6-4373-89A2-8ED16076990A}" = WinRez LT Studio "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22877DAE-EA0A-47BB-9DB3-47D46CFF885F}" = SlimComputer "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24 "{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C8CDDCF-D09A-11DF-8BB6-0013D3D69929}" = Vegas Pro 10.0 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0 "{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4 "{5EB3F5E2-1533-42D2-97C2-E0BA06CA6939}" = GenesisAD "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{620CAD2D-0757-43A9-AA5F-C8D48A1E4D85}_is1" = BigMacroTool 1.5 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{674636D6-F844-4ACB-AA56-3F4E55F172D6}" = SlimDrivers "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6EBF5C73-D05A-485D-AB60-E557F9947359}" = Oracle VM VirtualBox 3.2.10 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{732799C0-7785-43C5-8496-71546A062992}" = SuddenAttackNA "{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite "{78584C1B-8F7B-4B24-80D1-02B309F67AB3}" = Privacy Manager for HP ProtectTools "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools "{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8791DF85-6CCB-4A58-B48F-30BEF9183940}" = MAGIX Video deluxe 17 Premium Video Plugins "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0 "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version "{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR "{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86 "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C0EC00E5-A2DE-4700-B731-92BC50B53DFA}" = HP ProtectTools Security Manager "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{CE9FEF4B-B88C-45DE-B89A-42BEAE7D6601}" = SlimCleaner "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EE1AE5E9-6ECE-4ADF-A28A-56A981E138D4}" = Credential Manager for HP ProtectTools "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F6CBE802-676B-4892-AC47-A6D8FC65D140}" = BIOS Configuration for HP ProtectTools "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Akamai" = Akamai NetSession Interface "Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.4 "avast" = avast! Internet Security "AVMWLANCLI" = AVM FRITZ!WLAN "BlackShot" = BlackShot "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "conduitEngine" = Conduit Engine "Cross Fire_is1" = Cross Fire En "CSI-Mord in 3 Dimensionen" = CSI-Mord in 3 Dimensionen 1.0 "DFÜ-Optimierer" = DFÜ-Optimierer 1.40 "DivX Setup.divx.com" = DivX-Setup "EpicBot" = EpicBot "Eternia CrossFire" = Eternia CrossFire "Evil Player" = Evil Player v1.31 "Fraps" = Fraps (remove only) "Half-Life" = Half-Life "HECI" = Intel(R) Management Engine Interface "HyperCam 3" = HyperCam 3 "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "JDownloader" = JDownloader "LogMeIn Hamachi" = LogMeIn Hamachi "lvdrivers_11.70" = Logitech QuickCam-Treiberpaket "MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MESOL" = Intel® Active-Management-Technologie "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "midicase Toolbar" = midicase Toolbar "Mission Against Terror Online_is1" = MATonline2.1.6.321 "Mozilla Firefox (2.0.0.15)" = Mozilla Firefox (2.0.0.15) "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "Mozilla Firefox 4.0b11 (x86 de)" = Mozilla Firefox 4.0b11 (x86 de) "Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de) "Neffy" = Neffy 1,3,29,0 "NosTale(DE)_is1" = Nostale(DE) "OpenAL" = OpenAL "Opera 11.01.1190" = Opera 11.01 "OPERATION7" = OPERATION7 "PDF Complete" = PDF Complete "PE Builder_is1" = PE Builder 3.1.10a "PlayClaw 1.8 build 760" = PlayClaw 1.8 build 760 "PunkBusterSvc" = PunkBuster Services "Quick Memory Editor_is1" = Quick Memory Editor 5.5 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0 "RealPlayer 12.0" = RealPlayer "Sandboxie" = Sandboxie 3.50 "SimpleScreenshot" = SimpleScreenshot 1.30 "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 400" = Portal "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "TeamViewer 6" = TeamViewer 6 "TmNationsForever_is1" = TmNationsForever "Unlocker" = Unlocker 1.9.0 "uTorrent" = µTorrent "VistaGlazz_is1" = VistaGlazz 2.1 "VLC media player" = VLC media player 1.1.7 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Opera Update Checker" = Opera Update Checker "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinSetupFromUSB" = WinSetupFromUSB ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.03.2011 09:46:37 | Computer Name = Gamer-Pro-PC | Source = WinMgmt | ID = 10 Description = Error - 10.03.2011 10:09:08 | Computer Name = Gamer-Pro-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 11:07:50 | Computer Name = Gamer-Pro-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 12:25:39 | Computer Name = Gamer-Pro-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 18:38:00 | Computer Name = Gamer-Pro-PC | Source = Application Hang | ID = 1002 Description = Programm Videodeluxe.exe, Version 10.0.0.32 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 13b8 Anfangszeit: 01cbe036b5605854 Zeitpunkt der Beendigung: 82 Error - 11.03.2011 18:56:19 | Computer Name = Gamer-Pro-PC | Source = Application Hang | ID = 1002 Description = Programm Videodeluxe.exe, Version 10.0.0.32 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 106c Anfangszeit: 01cbe03ecfe37ab4 Zeitpunkt der Beendigung: 0 Error - 12.03.2011 04:19:46 | Computer Name = Gamer-Pro-PC | Source = WinMgmt | ID = 10 Description = Error - 14.03.2011 10:15:59 | Computer Name = Gamer-Pro-PC | Source = WinMgmt | ID = 10 Description = Error - 14.03.2011 15:59:28 | Computer Name = Gamer-Pro-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung hl.exe, Version 1.1.0.8, Zeitstempel 0x3b9e639b, fehlerhaftes Modul hl.dll, Version 0.0.0.0, Zeitstempel 0x3ba0e857, Ausnahmecode 0xc0000005, Fehleroffset 0x0001691e, Prozess-ID 0x8d4, Anwendungsstartzeit 01cbe27e3964bd57. Error - 14.03.2011 16:00:48 | Computer Name = Gamer-Pro-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung hl.exe, Version 1.1.0.8, Zeitstempel 0x3b9e639b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0xcb3b3424, Prozess-ID 0x1154, Anwendungsstartzeit 01cbe28257c98387. [ Credential Manager Events ] Error - 03.02.2011 11:26:50 | Computer Name = Gamer-Pro-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Gamer-Pro@Gamer-Pro-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 03.02.2011 11:26:50 | Computer Name = Gamer-Pro-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Gamer-Pro@Gamer-Pro-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 14.02.2011 10:20:11 | Computer Name = Gamer-Pro-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Gamer-Pro@Gamer-Pro-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 14.02.2011 10:20:11 | Computer Name = Gamer-Pro-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Gamer-Pro@Gamer-Pro-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 20.02.2011 17:02:59 | Computer Name = Gamer-Pro-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Gamer-Pro@Gamer-Pro-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 20.02.2011 17:02:59 | Computer Name = Gamer-Pro-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Gamer-Pro@Gamer-Pro-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 24.02.2011 04:57:23 | Computer Name = Gamer-Pro-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Administrator@Gamer-Pro-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 24.02.2011 04:57:23 | Computer Name = Gamer-Pro-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Administrator@Gamer-Pro-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 07.03.2011 15:53:49 | Computer Name = Gamer-Pro-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Gamer-Pro@Gamer-Pro-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 07.03.2011 15:53:49 | Computer Name = Gamer-Pro-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Gamer-Pro@Gamer-Pro-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP [ System Events ] Error - 15.03.2011 11:18:52 | Computer Name = Gamer-Pro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2011 11:18:52 | Computer Name = Gamer-Pro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2011 11:20:39 | Computer Name = Gamer-Pro-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 15.03.2011 17:20:45 | Computer Name = Gamer-Pro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2011 17:20:45 | Computer Name = Gamer-Pro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2011 17:23:27 | Computer Name = Gamer-Pro-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 15.03.2011 17:35:36 | Computer Name = Gamer-Pro-PC | Source = Service Control Manager | ID = 7034 Description = Error - 16.03.2011 10:13:47 | Computer Name = Gamer-Pro-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 16.03.2011 10:14:20 | Computer Name = Gamer-Pro-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16.03.2011 10:14:20 | Computer Name = Gamer-Pro-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Da noch das letzte Stückchen. |
|
16.03.2011, 21:15
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2011, 21:29
| #6 | |
| | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab.Zitat:
|
|
17.03.2011, 08:56
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 24 bytes -> C:\Windows:7CC8249B25710D07
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3e94a053-84f7-11df-af58-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3e94a053-84f7-11df-af58-806e6f6e6963}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{60579eca-64de-11df-97b2-001a4f9f76df}\Shell - "" = AutoRun
O33 - MountPoints2\{60579eca-64de-11df-97b2-001a4f9f76df}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{6d65ca9a-5a0a-11df-b6f8-001a4f9f76df}\Shell - "" = AutoRun
O33 - MountPoints2\{6d65ca9a-5a0a-11df-b6f8-001a4f9f76df}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{7a001e31-5623-11df-8782-002264af9d1e}\Shell - "" = AutoRun
O33 - MountPoints2\{7a001e31-5623-11df-8782-002264af9d1e}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{9ff8c48f-7f77-11df-b290-002264af9d1e}\Shell - "" = AutoRun
O33 - MountPoints2\{9ff8c48f-7f77-11df-b290-002264af9d1e}\Shell\AutoRun\command - "" = G:\pushinst.exe
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 20:12
| #8 | |
| | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Ich habe das Script ausgeführt. Problem besteht weiterhin. Da war aber noch ein gewisses Textlog... Weißt du vielleicht irgendetwas damit anzufangen? (Und ähm Entschuldigung für die so späte Meldung. Hab viel um die Ohren.) Zitat:
|
|
17.03.2011, 21:10
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 21:43
| #10 |
| | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Es staret. Meldet aber, das AVG vorher abgeschaltet werden solle. (Was komisch ist, da Avast auf dem PC installiert ist.) (Vielleicht einige Registry Keys die im System hängen geblieben sind?) |
|
17.03.2011, 21:52
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Oh, AVG bitte vorher deinstallieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 21:59
| #12 |
| | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Ich habe den sogenannten AVG Remover runtergeladen und ausgeführt. Keine änderung bisher. |
|
17.03.2011, 22:07
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. AVG ist runter? Wenn ja, bitte Windows neu starten, cofi.exe neu runterladen und nochmal probieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 22:37
| #14 |
| | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Boah, das ist ja so ein Mist , das ich ja schon lachen muss XD. Kann keine Verknüpfung generell kein Programm aufrufen (Wenn schon dann übern Task-Manager.) Combofix hat auch Brav sein Log rausgegeben. Combofix Logfile: Code:
ATTFilter ComboFix 11-03-16.06 - Gamer-Pro 17.03.2011 22:03:23.1.2 - x86
ausgeführt von:: c:\users\Gamer-Pro\Desktop\cofi.exe.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100715.txt
c:\cflog\CrashLog_20100925.txt
c:\cflog\CrashLog_20101109.txt
c:\cflog\CrashLog_20101219.txt
c:\cflog\CrashLog_20110102.txt
c:\cflog\CrashLog_20110110.txt
c:\cflog\CrashLog_20110111.txt
c:\cflog\CrashLog_20110113.txt
c:\cflog\CrashLog_20110217.txt
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\WhiteSmoke
c:\users\Gamer-Pro\AppData\Roaming\chrtmp
c:\windows\system32\BReWErS.dll
c:\windows\system32\server.log
c:\windows\system32\system
.
c:\windows\system32\userinit.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-17 bis 2011-03-17 ))))))))))))))))))))))))))))))
.
.
2011-03-17 21:17 . 2011-03-17 21:23 -------- d-----w- c:\users\Gamer-Pro\AppData\Local\temp
2011-03-17 21:17 . 2011-03-17 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-17 21:17 . 2011-03-17 21:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-03-17 19:00 . 2011-03-17 19:00 -------- d-----w- C:\_OTL
2011-03-15 21:14 . 2011-03-15 21:14 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 21:14 . 2011-03-15 21:14 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 21:14 . 2011-03-15 21:14 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe
2011-03-15 21:14 . 2011-03-15 21:14 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe
2011-03-15 21:14 . 2011-03-15 21:14 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-03-15 21:14 . 2011-03-15 21:14 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-03-15 21:12 . 2011-03-15 21:12 766976 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-03-15 21:12 . 2011-03-15 21:12 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 21:12 . 2011-03-15 21:12 149504 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll
2011-03-15 21:12 . 2011-03-15 21:12 386560 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2011-03-15 21:12 . 2011-03-15 21:12 22016 ----a-w- c:\program files\Internet Explorer\ExtExport.exe
2011-03-13 19:47 . 2011-03-13 19:47 -------- d-----w- C:\SAVE
2011-03-13 19:45 . 2011-03-13 19:45 -------- d-----w- C:\Sierra
2011-03-13 16:00 . 2011-03-13 18:27 -------- d-----w- c:\users\Gamer-Pro\.tectonicus
2011-03-13 16:00 . 2011-03-13 16:00 -------- d-----w- c:\users\Gamer-Pro\AppData\Roaming\Minetographer
2011-03-13 15:57 . 2011-03-13 15:57 -------- d-----w- c:\users\Gamer-Pro\Minetographer
2011-03-11 21:27 . 2011-03-11 21:27 -------- d-----w- c:\users\Gamer-Pro\AppData\Local\Xara
2011-03-11 21:27 . 2011-03-11 21:27 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2011-03-11 21:23 . 2011-03-11 21:24 -------- d-----w- c:\program files\MAGIX
2011-03-11 21:23 . 2011-03-11 21:24 -------- d-----w- c:\programdata\MAGIX
2011-03-11 21:23 . 2011-03-11 21:23 -------- d-----w- c:\program files\Common Files\MAGIX Services
2011-03-11 21:03 . 2011-03-11 21:27 -------- d-----w- c:\users\Gamer-Pro\AppData\Roaming\MAGIX
2011-03-09 13:53 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 13:53 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 13:53 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 13:53 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 13:53 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 13:53 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 20:02 . 2011-03-11 21:48 -------- d-----w- c:\program files\Eternia CrossFire
2011-03-05 06:32 . 2011-03-05 12:54 -------- d-----w- c:\program files\Runes of Magic
2011-03-04 19:19 . 2011-03-04 19:19 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-02-28 11:16 . 2010-02-15 11:03 286208 ----a-w- c:\windows\system32\binkw32.dll
2011-02-27 18:36 . 2011-02-27 18:55 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-02-27 18:35 . 2011-02-27 18:35 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-02-27 18:25 . 2011-02-27 18:25 -------- d-----w- c:\windows\system32\Te_mp_B_S!!
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-24 18:28 . 2011-02-24 18:28 -------- d-----w- c:\program files\avmwlanstick
2011-02-24 18:28 . 2008-09-05 01:01 4352 ----a-r- c:\windows\system32\drivers\avmeject.sys
2011-02-23 15:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-21 14:26 . 2011-02-28 11:25 -------- d-----w- c:\program files\F.E.A.R. 2
2011-02-17 18:19 . 2011-03-17 19:35 -------- d-----w- C:\LocalDumps
2011-02-16 21:09 . 2011-02-16 21:09 -------- d-----w- C:\478fde374e3ba64a6f5633690822ee84
2011-02-16 17:14 . 2011-02-16 17:14 -------- d-----w- c:\program files\Feedback Tool
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2011-02-14 22:14 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-14 22:14 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2011-02-14 22:16 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2011-02-14 22:14 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2011-02-14 22:14 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2011-02-14 22:14 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2011-02-14 22:16 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-19 05:48 . 2011-02-14 22:14 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 20:40 . 2010-05-09 18:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:37 . 2011-02-09 19:42 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 19:42 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 19:42 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 19:42 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 19:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 19:42 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:07 . 2011-02-09 19:42 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 19:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 19:42 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 19:42 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 19:42 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 19:42 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 19:42 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 19:42 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 19:42 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 19:42 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 19:42 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 19:42 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 19:42 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 19:42 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 19:42 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 19:42 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 19:42 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 19:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 19:42 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 19:42 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 19:42 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 19:42 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 09:41 . 2011-02-11 13:48 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9FB5634-552E-44E3-A742-543BDA9303AA}\mpengine.dll
2011-01-12 18:08 . 2011-01-12 18:08 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-01-12 18:02 . 2011-01-12 18:02 47560 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-01-12 18:01 . 2011-01-12 18:01 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-01-12 18:01 . 2011-01-12 18:01 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-01-12 18:01 . 2011-01-12 18:01 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2011-01-08 08:47 . 2011-02-09 19:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 19:41 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 19:42 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 13:54 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-27 14:14 . 2010-12-04 13:31 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2010-12-27 14:14 . 2010-07-25 15:37 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-12-20 17:09 . 2011-01-11 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-11 14:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
.
[-] 2010-07-14 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 09:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
2011-01-03 09:16 175400 ----a-w- c:\program files\midicase\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d8d66f3-14fc-4736-a096-fac0ea66289c}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D8D66F3-14FC-4736-A096-FAC0EA66289C}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2000-01-01 1310720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2008-09-05 1794048]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe" [2008-08-07 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-04-21 09:48 69632 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2008-06-18 12:05 24848 ----a-w- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-25 18:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-25 18:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 17:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 18:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-10-17 22:42 404200 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 18:01 525824 ----a-w- c:\program files\HP\SetRefresh\SetRefresh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" -bootmode
"Steam"="c:\program files\steam\steam.exe" -silent
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Google Update"="c:\users\Gamer-Pro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"PTHOSTTR"=c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"File Sanitizer"=c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
R2 0065941272830566mcinstcleanup;McAfee Application Installer Cleanup (0065941272830566);c:\users\GAMER-~1\AppData\Local\Temp\006594~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R2 myAgtSvc;McAfee-Dienst zum Schutz vor Viren und Spyware;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2008-09-05 4352]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2008-04-09 32256]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLCDLOCK;HP ProtectTools Gerätesperre/Überwachung;c:\windows\system32\flcdlock.exe [2008-04-21 349432]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-12-07 3988144]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-08 31504]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva348;XDva348;c:\windows\system32\XDva348.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva361;XDva361;c:\windows\system32\XDva361.sys [x]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva366;XDva366;c:\windows\system32\XDva366.sys [x]
R3 XDva367;XDva367;c:\windows\system32\XDva367.sys [x]
R3 XDva368;XDva368;c:\windows\system32\XDva368.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva372;XDva372;c:\windows\system32\XDva372.sys [x]
R3 XDva374;XDva374;c:\windows\system32\XDva374.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva377;XDva377;c:\windows\system32\XDva377.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva384;XDva384;c:\windows\system32\XDva384.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xspirit;xspirit;c:\users\GAMER-~1\AppData\Local\Temp\xspirit.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-07 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-07-11 191872]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-10-08 143184]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-10-08 41936]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-27 185896]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-07-25 20480]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-06-23 77824]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-04-07 576024]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-07-19 2054680]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-12-10 197800]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-10-08 111568]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 20:05]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 20:05]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126018047-4160642244-3195430115-1001Core.job
- c:\users\Gamer-Pro\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 11:04]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3126018047-4160642244-3195430115-1001UA.job
- c:\users\Gamer-Pro\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 11:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=smb&pf=desktop
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = fritz.box
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.CAB
FF - ProfilePath - c:\users\Gamer-Pro\AppData\Roaming\Mozilla\Firefox\Profiles\1qbfj4l8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Test Pilot: testpilot@labs.mozilla.com - %profile%\extensions\testpilot@labs.mozilla.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-BitTorrent DNA - c:\users\Gamer-Pro\Program Files\DNA\btdna.exe
MSConfigStartUp-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 22:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\## aswSnx private storage
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5968)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\msfeedssync.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-17 22:29:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-17 21:29
.
Vor Suchlauf: 30 Verzeichnis(se), 40.895.074.304 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 40.618.614.784 Bytes frei
.
- - End Of File - - 95819AB9E728768DC63CE01E4935CFD3
|
|
18.03.2011, 11:50
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
c:\windows\system32\Te_mp_B_S!!
File::
c:\windows\system32\XDva349.sys
c:\windows\system32\XDva352.sys
c:\windows\system32\XDva359.sys
c:\windows\system32\XDva361.sys
c:\windows\system32\XDva362.sys
c:\windows\system32\XDva366.sys
c:\windows\system32\XDva367.sys
c:\windows\system32\XDva368.sys
c:\windows\system32\XDva370.sys
c:\windows\system32\XDva372.sys
c:\windows\system32\XDva374.sys
c:\windows\system32\XDva375.sys
c:\windows\system32\XDva377.sys
c:\windows\system32\XDva379.sys
c:\windows\system32\XDva380.sys
c:\windows\system32\XDva382.sys
c:\windows\system32\XDva383.sys
c:\windows\system32\XDva384.sys
c:\windows\xhunter1.sys
c:\users\GAMER-~1\AppData\Local\Temp\xspirit.sys
c:\windows\vtany.sys
Driver::
vtany
xspirit
xhunter1
XDva348
XDva349
XDva352
XDva359
XDva361
XDva362
XDva366
XDva367
XDva368
XDva370
XDva372
XDva374
XDva375
XDva377
XDva379
XDva380
XDva382
XDva383
XDva384
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Internet Explorer 9 öffnet im "Schnelldurchlauf" die Homepage und stürzt dann ab. |
| bereits, durchschauen, einfach, explorer, extras, gespeichert, google, hochladen, homepage, initiative, inter, interne, internet, internet explorer, log, malewarebytes, neu, otl log, problem, sache, stürzt, versuch, wenig, ziemlich, zunge, öffnet |
Linear-Darstellung
