|
Befall vom Verschluesselungstrojaner Hallo, Gestern habe ich mir den Verschluesselungstrojaer eingefangen. Ich erhielt eine email mit dem Betreff "Konto Einzug für den Benutzer -nik84-" von dem Absender "patrick_kenney@cox.net" und folgendem Inhalt: Lieber Kunde -nik84-, wir müssten leider feststellen, dass unsere Rechnung Nummer: 57472019 für den Nutzer -nik84- immer noch nicht ausgeglichen wurde. Dies bedeutet einen rechtskräftigen Schuldnerverzug Ihrerseits. Nach deutschen Recht könnten wir die offenen Rechnungen bereits jetzt durch Rechtsanwalt fordern. Wir geben Ihnen trotzdem noch eine letzte Möglichkeit, Ihre Verpflichtung zu erfüllen, indem Sie innerhalb von 3 Tagen die ausstehende Rechnung in Grösse von 682.00 EURO an uns zahlen. Die Dienste und die Rechnung können Sie im Zusatzordner sehen. Bitte beachten Sie, die Folgen des Verzugs bestehen vor allem in der Regresspflicht des Schuldners sowie in einer verschärften Haftung. www.flirt-fever.de AG mit Sitz in München Geschäftsführer: Manfred Baumgartner, Elisabeth Huber Gericht: Keiserslautern ------------------------------------------------------ Anmkerung zu dieser E-mail: -nik84- ist ein Benuzternamen den ich mir vor ca 6Jahren auf einem unentgeldlichen Chatting- oder Datingportal gegeben hatte. Ich habe diesen Account nie aktiv genutzt. Im Anhang dieser E-mail war eine 68KB große ZIP Datei mit dem Namen "Mahnbescheid" die ich entpackte und deren Inhalt (eine Datei die irgend etwas mit Mahnung hiess und eine MS-DOS Anwendung war) ich ausführte. Es erschien eine Sanduhr fuer vll. 2 Sekunden. Daraufhin verschwan die Datei und der Ordner blieb leer. Ich entpackte daraufhin erneut die ZIP-Datei und fuehrte die MS-DOS Anwendung erneut aus. Sie verschwand erneut nach ca 2 Sekunden. Ich verliess den Raum und als ich wenig später wieder in der Nähe meines Computers war sah ich das er sich neu gestartet hatte. Ich logte mich über mein Fingerprint-Scan ein und erhielt die oben abgebildete Meldung und hatte kein Zugang mehr auf mein Desktop. Nach sporadischer Recherche im Internet(anderer Rechner) wollte ich schauen ob ich mich über einen Anderen Benutzer anmelden konnte und benutzte Strg/Alt/Entf um in den Taskmanager zu gelangen. Nun wählte ich Benutzer Abmeldet, der Bildschirm mit der Trojanermeldung wurde geschlossen und ich landete auf meinem Desktop, wo ich entscheiden musste ob ich die Beendigung eines Programmes erzwingen wollte oder eben nicht. Da ich zu diesem Zeitpunkt zumindest wieder auf meinem Desktop angelangt war verneinte ich und führte eine Systemwiederherstellung vom Vortag aus, in der Hoffnung dadurch permanent von dieser Scamsoftware befreit zu sein. Nachdem der Rechner neu gestartet wurde konnte ich tatsächlich wieder wie gewohnt auf mein Computer zugreifen und habe keine Trojaner-Meldung mehr erhalten. Da ich den Computer beruflich nutze und Angst vor einem keylogger habe, hatte ich den Rechner zwar noch einige Stunden an gehabt(mit aktiver Internetleitung), mich jedoch weder in mein email-Account oder Skype-Account eingeloggt, noch wichtige passwörter verwendet. Zu dem Zeitpunkt des Ausfürhens der MS-DOS Anwendung war jedoch ein Passwort-Verwaltungsprogramm geöffnet, das alle wichtigen Passwörter von mir auf dem Desktop angezeigt hat. Ebenso war ich zu diesem Zeutpunkt noch in mein Email-Account eingeloggt. Nachdem ein Freund mich auf dieses Forum aufmerksam gemacht hat habe ich den Rechner nach ca 15 Minuetiger Benutzung beendet und erst nach Trennung unseres Routers wieder gestartet. Ich habe ihm offline Modus "defogger" und "OTL" ausgefuehrt. Da ich ein 64Bit Windows benutze habe ich den gmer scan nicht ausgefuehrt. Ergebnisse von defogger und OTL: defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:28 on 02/06/2012 (User) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL.txt: OTL logfile created on: 02.06.2012 19:29:14 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,93 Gb Total Physical Memory | 13,90 Gb Available Physical Memory | 87,25% Memory free 31,86 Gb Paging File | 29,57 Gb Available in Paging File | 92,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 437,97 Gb Total Space | 163,34 Gb Free Space | 37,29% Space Free | Partition Type: NTFS Drive D: | 959,72 Mb Total Space | 949,31 Mb Free Space | 98,92% Space Free | Partition Type: FAT Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32 Computer Name: USER-HP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.06 23:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.07.16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe PRC - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010.04.05 18:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.12.29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.11.21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.11.11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.04 08:46:43 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.11.20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010.07.16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2010.02.12 03:25:58 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.01.27 22:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.12.30 08:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.12.29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.12.16 22:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009.08.03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) SRV - [2012.05.30 22:20:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.27 00:23:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.26 12:38:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon) SRV - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.08.20 21:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe -- (STacSV) SRV - [2009.12.30 07:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.07.14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.03.16 01:29:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.03.16 01:29:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.08.20 21:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.06.04 00:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.12 04:01:36 | 006,180,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.01.21 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.12.16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2009.12.16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2009.12.16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2009.12.11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.11.21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009.10.26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.07.20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.12.16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.12.16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.12.16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.12.16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deGB422 IE - HKCU\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "spiegelonline.de" FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4218 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.08.27 06:18:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.08.27 06:18:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.08.27 06:18:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.08 16:53:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 13:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 13:56:05 | 000,000,000 | ---D | M] [2011.03.13 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 14:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions [2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml [2012.06.01 00:24:10 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml [2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml [2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml [2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml [2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml [2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml [2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml [2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml [2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml [2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml [2011.11.09 15:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.02 01:43:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.15 18:51:30 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI [2012.04.26 12:38:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.13 19:28:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 16:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.15 16:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 16:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 16:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 16:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E48B58-C541-493B-B384-742D0A2040F3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F0A312B-EF89-4A51-A9AA-2C243587594D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.02 19:24:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 19:24:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.05.31 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software [2012.05.31 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012.05.31 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.05.31 22:26:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.05.31 22:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.05.31 05:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Gold Edition [2012.05.31 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition [2012.05.30 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.30 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5050 Poker [2012.05.24 17:41:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.05.19 13:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.19 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.05.15 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.05.15 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.10 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.02 19:28:11 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.06.02 19:16:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.02 19:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.02 18:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.02 18:46:49 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 18:46:49 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 18:39:26 | 4237,852,670 | -HS- | M] () -- C:\hiberfil.sys [2012.06.02 18:36:56 | 000,149,694 | ---- | M] () -- C:\Users\User\Desktop\DecryptHelper-0.5.3.exe [2012.06.02 18:33:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 18:25:40 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.02 03:39:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.01 22:40:16 | 001,691,424 | ---- | M] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:54 | 000,267,624 | ---- | M] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:06:32 | 000,324,793 | ---- | M] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 21:10:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.05.31 05:54:02 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.31 00:42:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:18:41 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 20:00:24 | 733,218,816 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:28 | 000,092,511 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.29 20:56:29 | 000,003,025 | ---- | M] () -- C:\Users\User\Desktop\TableNinja.lnk [2012.05.28 16:02:18 | 007,033,254 | ---- | M] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.20 21:06:31 | 001,165,937 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 04.mp3 [2012.05.20 21:06:31 | 001,132,865 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 03.mp3 [2012.05.20 21:06:31 | 000,915,765 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 09.mp3 [2012.05.20 21:06:30 | 000,810,517 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 05.mp3 [2012.05.20 21:06:30 | 000,675,707 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 06.mp3 [2012.05.20 21:06:29 | 000,756,489 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 04.mp3 [2012.05.20 21:06:29 | 000,647,055 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 01.mp3 [2012.05.20 21:06:29 | 000,585,643 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 03.mp3 [2012.05.20 21:06:29 | 000,340,931 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 08.mp3 [2012.05.20 21:06:28 | 000,427,225 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 11.mp3 [2012.05.20 21:06:27 | 000,389,629 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 10.mp3 [2012.05.20 21:06:26 | 000,319,117 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 07.mp3 [2012.05.20 21:06:26 | 000,287,137 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 02.mp3 [2012.05.20 20:59:10 | 000,445,555 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 02.mp3 [2012.05.20 20:59:08 | 000,554,651 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 01.mp3 [2012.05.20 20:59:07 | 000,510,035 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 05.mp3 [2012.05.20 17:18:28 | 001,114,344 | ---- | M] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:21:55 | 013,608,820 | ---- | M] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.15 21:54:38 | 001,061,625 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 03.mp3 [2012.05.15 21:54:37 | 002,391,629 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 01.mp3 [2012.05.15 21:54:34 | 000,761,585 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 02.mp3 [2012.05.15 00:13:00 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.13 15:05:55 | 000,293,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.13 07:03:28 | 004,299,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.13 07:03:28 | 000,735,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.05.13 07:03:28 | 000,733,626 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.05.13 07:03:28 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.05.13 07:03:28 | 000,697,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.13 07:03:28 | 000,652,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.13 07:03:28 | 000,152,200 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.05.13 07:03:28 | 000,148,576 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.05.13 07:03:28 | 000,148,532 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.13 07:03:28 | 000,146,072 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.05.13 07:03:28 | 000,121,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.13 06:55:46 | 1018,430,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.10 16:51:49 | 000,018,519 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.02 19:28:11 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.06.02 19:24:54 | 000,149,694 | ---- | C] () -- C:\Users\User\Desktop\DecryptHelper-0.5.3.exe [2012.06.02 19:24:54 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.01 22:38:50 | 001,691,424 | ---- | C] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:40 | 000,267,624 | ---- | C] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:05:43 | 000,324,793 | ---- | C] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 05:54:02 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.30 22:21:10 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:17:09 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 09:58:25 | 733,218,816 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:23 | 000,092,511 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.28 15:56:13 | 007,033,254 | ---- | C] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.27 14:48:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.05.20 21:06:21 | 001,165,937 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 04.mp3 [2012.05.20 21:06:21 | 001,132,865 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 03.mp3 [2012.05.20 21:06:21 | 000,915,765 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 09.mp3 [2012.05.20 21:06:21 | 000,810,517 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 05.mp3 [2012.05.20 21:06:21 | 000,756,489 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 04.mp3 [2012.05.20 21:06:21 | 000,675,707 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 06.mp3 [2012.05.20 21:06:21 | 000,647,055 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 01.mp3 [2012.05.20 21:06:21 | 000,585,643 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 03.mp3 [2012.05.20 21:06:21 | 000,427,225 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 11.mp3 [2012.05.20 21:06:21 | 000,389,629 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 10.mp3 [2012.05.20 21:06:21 | 000,340,931 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 08.mp3 [2012.05.20 21:06:21 | 000,319,117 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 07.mp3 [2012.05.20 21:06:21 | 000,287,137 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 02.mp3 [2012.05.20 20:59:08 | 000,445,555 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 02.mp3 [2012.05.20 20:59:06 | 000,554,651 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 01.mp3 [2012.05.20 20:59:03 | 000,510,035 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 05.mp3 [2012.05.20 17:17:28 | 001,114,344 | ---- | C] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:19:35 | 013,608,820 | ---- | C] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.18 14:10:36 | 014,748,447 | ---- | C] () -- C:\Users\User\Desktop\PokerStars 1.3.1.ipa [2012.05.15 21:54:35 | 001,061,625 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 03.mp3 [2012.05.15 21:54:33 | 000,761,585 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 02.mp3 [2012.05.15 21:54:31 | 002,391,629 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 01.mp3 [2012.05.15 00:12:34 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 16:51:48 | 000,018,519 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.10.11 04:16:05 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat [2011.05.20 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{783A11D7-BDAA-4C02-B0A3-4255724E3CD3} [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011.05.07 14:47:47 | 004,183,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.17 00:05:02 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011.03.13 13:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.18 15:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.09 12:32:43 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2011.01.09 12:32:43 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2011.01.09 12:32:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011.01.09 12:27:54 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll [2011.01.09 12:27:54 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll [2011.01.09 12:27:54 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe [2010.08.27 06:18:13 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010.08.27 06:10:27 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2010.07.15 17:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign ========== LOP Check ========== [2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker [2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW [2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona [2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go [2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data [2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager [2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient [2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming [2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI [2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker [2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock [2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2012.05.31 21:11:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID < End of report > Extas.txt: OTL Extras logfile created on: 02.06.2012 19:29:14 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,93 Gb Total Physical Memory | 13,90 Gb Available Physical Memory | 87,25% Memory free 31,86 Gb Paging File | 29,57 Gb Available in Paging File | 92,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 437,97 Gb Total Space | 163,34 Gb Free Space | 37,29% Space Free | Partition Type: NTFS Drive D: | 959,72 Mb Total Space | 949,31 Mb Free Space | 98,92% Space Free | Partition Type: FAT Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32 Computer Name: USER-HP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05AF378E-58DA-4C1D-AABC-E01331FDCBC4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{086F6C41-78B5-4829-9699-344B0056F02D}" = lport=5432 | protocol=6 | dir=in | name=postgres | "{08EE115C-4673-46E3-850D-1D6C9C3D5C9E}" = lport=139 | protocol=6 | dir=in | app=system | "{1813A6EE-2B15-41D9-B851-936D684F9C38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2027F87A-D083-46FC-938F-7BC73BFECF8D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{20F01804-3606-452C-83F6-95441A329209}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2CE2DD8B-6BC0-4D6C-B049-76B8750B1EC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3694FC4B-6838-4C54-8538-0B041E6A6ADB}" = lport=137 | protocol=17 | dir=in | app=system | "{36BB01D4-AFF9-4434-ABCB-2025E85B145D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AF0AE3B-DD91-4958-86FD-87E5BEAF90F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3D29DAF9-9B46-48F9-BCB3-22C78D5541CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{481CDD78-669E-4847-953A-A580F4538655}" = lport=57650 | protocol=6 | dir=in | name=pando media booster | "{559D407D-0356-4748-A8E3-5A4760601087}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{616BFA03-8A6C-4AA4-87E7-02FB451F02C1}" = lport=445 | protocol=6 | dir=in | app=system | "{660D153B-7E42-40CB-830F-DE200534D0C3}" = rport=139 | protocol=6 | dir=out | app=system | "{691ED685-B255-4769-BE60-2A33258F2343}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B86E04B-BCDB-41BA-924B-4AC46E56D300}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{71F9ADA8-8147-47A2-A298-BD5DC0D02E53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{732AC519-B451-40CC-864D-DC21C5ADADB0}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | "{744E38AB-F1BE-4716-840D-601E4A74BAD4}" = rport=10243 | protocol=6 | dir=out | app=system | "{763C9631-F514-44F5-80D4-1658C6EBBA84}" = lport=57650 | protocol=17 | dir=in | name=pando media booster | "{7B1FF991-4893-48AA-8DB8-9FA77A93122B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B64A13B-7B06-414D-AFB0-0BF786F8CE7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E6387CA-1298-42F6-9ABF-B60D865DC1A9}" = lport=57650 | protocol=6 | dir=in | name=pando media booster | "{8426EAEA-DECA-4742-835D-C2C78D0E0696}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{935CFF0E-BBCF-4EB3-8FA7-3719D7B603E4}" = rport=137 | protocol=17 | dir=out | app=system | "{943BDF35-4272-4052-999C-006BBB172401}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{94CE8610-71A2-4662-B847-E25100718209}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{97181B7B-B290-4596-B458-5156D42EB7D3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9882F307-8EF6-4C5E-96B9-01905683F354}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{991C81D9-9912-4828-84F6-C4B94BDA53E6}" = lport=57650 | protocol=17 | dir=in | name=pando media booster | "{9C9A6DB3-DFD2-44B3-A476-A208FEC11D85}" = rport=138 | protocol=17 | dir=out | app=system | "{A2E7F08B-7E12-424F-9694-6A8145EAC548}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A4AD938C-E152-421B-9187-465EB42C530A}" = lport=2869 | protocol=6 | dir=in | app=system | "{AFDE1E94-08B0-4B7D-8F48-16B5CAE10959}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CBB6F7CA-9AB1-440A-8CC2-785CCFE1F2B8}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | "{D14C4A09-95E2-434A-88E6-34CA07E4B08F}" = lport=138 | protocol=17 | dir=in | app=system | "{EECBE44C-0950-4364-9BEC-B32961C98DCF}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{F47417AF-6467-494C-A9E9-9275DB4F9E8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5609390-DC8B-47E8-BBC5-61E4DABE576E}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002AE74B-95DA-4E33-9FBA-21E6EBAE1A24}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{041B46B0-6687-479E-91E0-96D03F025573}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{055ADDF2-3AD7-44FE-8E78-FCF913182568}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{05E34EB4-3E9F-4A20-9CD4-1D28C1ADD069}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe | "{0C8F0003-0840-4100-A431-4CE783382E94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{0D7C608F-4BDF-4AC4-B85B-C2240583E6A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{0D8A7159-CBA8-4EF3-8543-8A402BD2AD59}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{0E3E9CC9-17CA-48B9-AAD8-33C41157DDF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0EA201EF-6C8F-4AC3-9337-51D858AD6BC3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{0F8E1313-CDD3-4412-9B00-8D64D5250036}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{11351A9B-2E98-40BA-B3D4-8C63444AC999}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{127384A4-61E0-4BD0-8C2A-7A96ED0CE886}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{1485E5BB-A00A-4EF7-B3F2-3898F54D04AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{155F2E5D-AE87-4E9B-B5EA-E5C2AC47AB59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{17539821-7B27-423F-889A-CBFA4E568797}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{1774B384-DCDC-4C99-A25F-8085271E377A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{1F6BE095-ABC4-4DD7-80F4-1B0975BC4A36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{1F98B8BE-62B6-41EC-B569-E92109193306}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{202CFA8B-005C-4134-83F4-A9F12AB5B2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{21A48DDF-D534-4B86-8FED-52F533F6523E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{22006BC6-A84F-4292-9509-EC2116AC7C7D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{23A3B85F-BAB9-44C8-B999-E789C97D4AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{26804569-FAE1-4954-80C9-B8E6BDC20AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{296A504D-CF9E-4A43-AEA8-B63173134BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2A402D4A-ED68-4B44-A562-A83272033A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{2AA40DBF-D739-4AB5-A341-BAAD2176B3EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{2AB5E87F-3322-4A91-ABD2-2548947BC44E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "{2CDA3A20-FB85-482C-A456-80506FF49E46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{300F073B-1037-436D-B77F-DCFF5B0EBDC8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{3128A5C1-027E-42D6-9A9B-7F92435507F5}" = protocol=17 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe | "{31839750-813B-4A16-90D4-8C9090800821}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{333608A6-4998-4757-9C4B-8B1CE51F6642}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "{36F5972C-7A02-4893-94B4-A00CCE4C7CB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{380321B4-FA5D-4E96-96F8-7B7288B00262}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{38EF4908-3FF7-4492-BDD1-C511F3B9D0C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{3ACFF160-A210-4D17-87D1-1745BA6F2A44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{3BAA2035-BF2C-4620-9A64-D64197B872EA}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "{3FCE8DD7-CBD6-4946-8E51-72ED035ECB73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{401C243C-BBB9-4A66-9BB7-BCA55ED770F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "{40A57FB8-3683-4ADD-AFC3-6066E1D84053}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{45A90FB3-20B9-4048-AC90-642750E53785}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{47255028-E7CA-42B9-A5FC-782A00DCD4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{4C96129C-8F4E-438C-A602-B108260F8361}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{54373459-0BE6-45D0-BEDA-DB32BC0985B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{549F1601-2363-4987-8AF2-DEA9191ECACF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{575B3BDC-D995-4BA8-8989-315E2062B1F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5904CD96-BC7A-4844-9B1E-3B67B18E395F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "{596BBAFB-4FB5-49BD-9BD0-11EC8B821E09}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe | "{5A21C336-4A27-402B-B596-2389E1B2A80E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{5DC1BD7B-0DA6-4F5D-85A9-7941966C5F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{5DDF8EB3-08F4-477E-8543-320C080C2998}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5F57AE70-1022-415F-8E7C-874C22348622}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{61898376-5E9F-49DD-AC4C-32444DB6DCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{63508F75-3332-4396-9603-096CA049205C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{6B38F23F-17D5-491D-97DC-93663816F9A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BBF4ADA-295B-46B7-A5F8-E6840EE1EFEB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{6CA39B31-4A28-4681-BA63-98F80EDDFCF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{6F117D7E-66F5-4C16-8A90-EAD040D63F62}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{718D3EAC-3D33-4089-A023-650A52366BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "{71A7673E-DC79-4DD1-AB74-D497EEAE66C9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{71BEF318-E98B-46C5-9CDE-F40D69EC3A54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{7368B78E-B35E-421E-95EA-6ACEDDCE2FAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{7435C04B-5F8F-4745-BF07-88722802F189}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{7541E88C-083C-478A-A15F-E7CE2222C06C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{786CD85D-5AAF-4526-BA0F-58122762B0C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{79D2FB5D-5749-4A74-BC09-82E63B8A0FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{7AB7680D-8D3E-4FDB-ABC8-ED3856ABB302}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7E69F7EB-3A2F-4F94-BD95-9ACECCC42D35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{7E7EC802-986B-4E46-AD31-73EEBDC747E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7FD68369-6491-4388-9519-450D4B6E17D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{80C540B1-C1A4-41C7-B942-F8240F073539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{814D5585-14AA-4BF2-BCD8-B9BD361434AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{821198EB-EB4E-470D-A6A9-5B0E7CA5BA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe | "{86241B6D-E93A-4515-8444-D6FFB5294747}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{86FDD8DD-C790-426C-AA50-7166C1052918}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{8708EE70-2F9D-4025-BB00-26923467F0CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{874D108C-24E8-46AC-BFB7-A3023EE9084A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{887C0542-95DF-4128-B450-1ABAECE3AA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{8917EFF4-4F8E-4F5E-B4CB-C2BB177BC157}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{8A5A24B5-EB07-4FA3-A1FC-6C93100AA47B}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe | "{8ABB38AC-7607-479E-A81A-5A1973D92871}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{8B8C71FB-97DC-413E-B8C2-779387A85A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8CAFA1E3-5581-4B7A-AA3D-44D36D4D7668}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{903374FF-56D5-406D-8908-149BC2E02AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{9368C4FD-5063-4D36-9887-DA50017AE506}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{94FC4389-6093-471D-851D-C440598A4405}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{9A2EB4DC-4F47-4E66-B166-D3CDBA3A15EF}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{9D31BDA9-BBF2-41E2-8E3B-AE917D814C8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9EEA38F8-1106-42B7-8FC6-03594FE4554D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{A189866B-2DED-4FF8-95F7-C659A7388005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2FF59B7-5F5D-4E37-ACD9-C4419B629E66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{A330685D-B34D-426F-B314-DBC5D6DDDA57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{A425DE0D-F62B-45CA-B37B-F7841DE45B7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{A6561FC7-0C13-4831-8C7A-537B5E6A2F46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{A6A79BB4-E2FF-4551-889E-FD6ED1CA983E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A7C70E8B-3F81-41C0-9BAB-3993B35B363A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A8EEE20D-D6EB-4F62-8252-BDB3C3E090A9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AB27D25B-22FA-48FF-94C2-05AC91F077C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{AC2D269F-31FC-42AA-A151-F2E6C7C7F9DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{ACE9E015-4409-401A-BD2F-BEE0640D525C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{AF94144B-89F1-4493-92EB-E5A76FCCD09F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{AFEC0135-76E5-4E95-8EB7-711FDF8805AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B2621A31-2EB0-400C-820B-D08169CF0742}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{B3D97759-BB7E-4A30-8CD7-D0FEE4F0EE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{B461C89F-7C64-46FE-B56D-C2ACC88CFC0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B8F7935D-58D9-4A39-9CB7-73A381325DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{BBABD334-96DA-4A77-8592-C42182EA30BC}" = protocol=6 | dir=out | app=system | "{BC45E590-ED82-4E2C-B3E3-2A6AE2E06F5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{BE730B1E-A7C5-4D29-A414-FCFBF6A1DF6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{BFD1B1AA-66C2-440D-BD86-1FE9A317A598}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "{C489C08D-3253-4C22-928A-D3895A1E78FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{C973167C-85E3-4141-BFFD-31FC39330B58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{CA4E3DC3-0002-4005-97E8-935A910729E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CCB1D667-8312-4ECE-A06B-1FCBD7953931}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{D0DE7BDF-941F-4753-84E9-6FE4A8053893}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{D18A3FA1-B89E-43CB-BD9A-FCC5D8AF314D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{D26DFDA4-4697-4900-AA6F-6CB00458DB7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{D2DF29B9-5B93-4270-87ED-2D3B531CDD0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{D46804ED-2CB0-4489-8937-61D2D81ECEE2}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{D5EB984F-92F9-4C59-96D9-9C4609E98998}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{D8824366-7460-42EC-9796-C2D4D3B6C5C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9DBFA53-382D-4F3F-B3B6-6232A4DD127C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DB2AF529-A4A7-4FB2-B763-DD9CEE64DBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{DC403AFE-E855-44D1-ABE0-F248B0698C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{E111B8CE-054F-42F3-ADE4-C0B176B43389}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{E11566CF-84C9-45CA-836E-7D11008A8968}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{E248F161-04C0-43B8-A0DF-013EB06FD80F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E53AADDB-3B5B-4EAB-A1D3-927B9984A10D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{E5D88093-3116-4D8C-9C06-B58C612E99FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{E6630ADD-A8DA-47EB-9D1E-B23F076AAA88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{E6E8794A-DC2E-4A21-BE35-649227B69F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "{E82D6E7A-1A1E-4299-9BFC-7C1DC88FB464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E92E33C1-98E6-43E3-A669-8E07935B2EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{EC7472C6-8EE0-4C68-A5B6-49FE588443AC}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe | "{ECA1E7F2-C466-47BA-962B-370419AD23ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{ECD12CC1-AF56-4448-B10F-2DFAB9049E68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{F2EA84C8-E953-4E95-80B2-C36273823846}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F88E448E-4E9C-42F8-ADE5-569E7D3F5536}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FB41C12A-D860-4BF2-A9E9-55B63B20D9A0}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{FC02B129-7458-426F-A755-D34778ECD029}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FC4A5F15-D4CC-4C08-B55C-62B60B922CE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{FE44C7C6-5877-468C-BA0A-F430BAB33139}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{FEEBE1BD-6369-422B-851F-F89995E5D702}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{FF3FEBCB-9D24-4649-9A44-A69B7F66F1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "TCP Query User{1BAB75B7-1BD6-47BD-A9DA-AA827A5C5300}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{2792FE74-2B56-49AC-8593-63A0FB23D8E8}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "TCP Query User{2A12BA20-F81D-4117-900E-7166B6772572}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{2F217471-DC3A-44C1-832E-09F573547333}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "TCP Query User{2F3AF7B1-B928-4DA8-84CB-E017C1BEDB85}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{43E1FB80-2BA3-4598-B2DE-F79BECB87E3B}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "TCP Query User{4E81203E-A5FB-4612-95A6-AD51978F41E6}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "TCP Query User{5AD88A56-957A-4533-BC7A-BC92FAD32BFD}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe | "TCP Query User{7C940D05-EFDB-4D5F-AB91-981C3AF70E7D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{C3D0E571-CC2D-4F85-ADAB-B1E74688185B}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "TCP Query User{D441ECB9-5A58-4109-ADEA-EA6F4ADF35EC}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "TCP Query User{D92E2BBA-64F0-4B04-97CE-9F5C034F6FF0}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "TCP Query User{E93E28B5-2903-4F30-B3FB-EFDDC367BA51}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "TCP Query User{F720B683-61A5-4102-9B6E-5D138987D955}C:\users\user\downloads\rapget141\rapget.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\rapget141\rapget.exe | "UDP Query User{0715BA33-6385-4163-9442-36F9C7FE2E09}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{0901B92D-2AD1-4F46-A2CA-BBC6F85304A2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{09B80726-095D-4319-A097-F04AAC455ED7}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{1A3E9F89-C1EC-4A1C-BA5A-1A547D42982F}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe | "UDP Query User{2A0E6C06-D04E-40B5-8E93-F303450DF540}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "UDP Query User{57D76075-BBD3-40C1-A509-7D9755DDECE2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{61833A4B-05C3-45D6-B335-B2BA2F3C7120}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{75E1500F-8786-43E4-AE8F-E6792FC79580}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "UDP Query User{8721760A-90CE-4545-8E1D-D950DFFC1BA0}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "UDP Query User{A956CC8C-E626-4C17-A097-C23FCFA91A31}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "UDP Query User{C9A3DED1-F34E-4E01-92B6-FA393C1A5A9A}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "UDP Query User{CEB6BC7E-E7F7-4C5E-A017-DE3F7E13FA30}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "UDP Query User{D37300E8-FE97-45A0-8674-3ACA889AC962}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "UDP Query User{D7419ED2-3820-4238-BC4F-CDE5EBD9B832}C:\users\user\downloads\rapget141\rapget.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\rapget141\rapget.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences "{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75126DE9-C8EC-46B2-949F-EFA770AAFD9B}" = HP ProtectTools Security Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR "{B4867F47-1E4E-4EA2-8FE7-1153BD5B121E}" = Validity Fingerprint Driver "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant "{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook "{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}" = HP Power Assistant "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "HoldemManager" = Holdem Manager "HPProtectTools" = HP ProtectTools Security Manager "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PROSet" = Intel(R) Network Connections Drivers "sp6" = Logitech SetPoint 6.32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1CE213F8-D2A4-4069-B918-589EEFB1DB2C}" = HP Mobile Display Assistant "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{251A498D-2109-4BD2-AA12-797EE9C348DE}" = TableNinjaPP "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager "{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{448672D7-7607-4026-A8F2-E4D4B214E704}" = HP Documentation "{4728FCB1-5155-41CD-AF34-1E92DDE6556D}" = TableNinja "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform "{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}" = NoteCaddy 2 "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{7861911B-4270-498A-8F7A-FCF0570F4862}" = HP QuickWeb "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BEA3C63-101D-4009-8B73-E9CE4A5F8A9C}" = League of Legends "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}" = TableNinja "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5CBB488-6850-4C67-86D5-542A07A7A4DE}" = HP Setup "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework "{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}" = HP ESU for Microsoft Windows 7 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D1F7C704-99F2-11E1-9C74-984BE15F174E}" = Evernote v. 4.5.6 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver "{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFF186B6-4D02-4D8D-A776-C43E062E01A9}" = Rosetta Stone Ltd Services "5050poker (Poker)" = 5050 Poker "5992-1726-3179-3433" = ProPokerTools Odds Oracle 1.6.0 "888poker" = 888poker "Adobe AIR" = Adobe AIR "Betfair Poker_is1" = Betfair Poker "BSW" = BrettspielWelt "Cake Poker 2.0" = Cake Poker 2.0 "Diablo III" = Diablo III "Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition "Drive Encryption" = Drive Encryption for HP ProtectTools "EVE" = EVE Online (remove only) "Fences" = Fences "FileZilla Client" = FileZilla Client 3.5.1 "Google Chrome" = Google Chrome "HMA! Pro VPN" = HMA! Pro VPN 2.6.8 "HoldemManager2" = Holdem Manager 2 "hon" = Heroes of Newerth "ICQToolbar" = ICQ Toolbar "InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "JDownloader" = JDownloader "LogMeIn Hamachi" = LogMeIn Hamachi "Mermaid Poker" = Mermaid Poker "mIRC" = mIRC "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ParadisePoker" = ParadisePoker "PartyPoker" = PartyPoker "PokerStars" = PokerStars "PokerTracker3" = PokerTracker 3 (remove only) "PostgreSQL 8.4" = PostgreSQL 8.4 "Steam App 104700" = Super Monday Night Combat "Steam App 10500" = Empire: Total War "Steam App 17460" = Mass Effect "Steam App 24980" = Mass Effect 2 "Steam App 32460" = Monkey Island 2: Special Edition "Steam App 33350" = Anno 1404: Venice "Steam App 34330" = Total War: SHOGUN 2 "Steam App 3900" = Sid Meier's Civilization IV "Steam App 42910" = Magicka "Steam App 4760" = Rome: Total War Gold Edition "Steam App 48220" = Might & Magic ® Heroes ® VI "Steam App 48240" = Anno 2070 "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "Steam App 65800" = Dungeon Defenders "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword "Steam App 8930" = Sid Meier's Civilization V "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 1.1.7 "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Absolute Poker" = Absolute Poker "Betfred Poker" = Betfred Poker "CarbonPoker" = CarbonPoker "CelebPoker" = CelebPoker "Game Organizer" = EasyBits GO "Green Joker Poker" = Green Joker Poker "myBet Poker" = myBet Poker "Paddy Power Poker" = Paddy Power Poker "Poker 770" = Poker 770 "Titan Poker" = Titan Poker "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ich habe Malwarebytes Anti-Malware heruntergeladen und auf dem befallenen Rechner gezogen, allerdings noch nicht ausgefuehrt. Vielen Dank wenn Ihr euch meinem Problem annehmen solltet. |
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
Hey, danke. Hier das Ergebnis vom Malware-Scan: Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 User :: USER-HP [Administrator] Schutz: Aktiviert 06.06.2012 02:26:59 mbam-log-2012-06-06 (02-26-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 655541 Laufzeit: 25 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5050poker (Poker) (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Betfred Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CelebPoker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Green Joker Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\myBet Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paddy Power Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770 (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 21 C:\Microgaming\Poker\5050pokerMPP\install.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Betfred Poker\_SetupPoker_d7a3c9[1].exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\CelebPoker\_SetupPoker_e69dd.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Chilipoker\_SetupCasino_4a50(1).exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Green Joker Poker\_SetupCasino_a81bab.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\myBet Poker\_SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Paddy Power Poker\_SetupPoker.exe_3b5c79.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Poker 770\_SetupPoker.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Titan Poker\_TitanPSetup_126130.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Local\Temp\smfplyxsnw.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Local\Temp\Poker 770\SetupPoker.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Desktop\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\5050poker.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_4a50(1).exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_4a50.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_a81bab.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupPoker.exe_3b5c79.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupPoker_e69dd.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\TitanPSetup_126130.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ESET - Scanergebniss Code: |
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung) 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? |
Hey, Danke fuer deine Antowrt. Nein,das ist das erste mal das ich Malwarebytes in Benutzung hatte. Zu den beiden anderen Fragen: 1.) Ja, laeuft uneingeschraenkt. 2.) Nein, alle da. |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
OTL Logfile: Code: OTL logfile created on: 08.06.2012 12:06:08 - Run 2Danke! |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
OTL Logfile: Code: OTL logfile created on: 08.06.2012 12:06:08 - Run 2[/code] Danke! |
:confused: :wtf: :balla: Das ist aber jetzt ein OTL-log und nicht das Log vom Fix |
Ja, ganz komisch, ich wunder mich auch schon grade ueber den Doppelpost, kann mich garnicht daran erinnern. War ich wohl Gedankenversunken. Anyway, hier der Log vom Fix: Code: All processes killed |
Der Haken ist nur beim Log-Erstellen relevant, nicht beim Fixen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg |
Ja, ganz komisch, ich wunder mich auch schon grade ueber den Doppelpost, kann mich garnicht daran erinnern. War ich wohl Gedankenversunken. Anyway, hier der Log vom Fix: Code: All processes killedDarum hab ichs einfach nochmal mit Haekchen gemacht: Code: All processes killed |
Na,, :rolleyes: der Haken ist beim Fixen egal weil es nur skriptabhängig ist :D Aber ist net schlimm :) Nur wunder ich mich was das jetzt nochmal soll, du solltest doch den TDSS Dingsbums machen :confused: |
:( Ok hier der TDSS Report: Code: 22:32:07.0808 7076 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:59 Uhr. |
Copyright ©2000-2025, Trojaner-Board
