| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Brauche dringend Hilfe tr/kazy.mekml.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.04.2011, 00:11
| #1 |
 |  Brauche dringend Hilfe tr/kazy.mekml.1 Hallo zusammen, Ich muss am Mittwoch eine wichtige präsentationsarbeit abgeben und wie es das Schicksal so will hab ich jetzt den oben genannten Trojaner. Das Problem ist Firefox und ander Programme hängen sich dauernd auf =>keine Rückmeldung hab jetzt geschafft malewarebytes und otl runterzuladen... Wie soll ich weitervorgehen da ja oft dann keine Rückmeldung angezeigt wird und irgendwann der pc runter fährt... Ich hoffe auf eure Hilfe MfG hainz habe es endlich geschafft ohne abstürzen malewarebytes durchzuführen den quik scan versuche jetzt gleich den kompletten scan hier der log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6415 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.04.2011 09:34:58 mbam-log-2011-04-22 (09-34-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167124 Laufzeit: 7 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2980 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. hier der log vom kompletten scan : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6417 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.04.2011 10:33:11 mbam-log-2011-04-22 (10-33-11).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|) Durchsuchte Objekte: 333753 Laufzeit: 51 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\image-line\toxic biohazard\toxic biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\Users\karl-heinz\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\OIJ38P3U\readme[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. log vom otl scan:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.04.2011 10:42:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Karl-Heinz\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,63 Gb Total Space | 384,45 Gb Free Space | 55,03% Space Free | Partition Type: NTFS Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Karl-Heinz\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.03 10:51:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.03 10:51:31 | 000,000,000 | ---D | M] [2008.09.29 04:18:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Extensions [2011.04.03 10:24:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions [2009.09.27 17:01:06 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.03.25 23:48:29 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Karl-Heinz\AppData\Roaming\mozilla\Firefox\Profiles\t7xfopuu.default\extensions\moveplayer@movenetworks.com [2011.04.16 17:31:30 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-1.xml [2009.07.23 18:56:08 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-10.xml [2009.08.10 17:16:38 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-11.xml [2009.09.11 17:50:03 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-12.xml [2009.10.29 19:40:58 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-13.xml [2009.12.21 13:51:12 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-14.xml [2010.01.10 19:00:41 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-15.xml [2010.02.22 09:38:00 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-16.xml [2010.04.04 19:36:11 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-17.xml [2011.04.03 10:53:05 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-18.xml [2008.11.16 02:44:27 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-2.xml [2008.12.23 15:03:12 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-3.xml [2009.02.08 19:32:10 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-4.xml [2009.03.06 20:34:23 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-5.xml [2009.03.29 01:24:06 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-6.xml [2009.04.23 02:12:29 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-7.xml [2009.04.28 22:41:52 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-8.xml [2009.06.13 13:03:45 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin-9.xml [2008.09.29 04:19:02 | 000,000,950 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\t7xfopuu.default\searchplugins\icqplugin.xml [2011.04.03 10:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.07.14 19:52:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Auto\command - "" = auto.exe O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Explore\command - "" = MS-DOS.com O33 - MountPoints2\{2d393322-d79e-11df-b34f-0022150e595e}\Shell\Open\command - "" = MS-DOS.com O33 - MountPoints2\{6eaa7920-a272-11dd-a4f1-0022150e595e}\Shell\AutoRun\command - "" = G:\setupSNK.exe O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell - "" = AutoRun O33 - MountPoints2\{94b19c8b-e471-11dd-8e2f-0022150e595e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 00:25:36 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Malwarebytes [2011.04.22 00:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.22 00:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.22 00:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.22 00:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.22 00:24:11 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 23:34:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe [2011.04.21 23:19:07 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.16 18:09:35 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Documents\PU [2011.04.03 11:48:11 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Desktop\Ger Best [2011.04.03 11:36:50 | 000,000,000 | -H-D | C] -- C:\Users\Karl-Heinz\Desktop\Samples Nano Studio [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 10:42:07 | 001,635,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.22 10:42:07 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.22 10:42:07 | 000,655,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.22 10:42:07 | 000,157,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.22 10:42:07 | 000,128,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.22 10:40:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Karl-Heinz\Desktop\OTL.exe [2011.04.22 10:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 10:36:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 10:36:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 00:25:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 00:24:13 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Karl-Heinz\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 23:21:43 | 000,000,120 | ---- | M] () -- C:\ProgramData\~43114248r [2011.04.21 23:21:43 | 000,000,104 | ---- | M] () -- C:\ProgramData\~43114248 [2011.04.21 23:19:11 | 000,000,583 | -H-- | M] () -- C:\Users\Karl-Heinz\Desktop\Windows Recovery.lnk [2011.04.21 23:19:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\43114248 [2011.04.21 23:18:54 | 000,487,424 | ---- | M] () -- C:\ProgramData\43114248.exe [2011.04.21 17:47:25 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job [2011.04.18 22:37:41 | 000,211,456 | -H-- | M] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.03 10:51:36 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.22 00:25:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 00:25:21 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.21 23:21:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~43114248r [2011.04.21 23:21:42 | 000,000,104 | ---- | C] () -- C:\ProgramData\~43114248 [2011.04.21 23:19:11 | 000,000,583 | -H-- | C] () -- C:\Users\Karl-Heinz\Desktop\Windows Recovery.lnk [2011.04.21 23:19:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\43114248 [2011.04.21 23:18:51 | 000,487,424 | ---- | C] () -- C:\ProgramData\43114248.exe [2011.04.03 10:51:36 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.02.26 15:17:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2008.11.21 17:57:41 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2008.10.25 12:33:40 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2008.10.03 20:10:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2008.09.29 14:56:15 | 000,000,098 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\fusioncache.dat [2008.09.29 13:18:10 | 000,059,225 | ---- | C] () -- C:\Windows\War3Unin.dat [2008.09.29 12:15:20 | 001,524,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.09.29 12:13:46 | 000,189,672 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2008.09.29 12:13:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2008.09.29 12:13:43 | 000,070,968 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2008.09.29 06:26:50 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008.09.29 06:26:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.09.29 05:47:55 | 000,211,456 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.29 04:18:33 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2008.09.29 04:18:32 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2008.09.29 04:18:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008.09.29 04:18:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2008.09.29 04:10:46 | 000,032,124 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.09.29 04:10:30 | 000,031,749 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.09.29 04:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.29 02:39:43 | 000,000,732 | -H-- | C] () -- C:\Users\Karl-Heinz\AppData\Local\d3d9caps64.dat [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008.08.21 03:36:01 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2008.11.07 16:48:55 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo [2008.10.03 20:12:17 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\concept design [2010.09.10 19:18:03 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\ICQ [2008.10.02 18:53:34 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Leadertech [2009.12.22 20:33:00 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2008.12.09 16:20:52 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Red Alert 3 Demo [2008.09.29 05:39:39 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\streamripper [2009.04.23 14:00:56 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\The Creative Assembly [2011.02.06 10:49:29 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\TuneUp Software [2009.06.26 16:48:34 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\Ubisoft [2010.12.01 00:11:02 | 000,000,000 | -H-D | M] -- C:\Users\Karl-Heinz\AppData\Roaming\XMedia Recode [2011.04.22 10:35:22 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.21 17:47:25 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3868D33-78E3-4DCF-A3D1-C8A942FCF4F5}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 478 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 10:42:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Karl-Heinz\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 384,45 Gb Free Space | 55,03% Space Free | Partition Type: NTFS
Computer Name: KARL-HEINZ-PC | User Name: Karl-Heinz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-688148533-2580855891-255624100-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4795CF89-B1B1-4173-9297-2F7426F9C0FE}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A418C75D-9024-4E11-A22A-A82D0211106C}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{B8EE4FB7-CAFE-4763-A247-994B7F5E20F9}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{DCF3D0DD-BCE2-4970-8878-5F029EC56562}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E0013E-2429-4D68-BEFF-71520389FBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{038F9921-517D-4E7F-9270-1E1800D68EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{04CA754A-9611-4499-B457-053D170E70F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{05531DF7-36C8-4297-9F45-F20E48ED432B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{0C833505-2D22-48E6-AD8A-9C49795BACEE}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{133CDE21-B4CE-46A5-B562-06AC274E9C73}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1F376101-2553-4601-A65A-17361012CD43}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{27624122-CAAF-49ED-9296-D87B128F049B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A530776-EB40-4A19-A00F-8CFDF0B74D5E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3700E488-7A3C-4795-92F3-F42D27A41756}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{379D2A62-E84F-4A88-B1CA-F0A002CF006A}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\s2gs.exe |
"{3CD4F43F-46BE-46CD-A7FD-CFF9DDE648BE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{477C0F11-A013-4649-AF29-5B738BDAA89A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{48A2E67D-7A3F-49D9-833D-A51530AA8E24}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{4D036F3D-C6C1-47CA-8984-29875EFC016C}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{54A31457-3265-4480-831E-00352B192AB4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6413124A-0456-406E-B5EF-56192FD3060F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{656AE0FF-33AA-4D46-8BF4-8FDBFD247751}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{669C5421-3651-47DB-B8B0-61B033CB8A04}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{695C9B71-F7DC-430E-81F6-3B6771C0D673}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{6E054483-3B62-4AB0-A502-298D7E816485}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{727DA545-E96F-4385-A262-ACCD95B73D5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73B3122D-A601-4512-BA16-8E2DB78D456C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85DC83C9-0242-4CFE-9350-3B8D32FB0CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{86D38870-B961-4C92-94B7-BF214AE71346}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{8CC3B56B-2B07-4E91-AA8A-FF839213FE4F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{94B2E1E2-A059-4729-A9CB-42F8B2032F2B}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{96586A53-07C7-4F9A-A9C1-C6850DBB3DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{976BBA7F-D61A-4AB5-A0ED-755D6A049BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{9AA7A255-4839-4ECB-8933-C0432B69D230}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{A1DBE11F-92D5-4E32-96E8-A30B14ED272A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3257C57-DFAB-4FED-94C1-16F5191BE43B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{AA0FF052-8097-4885-8BC4-482B0F313E09}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{AB0A58AD-A1B4-4E5C-AE95-1E697F26D39F}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"{AD1423C3-D89A-41D1-9985-D6C732AC766A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AD85B653-45BF-4243-B032-DD50C7A73E37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFB2AA8B-83ED-4B21-826A-EA7669A562DC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{B1B8CBB9-3721-4FCE-8B16-EAAF58D09AFD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B71296DC-3478-499B-9381-7377C9A59A99}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2D697E4-1995-4D37-837A-17F65361078A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{CD8942EF-9B37-4F9B-94CC-A33EFCE5E97C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D4A75635-713E-4197-8ED1-D9B93B6DE84A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA3F590E-DF19-4110-BA11-E091EB1272E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{E693E68B-0DB9-4327-9682-4DC264DEB520}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - demo\system\sacred2.exe |
"{E988D0F5-EB4A-4DF7-BD57-0BF6ADC76DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 demo\binaries\ut3demo.exe |
"{EC3E2EA6-32A4-42CE-810E-5E7A49DC623A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EF3D19C0-C7E7-4CE2-B9BF-EFAE3F2BCE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict - demo\wic.exe |
"TCP Query User{0D171672-77E1-49D4-B554-2F1460A7B9CA}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{21DA9733-115B-49A2-88C8-F4DE74E33E79}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{2A5A4DB7-2C9B-463F-901A-C1CD897E66F3}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"TCP Query User{2DCCAD41-DDE9-4C6F-A738-C0D588C4E2F9}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{2E41CA84-BD09-4B71-8EA4-6ABCDAAE4908}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"TCP Query User{426DE68E-93F4-494A-B17A-A0ED65231BD6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{565482C7-663A-4125-8581-3E564BB65E03}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{5D659CA3-6159-4252-895A-B02FC160D95B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{648E5E8E-05FC-4828-A9AC-961E3BEE50B9}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{6D7F0BBA-74B3-4A29-8223-2CD07F2771EB}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{7E1908A9-5C50-48C2-96A6-C50F73E0F43B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8C40472B-E0FB-4839-9ED0-59F354F65D38}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{94DEC41E-0DB7-453A-9E1E-46F79692FEF9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{96089E60-CFD2-4E9F-B30D-960BB85510A0}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{A6A40809-2426-4407-AB15-1C70F00F8970}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{ADFC9946-31E5-4792-937C-9749C875A51F}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{AE653E6D-D33F-4F0E-B220-734632CA385E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"TCP Query User{C14C7134-4DE4-4085-BF34-B73802F92814}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{C61C6AE7-2255-4E71-A6BC-E8069A108470}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{D5B94E2D-1B20-40A9-A35F-624FEBFF9253}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{ED548B52-F299-4FBD-911A-B366EC8D37B1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F99753D3-0298-4B0B-ADC5-3FAC9D5447E1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{090B881B-6E11-4DAE-8660-C3D763FD954E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3D55F525-0BC1-4E39-AD69-577E1898460E}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{4B126A86-5593-43E5-8F9D-0F9F2BB01481}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{511A4EBC-A317-4390-8932-234FBD48BB5D}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{561A1960-4323-4EFB-977B-678AF705E054}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{58F3E71B-5E0D-4E0F-8ED0-9FFFF72589C3}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{5EC0AA9C-90CA-4DE4-B491-9B3FCA91A59D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5F8F7802-4B87-47C9-96C2-8FE1650B259B}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{63193904-8B36-40EA-BF7D-0B824ADF62A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{642D1094-95A9-47BC-86D2-1B338CDB78AF}C:\users\karl-heinz\desktop\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\loleudownloader.exe |
"UDP Query User{7DEBAC66-3AFA-4D0D-AF1C-2D58308238C2}C:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"UDP Query User{7F20BF46-6D90-4246-AACC-07D89A24537A}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{8114E55D-E0D1-4316-B725-FFED3EA0BFDA}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{82787E3E-C54C-4867-8175-131A2B1BD48D}C:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\karl-heinz\desktop\starcraft_2_eu_de-de.exe |
"UDP Query User{86A31524-02A2-407F-A8FF-2BBD55596514}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{9301C2C6-EE5B-4D7E-BEED-B3C6BB217603}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{9E615EC4-11F0-43D2-859A-43963640570A}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{A0D418DA-DCC2-43CA-80F1-82C4158A03D6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{A6DB83CE-328A-4D6A-994D-1D51156F1D28}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{B1E5B51E-4734-4881-8763-89E96251C93E}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{B8632CB1-97F6-4287-9F31-259ACF347F71}C:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{C227076C-F5ED-467D-B669-2174AAD87A6A}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{BAC38775-0DDE-AB4C-8260-844D54C96B91}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F38D5A27-B59F-7345-0DB1-1BC1BA68E6B1}" = ccc-utility64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{038117F4-2417-FB0E-3F12-B4604850FB9C}" = Catalyst Control Center Graphics Full Existing
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0E953BF9-C7C3-1919-CD44-874EB17338DC}" = Skins
"{19DDEE14-1A97-196F-B33B-5F069C929ACA}" = HydraVision
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}" = Command & Conquer 3 Tiberium Wars™ Demo
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{4636E701-5410-4231-BF83-6B99DE575149}" = Sacred 2 Demo
"{46684480-0161-6798-EFEE-AE6083745D60}" = CCC Help English
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61F85D98-B2F7-F9B3-F706-CBE26666E447}" = Catalyst Control Center Graphics Full New
"{630E039E-FB55-9BCC-40FE-312AD9D7470B}" = Catalyst Control Center Core Implementation
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9F83E452-AD67-0474-B0AD-779254BE8174}" = Catalyst Control Center HydraVision Full
"{A29759FF-0FA3-2D4A-C122-92843A26B177}" = Catalyst Control Center Graphics Light
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA4A418C-4359-20D7-743A-9A864E2E0F0B}" = ccc-core-static
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7A03F82-CF59-6D98-C680-8897E78B8BB3}" = Catalyst Control Center Graphics Previews Common
"{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D24CD157-E4C4-4184-9465-B5C025E736AD}" = WORLD IN CONFLICT - DEMO
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{E2DF04C2-896D-BD6E-BE9B-30F738C3AEFD}" = Catalyst Control Center Graphics Previews Vista
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.51
"ASIO4ALL" = ASIO4ALL
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"HD Tune_is1" = HD Tune 2.55
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C83F2952-4678-4F00-AB05-776658A8D0AE}" = Age of Empires III Trial
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NanoStudio 1.12_is1" = NanoStudio 1.12
"PartyPoker" = PartyPoker
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StarCraft II" = StarCraft II
"Steam App 10620" = Empire: Total War Demo
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Ich hab jetzt alles was ich als Laie in dem Gebiet versuchen kann und was ich im Forum gelernt habe gemacht... wie soll ich jetzt weiter vor gehen? es kommt die ganze zeit immer das pop up von anti vir mit der trojaner meldung. und bei malewarebytes sind 5 trojaner in quarantäne danke im voraus für eure hilfe @ dr.dsl wie füge ich den text ein bei otl? werde jetzt das versuchen: :OTL O4 - Startup: C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe () :Files C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe C:\Users\Karl-Heinz\AppData\Roaming\mixeruupack.exe C:\ProgramData\hAjBfNa06504 :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] der neue log nach dem neustart.....allerdings kommt die warnung von anti vir immernoch -.- was soll ich jetzt machen? All processes killed ========== OTL ========== File C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe not found. ========== FILES ========== File\Folder C:\Users\Karl-Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\igfxtray.exe not found. File\Folder C:\Users\Karl-Heinz\AppData\Roaming\mixeruupack.exe not found. File\Folder C:\ProgramData\hAjBfNa06504 not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Karl-Heinz ->Flash cache emptied: 204342 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Karl-Heinz ->Temp folder emptied: 9474362 bytes ->Temporary Internet Files folder emptied: 249819288 bytes ->FireFox cache emptied: 59934407 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1628618935 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1697123587 bytes Total Files Cleaned = 3.476,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04222011_144420 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEEZZ9RP\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H16OAY18\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPC7FTFI\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKY2LD5D\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot... eben nochmal pc vom web getrennt und mit malewarefiles gescannt ergebnis: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6418 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.04.2011 15:32:59 mbam-log-2011-04-22 (15-32-59).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|) Durchsuchte Objekte: 327827 Laufzeit: 35 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\43114248.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\karl-heinz\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\karl-heinz\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. |
| Themen zu Brauche dringend Hilfe tr/kazy.mekml.1 |
| 64-bit, alternate, ander, angezeigt, avgntflt.sys, brauche, c:\windows\system32\rundll32.exe, call of duty, dauernd, desktop.ini, dringend, firefox, hallo zusammen, hoffe, hänge, hängen, install.exe, keine rückmeldung, league of legends, location, malewarebytes, microsoft office word, mittwoch, oldtimer, otl scan, plug-in, problem, programme, rückmeldung, saver, sched.exe, schicksal, searchplugins, shell32.dll, shortcut, sierra, skype.exe, start menu, syswow64, tr/kazy.mekml.1, troja, trojan.backdoor, trojan.fakeav, wichtige, zusammen |
Baum-Darstellung