Hallo t'john,
wurde etwas spät bei mir heute...
MBAM : Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.04.03
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Vosla :: ZILLIS [Administrator]
04.08.2012 10:10:53
mbam-log-2012-08-04 (10-10-53).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 408026
Laufzeit: 45 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
OTL : Code:
OTL logfile created on: 04.08.2012 11:21:58 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Vosla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,70 Gb Available Physical Memory | 83,76% Memory free
16,00 Gb Paging File | 14,87 Gb Available in Paging File | 92,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 10,51 Gb Free Space | 4,51% Space Free | Partition Type: NTFS
Drive D: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,89 Gb Total Space | 3,89 Gb Free Space | 99,81% Space Free | Partition Type: FAT32
Computer Name: ZILLIS | User Name: Vosla | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Vosla\Desktop\Ort.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 AF 56 2D F8 2E CD 01 [binary data]
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 17:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.23 19:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.11.21 22:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vosla\AppData\Roaming\mozilla\Extensions
[2012.08.03 21:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vosla\AppData\Roaming\mozilla\Firefox\Profiles\9zpfejn4.default\extensions
[2012.03.30 15:23:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Vosla\AppData\Roaming\mozilla\Firefox\Profiles\9zpfejn4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.04 04:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.23 14:45:10 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\VOSLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZPFEJN4.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
[2012.08.01 16:50:44 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\VOSLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZPFEJN4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.07.19 17:38:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78B85F89-1FA0-4C06-AB1A-8299267AF0FF}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.15 10:20:36 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.03 22:55:52 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.08.03 22:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.08.03 22:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.08.03 18:15:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.03 17:20:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Vosla\Desktop\Ort.exe
[2012.08.03 12:08:19 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.28 23:57:03 | 000,000,000 | ---D | C] -- C:\Users\Vosla\Documents\Downloads
[2012.07.10 19:16:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.10 19:16:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.10 19:16:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.10 19:16:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.10 19:16:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.10 19:16:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.10 19:16:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.10 19:16:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.10 19:16:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.10 19:16:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.10 19:16:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.10 19:16:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.10 19:16:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.10 19:12:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 19:12:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 19:12:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.10 19:12:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.10 19:12:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.09 20:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Vosla\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Vosla\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Vosla\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Vosla\AppData\Local\bass.dll
========== Files - Modified Within 30 Days ==========
[2012.08.04 10:13:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 10:13:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 10:13:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 10:13:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 10:13:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 10:09:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 10:08:56 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 09:46:59 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 09:46:59 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 23:20:47 | 000,001,534 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.08.03 22:54:30 | 000,000,914 | ---- | M] () -- C:\Users\Vosla\Desktop\Sandboxed Web Browser.lnk
[2012.08.03 20:07:50 | 000,000,005 | ---- | M] () -- C:\Users\Vosla\AppData\Roaming\mbam.context.scan
[2012.08.03 18:56:26 | 000,614,903 | ---- | M] () -- C:\Users\Vosla\Desktop\adwcleaner.exe
[2012.08.03 14:34:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vosla\Desktop\Ort.exe
[2012.07.30 19:30:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 10:02:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 10:02:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.18 08:36:51 | 000,001,255 | ---- | M] () -- C:\Users\Vosla\Desktop\Nightly.lnk
[2012.07.10 19:29:04 | 000,299,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.09 20:15:44 | 000,001,473 | ---- | M] () -- C:\Users\Vosla\AppData\Local\RecConfig.xml
[2012.07.05 20:38:08 | 000,018,944 | ---- | M] () -- C:\Users\Vosla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2012.08.03 22:54:57 | 000,000,914 | ---- | C] () -- C:\Users\Vosla\Desktop\Sandboxed Web Browser.lnk
[2012.08.03 22:54:55 | 000,001,534 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.08.03 20:07:50 | 000,000,005 | ---- | C] () -- C:\Users\Vosla\AppData\Roaming\mbam.context.scan
[2012.08.03 18:56:21 | 000,614,903 | ---- | C] () -- C:\Users\Vosla\Desktop\adwcleaner.exe
[2012.07.18 08:36:51 | 000,001,255 | ---- | C] () -- C:\Users\Vosla\Desktop\Nightly.lnk
[2012.06.24 14:12:57 | 000,007,605 | ---- | C] () -- C:\Users\Vosla\AppData\Local\Resmon.ResmonCfg
[2012.03.23 21:13:47 | 000,001,473 | ---- | C] () -- C:\Users\Vosla\AppData\Local\RecConfig.xml
[2012.03.11 00:09:05 | 053,297,947 | ---- | C] () -- C:\Users\Vosla\patch.exe
[2012.03.04 16:32:32 | 000,000,320 | ---- | C] () -- C:\Windows\doom3.ini
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.20 04:41:52 | 000,000,268 | ---- | C] () -- C:\Users\Vosla\TS3 Casual Lamer.ini
[2012.01.18 22:24:31 | 000,018,944 | ---- | C] () -- C:\Users\Vosla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.16 03:01:51 | 000,005,120 | ---- | C] () -- C:\Windows\EyeCand3.INI
[2011.12.31 15:59:40 | 001,593,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.23 20:24:24 | 000,000,000 | ---- | C] () -- C:\Users\Vosla\.gtk-bookmarks
[2011.12.23 20:23:31 | 000,615,235 | ---- | C] () -- C:\Users\Vosla\.fonts.cache-1
[2011.11.25 23:29:08 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2011.11.21 22:17:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.21 21:57:12 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011.11.21 21:57:12 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011.11.21 21:57:12 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011.11.21 21:56:58 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.11.21 21:56:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.12.29 09:56:21 | 001,755,306 | ---- | C] () -- C:\Users\Vosla\M3N78D.pdf
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Vosla\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Vosla\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Vosla\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Vosla\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Vosla\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Vosla\AppData\Local\no23xwrapper.dll
< End of report >
Extras : Code:
OTL Extras logfile created on: 04.08.2012 11:21:58 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Vosla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,70 Gb Available Physical Memory | 83,76% Memory free
16,00 Gb Paging File | 14,87 Gb Available in Paging File | 92,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 10,51 Gb Free Space | 4,51% Space Free | Partition Type: NTFS
Drive D: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,89 Gb Total Space | 3,89 Gb Free Space | 99,81% Space Free | Partition Type: FAT32
Computer Name: ZILLIS | User Name: Vosla | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1E376-BBA3-4986-8BC9-2AEF03142138}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E2A029E-F745-4ED8-BA5D-C7AA0B506604}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0E5FD465-01C7-4AD4-8425-EECF45F51099}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16363753-8773-4D18-9E7E-8B0991C44300}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1FD31F19-8511-4B77-A6A8-7134563714AF}" = lport=138 | protocol=17 | dir=in | app=system |
"{36B2AD37-B8A7-4586-8308-C0B09D3175B0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{43B3A86E-081F-46DD-BE8D-539E6761ED2C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4585BB49-C503-4AA8-9CB3-429EDF23D93E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{51807221-D338-4E8D-A1C2-CCD138796171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A957006-7931-4064-AAEF-17D67AB24E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{607CD2B9-4890-4EE0-8800-0465C02AAB23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62DE67EF-05F6-4AFC-A7C7-2CBA988AC305}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{633CBBC8-AE90-4088-B04E-D566967D9260}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BC6F084-41C4-4FA0-ADE2-ED97DC573B15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72B949C3-187E-4C34-B0F5-6C4C40F86CAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C3F2EFA-05C6-47D8-A408-DFF91877DF88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A07C98F-6A82-4A02-8C18-700838BE9987}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B89164F-B832-421A-B551-D12D32C77DA2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8C680522-B47F-40A9-9F08-588853D9C471}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E5107FB-0C54-4873-9F6B-5358F4B26984}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8F22751C-E94D-41D9-BE54-CBD42FCD552F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{92DB97F2-2B37-442C-8D07-CBBBF8E02D38}" = rport=139 | protocol=6 | dir=out | app=system |
"{93944122-6257-4C88-BA6E-26AE23B1301B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFD5145C-5923-49B2-A70E-F6618F76711F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB5DFF85-5F33-40BA-B8D8-8D48CDE7651F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CC86BB60-4BD0-4400-B3F5-2FA446A1A287}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CE9353C3-21D9-4881-B0C4-9B0F9DB65742}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D028E448-57B4-49FC-836F-B298FB4C8F8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{D724B0F5-06B5-45D0-BA80-2FEC30938549}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7B4B1FB-103E-4DC8-B32B-FF67E2EC19E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA23E6AA-DD8D-4C90-BFCF-F703A79FE8B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDDA41DF-A0F3-4854-9FEA-7E8206649124}" = rport=137 | protocol=17 | dir=out | app=system |
"{F08AB117-D558-4F64-A97C-708118574DBF}" = lport=445 | protocol=6 | dir=in | app=system |
"{F4C36239-88A4-4763-9574-BE98A23D8525}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4FAE338-8E90-4F8F-B145-DEC77AEF3783}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F6F570-0F88-4CB3-A5C7-B55636CB7B2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{015BB184-8A07-4ED9-AD76-B54B1E4A7C6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
"{02B41E3E-AF14-4482-BA41-5768586E2EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hackslashloot\hackslashloot.exe |
"{04638BEF-664A-4160-9A47-9DDD65FE2288}" = protocol=17 | dir=in | app=c:\games\stalker-soc\bin\dedicated\xr_3da.exe |
"{050E438C-3A2F-4C20-8752-856CB8B33684}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0516D608-ECAA-4E14-BB47-2DEB5BFE840F}" = protocol=6 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"{064E162D-A2EF-4227-B19F-3A6E045B5AB8}" = protocol=6 | dir=in | app=c:\games\crysis\bin64\crysisdedicatedserver.exe |
"{065489D2-D368-43C0-97E8-6EE92567388A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{0A862B44-F572-4F55-AF8D-D47E560E2CF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1798595D-B5B1-4388-ADAF-CFF267A45EBD}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{1B0AFA4E-AF27-4EC5-9203-F96E8B1697AD}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{1C53DA84-18ED-4665-9F66-2FE4B7966A20}" = protocol=6 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{1CD111EC-1351-420B-ABF5-C2EA983FB736}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{1E538DB9-4DE6-4D93-B594-C97A93ECE82B}" = protocol=17 | dir=in | app=c:\games\brothersinarmseib\system\eib.exe |
"{24446D1F-9D78-4E85-B249-1E9DC57A0CF1}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{26A169F5-4603-43BE-BE09-0EFE6E97AD23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C6AF7D4-0F54-42A6-82CD-35CB7B8E7720}" = protocol=6 | dir=in | app=c:\games\cop\bin\xrengine.exe |
"{301BCC97-0194-4495-AB9D-1613F981800D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{30AA1BC8-6F22-416C-8734-EFB4DF5D8FED}" = protocol=17 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{320E654E-8B1D-466F-BE24-087DD2268B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{341F43DA-CA83-4F64-9D41-86E730512E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\options.exe |
"{3807E018-C69D-4A86-ADDB-84C487488CCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3909D652-EFCE-4573-8FAF-1C7063089C62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\greed.exe |
"{3C6E201C-D623-46CB-A809-FA6D496361C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C799992-A819-494D-9C9E-220A274A57EF}" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"{3D02B416-3206-4FD6-9A0F-0E5A54B2DBD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{400DF9CE-2CF1-485E-8347-664B72F2F2A4}" = protocol=17 | dir=in | app=c:\games\crysis\bin64\crysisdedicatedserver.exe |
"{4112740C-D163-40FF-AF48-C160C589C4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{433DF2E0-4CF1-4D5F-8EEC-ED09260C6824}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43DBDCA9-EB02-4B97-B676-69B7E4574A67}" = protocol=17 | dir=in | app=c:\games\crysis\bin32\crysisdedicatedserver.exe |
"{44FB68DD-9400-4DA4-8993-80C3DF0B8859}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{4553D31E-225A-42C2-819E-F4425C198F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{4BA6FEDB-687D-4885-B5B6-5487535C0A13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hackslashloot\hackslashloot.exe |
"{51249E20-8A13-492C-A738-EEE3F8185C77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe |
"{52B63A9E-C206-440E-9055-E1DB3739C71B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55861534-A5E4-4BBF-B962-CEF5AA309DE9}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{57393596-C603-4CF7-8883-BEA8D053936F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5774E115-EDE1-464D-B139-1A5C75E1B355}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5A35FC79-4B98-4179-A7AD-7DE5B7AB08DB}" = protocol=17 | dir=in | app=c:\games\stalker-soc\bin\xr_3da.exe |
"{5B6155C7-0FEC-4BCF-A5E1-8D963A1C520D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C00CCF1-3028-4E33-8D14-FDEDDBDBAC55}" = protocol=6 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"{5E80D003-E5ED-4EB5-BFAB-44895A408717}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{5F9EE83B-0167-48FA-83B2-E57688F5BB54}" = protocol=6 | dir=in | app=c:\games\cop\bin\dedicated\xrengine.exe |
"{633A9392-249F-44CF-A4D2-D78896D87D60}" = protocol=17 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"{66EFF95E-839F-4D3E-A7B0-271B5373A367}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\options.exe |
"{707FB549-C828-4F73-8D70-5A90559331F7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{73A10E3F-2048-4A2C-BEA6-9E360941CDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\half-life\hl.exe |
"{73F5D190-41C7-4210-B6D8-40ED7F6A32DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{7499EEAE-F0D1-4615-970E-03C81A213541}" = protocol=17 | dir=in | app=c:\games\stalker- cs\bin\dedicated\xrengine.exe |
"{79F3B6A1-1071-4DF2-BA6F-94E4421667F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{8173FCC8-A71B-4DEB-A93A-FDDF776E004D}" = protocol=6 | dir=in | app=c:\games\stalker- cs\bin\xrengine.exe |
"{8B663213-A3AE-486E-910D-2D30AC6D250D}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{8BEF6E4D-814D-417C-9BCB-940C56F1E865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8CB7C2B2-EBB2-4F82-AB23-94377CEB9181}" = protocol=6 | dir=in | app=c:\games\stalker-soc\bin\dedicated\xr_3da.exe |
"{8CF49EFD-D62D-4448-A6D7-CBD9DB5D7343}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{8DD7D3F5-CA73-4A4D-AA5A-66E72C837A5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95D3D7FC-3E32-492F-B560-D0A5188BAC41}" = protocol=17 | dir=in | app=c:\games\stalker- cs\bin\xrengine.exe |
"{966FA5F0-D139-4D82-8034-5581B97914CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96773771-991D-4929-9207-97EDE465F01D}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{969769D9-0F39-4FD7-AEFD-73F7D964AD85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe |
"{99018260-D34F-4F77-A3A8-237652E78E04}" = protocol=17 | dir=in | app=c:\games\red faction guerrilla\rfg.exe |
"{99E5FD42-5054-43F3-925E-F083DD04B15C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9A8594E7-D791-451F-A5C3-B6F041D52544}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9F82DAAC-E13A-4401-9DB5-FF51931249E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A11D20CC-D5B1-455E-B1E9-AE51BED5957D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{A670E8E8-0DCA-49BB-B629-66A20047E360}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{A9239954-6D94-497E-80B7-63E7A0373798}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{AB429E83-D124-4AD4-BBF9-7C7070C1A187}" = protocol=6 | dir=in | app=c:\games\stalker-soc\bin\xr_3da.exe |
"{AECA0A34-C357-4AEE-99F7-57E0D32E61A9}" = protocol=17 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"{B30308F9-EE1D-4FDF-8BAD-824990F13A44}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B8DEE083-0DDB-42ED-A40E-E1587EC3CF4D}" = protocol=17 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{B9A7EAC6-B551-4E13-BEB7-E07E31B97275}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{BB1F018F-E1DA-4C5C-848E-5D682C02C1CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\greed.exe |
"{BE9434B3-4F4C-457E-BA77-C6FC24E9997C}" = protocol=17 | dir=in | app=c:\games\cop\bin\xrengine.exe |
"{C40912EC-35F1-4B97-8EE6-A8060A85BE9E}" = protocol=6 | dir=in | app=c:\games\red faction guerrilla\rfg.exe |
"{C433A0D2-4561-425B-AB08-4A0BAAD6F4DF}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{CA1D99D5-83E9-4CC7-B56F-F41B15FB09E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDEAC137-9A53-4071-A646-1F5DCCEB687F}" = protocol=6 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"{D0B1CD4B-72EC-4DBA-8BC4-FC685A899879}" = protocol=6 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{D1E44CD6-A2F0-4757-81CE-EE34F092E7DC}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{D3CD69C9-5947-497B-81C3-BAFC6BE8C37B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
"{D404A359-2BBB-4FDB-91DC-1BAC657D8C0F}" = protocol=6 | dir=in | app=c:\games\stalker- cs\bin\dedicated\xrengine.exe |
"{D54FBCAF-376F-4565-ABA1-71476BF09625}" = protocol=17 | dir=in | app=c:\games\cop\bin\dedicated\xrengine.exe |
"{D62D3F1C-E636-4D23-9FED-2FF4EC8FFDDD}" = protocol=6 | dir=in | app=c:\games\brothersinarmseib\system\eib.exe |
"{D78A545E-C30A-4678-A312-F680FFD3C82B}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{DC425C17-638E-4D0A-A105-A29F7CDDBBFE}" = protocol=6 | dir=in | app=c:\games\crysis\bin64\crysis.exe |
"{E191122A-4860-4092-9C80-9D90DB01812A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E27469E2-81F9-47C1-B860-86293A104D69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4769ABA-D066-4858-BFFB-EDC5BA153631}" = protocol=6 | dir=out | app=system |
"{E5B3667D-D6A6-4011-B44E-D1027D0EBFE8}" = protocol=6 | dir=in | app=c:\games\crysis\bin32\crysis.exe |
"{E5DE705B-E9EB-4B6C-BB6B-3668B23E09A7}" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"{E69D7B71-85C5-48C1-8ADB-E3BD3F8B1FCE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{ECFD12F5-6FCA-4843-B879-AF65CE958CDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4BAD07-BB0B-42C5-AEA2-3CBBCDDADCE1}" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"{F0B2BFC7-825B-40D0-965D-B161A4640633}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F1166466-1255-4299-B84F-913E856575DA}" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"{F1A4586A-BFD0-4659-ADAC-F690647AEE0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F2516131-E326-4B00-ABB4-0F38053BEA86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\half-life\hl.exe |
"{F2CF0B4E-71E0-45FB-BE94-73B8488B9943}" = protocol=6 | dir=in | app=c:\games\crysis\bin32\crysisdedicatedserver.exe |
"{F44CE600-FF70-4F6D-9DAA-628727655619}" = protocol=17 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"{F7223D20-187A-41A3-BB88-B5873D98DA8F}" = protocol=17 | dir=in | app=c:\games\crysis\bin32\crysis.exe |
"{F7E2DA3E-32DC-4A40-955A-66D5AC6C3126}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FAED41B5-EFAB-4EA3-AAB4-69CB2DA6B6FD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FF7CB367-D8DC-434E-9C25-5CFECB94555F}" = protocol=17 | dir=in | app=c:\games\crysis\bin64\crysis.exe |
"TCP Query User{090B242F-A860-419F-92F0-8B27A67BE673}C:\program files (x86)\manic digger\manicdiggerserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\manic digger\manicdiggerserver.exe |
"TCP Query User{23C40498-06A3-4438-A0BE-68E224F056E4}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"TCP Query User{2CC0D533-54C1-444A-9E29-D49F2D9D33BD}C:\games\halflife\hl.exe" = protocol=6 | dir=in | app=c:\games\halflife\hl.exe |
"TCP Query User{7350CCCB-28A3-4672-8DAA-5B8F538092C4}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"TCP Query User{7F0162B7-A11A-45AF-B3C9-33A6C7852384}C:\games\manic digger\manicdiggerserver.exe" = protocol=6 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"TCP Query User{C44C16DF-6D05-4626-BF90-5F9141082DF7}C:\games\timeshift\bin\timeshift.exe" = protocol=6 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"TCP Query User{D0CF751A-161A-43AB-BF4F-A3E43EA6012F}C:\q3ademo\quake3.exe" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"TCP Query User{E20FE11C-8080-4928-A410-9EAB98BCD4B7}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{EA70EDD4-6E54-44CD-B06F-BBCD6654EFDB}C:\games\postal2mp\system\postal2mp.exe" = protocol=6 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"UDP Query User{06FE5101-DA52-4EB9-B737-9BF3F11A4986}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"UDP Query User{40F12417-1C30-4DCB-B17D-A56C81CB4F8D}C:\games\halflife\hl.exe" = protocol=17 | dir=in | app=c:\games\halflife\hl.exe |
"UDP Query User{48DFF5A5-547E-416A-99DB-AADF141CCE23}C:\games\manic digger\manicdiggerserver.exe" = protocol=17 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"UDP Query User{546DC04C-3417-41D7-A38B-0AC195D7CDB6}C:\games\postal2mp\system\postal2mp.exe" = protocol=17 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"UDP Query User{6CB3F06A-4E1F-41A6-8DF9-60D8E185E0EE}C:\games\timeshift\bin\timeshift.exe" = protocol=17 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"UDP Query User{8C342C72-7E59-44DB-883B-1BD02FF9FCF2}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{D18A15B8-4D06-40DA-975B-39E92D31A45F}C:\program files (x86)\manic digger\manicdiggerserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\manic digger\manicdiggerserver.exe |
"UDP Query User{DE3BECFF-DA5A-4CC5-8EA3-18942FD90791}C:\q3ademo\quake3.exe" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"UDP Query User{F6B00BC6-1B72-4321-8CAB-69A14E506FC8}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"161F799A53ADBF2659BD104311FE0738EB552B14" = Windows Driver Package - Hamrick Software Image (1/9/1999 1.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.72 (64-bit)
"Ultravnc2_is1" = UltraVnc
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1" = Manic Digger
"{17A7779A-D23F-11D3-8753-0050BABE1202}" = Microtek ScanWizard
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206BA68B-DF92-45C6-B61D-228F188FD9FC}" = ACDSee 5.0 Standard
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54510837-257F-4E9A-B359-731000038301}" = Red Faction: Guerrilla
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.84
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crusader No Remorse_is1" = Crusader No Remorse
"Cube" = Cube
"diew" = DIEW - Dokumentenmanagement
"Fallout 2" = Fallout 2
"Fallout Tactics" = Fallout Tactics
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GIF Animator" = Microsoft GIF Animator
"Half-Life Decay PC_is1" = Half-Life Decay PC 1.0
"Half-Life Model Viewer 1.25" = Half-Life Model Viewer 1.25
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Matto4" = Matto4
"Matto4 Patch 1.1" = Matto4 Patch 1.1
"ModPlug Player v1.46_is1" = ModPlug Player
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"One Unit Whole Blood_is1" = One Unit Whole Blood
"OnlineControl_is1" = OnlineControl 1.2
"OpenAL" = OpenAL
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"RADVideo" = RAD Video Tools
"Redneck Rampage Collection_is1" = Redneck Rampage Collection
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Sauerbraten" = Sauerbraten
"Steam App 1500" = Darwinia
"Steam App 207170" = Legend of Grimrock
"Steam App 207430" = Hack, Slash, Loot
"Steam App 300" = Day of Defeat: Source
"Steam App 46400" = Greed: Black Border
"Steam App 620" = Portal 2
"Steam App 9200" = RAGE
"Steam App 98800" = Dungeons of Dredmor
"Stonekeep_is1" = Stonekeep
"TeamViewer 7" = TeamViewer 7
"Tyrian 2000_is1" = Tyrian 2000
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp (nur entfernen)
"WinMend File Copy_is1" = WinMend File Copy 1.3.7.1
"X3TerranConflict_is1" = X-Tension v2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.2.7.1
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.08.2012 07:11:53 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 12:18:44 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 12:41:38 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 14:24:23 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 14:35:12 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 15:32:34 | Computer Name = Zillis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0xe88 Startzeit der fehlerhaften Anwendung: 0x01cd71aeb90b02d3
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Berichtskennung:
f8c41405-dda1-11e1-a248-002522c0a611
Error - 03.08.2012 15:32:59 | Computer Name = Zillis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x98c Startzeit der fehlerhaften Anwendung: 0x01cd71aeca1c2e36
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Berichtskennung:
07d4a5d2-dda2-11e1-a248-002522c0a611
Error - 03.08.2012 15:33:32 | Computer Name = Zillis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x210 Startzeit der fehlerhaften Anwendung: 0x01cd71aede168e9b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Berichtskennung:
1bcca3dd-dda2-11e1-a248-002522c0a611
Error - 04.08.2012 03:41:03 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2012 04:10:48 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.03.2012 13:53:37 | Computer Name = Zillis | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 15.03.2012 13:53:37 | Computer Name = Zillis | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Der Rootkitrevealer kommt wohl nicht mit Win7 x64 klar.
Emsisoft : Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 05.08.2012 00:33:53
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 05.08.2012 00:34:11
c:\program files (x86)\gamespy arcade gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\install.log gefunden: Trace.File.gamespy arcade!E1
Key: hkey_classes_root\.vnc gefunden: Trace.Registry.vnc.commoncomponents!E1
C:\_MEDIA\_LIBRARY\_WEB\STALKER-Pedia\stalkerpedia.net\deutsch\_media\trainer_6_v.1.zip -> STALKER-Trainer-V1.exe gefunden: Win32.SuspectCrc!E2
C:\_MEDIA\_LIBRARY\_WEB\STALKER-Pedia\stalkerpedia.net\deutsch\_media\trainer_7.zip -> STALKER-Trainer-V3.exe gefunden: Win32.SuspectCrc!E2
C:\_MEDIA\_CALIBRE\_GAMES\Unbekannt\Barbarian Returns (92)\Barbarian Returns - Unbekannt.rar -> Barbarian.exe gefunden: Trojan.Win32.FakeAV!E2
Gescannt 671904
Gefunden 6
Scan Ende: 05.08.2012 01:51:46
Scan Zeit: 1:17:35
Anmerkungen : Das Programm lief mitsamt aktuellen Beta-Defintionen durch. Die beiden Trainer und die Barbarian.exe sollten eigentlich OK sein, false positives.
Zwischendurch lief auch die Kapersky Rescue Disk durch : Code:
Objects Scan: completed 2 hours ago (events: 2, objects: 1334, time: 00:01:22)
8/4/12 3:17 PM Task completed
8/4/12 3:16 PM Task started
Objects Scan: completed 2 hours ago (events: 2, objects: 3168, time: 00:00:31)
8/4/12 3:18 PM Task completed
8/4/12 3:17 PM Task started
Objects Scan: completed <1 minute ago (events: 9, objects: 1199662, time: 02:15:58)
8/4/12 5:34 PM Task completed
8/4/12 4:57 PM Processing error C:/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe Read error
8/4/12 4:57 PM Processing error C:/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/icaros-pc-i386.iso Read error
8/4/12 4:19 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe Read error
8/4/12 4:19 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/icaros-pc-i386.iso Read error
8/4/12 3:33 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe Read error
8/4/12 3:33 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/Emulator/fmod.dll Read error
8/4/12 3:33 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/icaros-pc-i386.iso Read error
8/4/12 3:18 PM Task started
Zu guter Letzt der Scan von adwcleaner : Code:
# AdwCleaner v1.800 - Logfile created 08/05/2012 at 00:02:04
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Vosla - ZILLIS
# Running from : C:\Users\Vosla\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Vosla\AppData\Roaming\Mozilla\Firefox\Profiles\9zpfejn4.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [829 octets] - [03/08/2012 18:56:47]
AdwCleaner[R2].txt - [888 octets] - [05/08/2012 00:01:09]
AdwCleaner[R3].txt - [947 octets] - [05/08/2012 00:01:26]
AdwCleaner[S1].txt - [879 octets] - [05/08/2012 00:02:04]
########## EOF - C:\AdwCleaner[S1].txt - [1006 octets] ##########
Und hier noch das Log von AntiVir vom 03.08 : Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 3. August 2012 19:30
Es wird nach 4057493 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ZILLIS
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 18:24:50
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 18:24:50
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 18:24:50
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 18:24:50
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 18:22:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:51:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 21:08:55
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:24:36
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 21:19:47
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 21:19:47
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 21:19:47
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 21:19:47
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 21:19:48
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 21:19:48
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 21:19:48
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 21:19:48
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 21:19:48
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 21:20:14
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 21:19:59
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 21:19:57
VBASE017.VDF : 7.11.38.144 2048 Bytes 02.08.2012 21:19:57
VBASE018.VDF : 7.11.38.145 2048 Bytes 02.08.2012 21:19:57
VBASE019.VDF : 7.11.38.146 2048 Bytes 02.08.2012 21:19:57
VBASE020.VDF : 7.11.38.147 2048 Bytes 02.08.2012 21:19:57
VBASE021.VDF : 7.11.38.148 2048 Bytes 02.08.2012 21:19:57
VBASE022.VDF : 7.11.38.149 2048 Bytes 02.08.2012 21:19:57
VBASE023.VDF : 7.11.38.150 2048 Bytes 02.08.2012 21:19:57
VBASE024.VDF : 7.11.38.151 2048 Bytes 02.08.2012 21:19:57
VBASE025.VDF : 7.11.38.152 2048 Bytes 02.08.2012 21:19:58
VBASE026.VDF : 7.11.38.153 2048 Bytes 02.08.2012 21:19:58
VBASE027.VDF : 7.11.38.154 2048 Bytes 02.08.2012 21:19:58
VBASE028.VDF : 7.11.38.155 2048 Bytes 02.08.2012 21:19:58
VBASE029.VDF : 7.11.38.156 2048 Bytes 02.08.2012 21:19:58
VBASE030.VDF : 7.11.38.157 2048 Bytes 02.08.2012 21:19:58
VBASE031.VDF : 7.11.38.192 96256 Bytes 03.08.2012 17:29:42
Engineversion : 8.2.10.126
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 21:19:37
AESCRIPT.DLL : 8.1.4.38 455033 Bytes 03.08.2012 17:30:02
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 21:08:54
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 21:19:51
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.18 807287 Bytes 27.07.2012 21:20:14
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19.07.2012 21:19:56
AEHEUR.DLL : 8.1.4.84 5112182 Bytes 03.08.2012 17:30:00
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 21:19:20
AEGEN.DLL : 8.1.5.34 434548 Bytes 19.07.2012 21:19:38
AEEXP.DLL : 8.1.0.74 86387 Bytes 03.08.2012 17:30:02
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 21:19:33
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 21:19:32
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 18:24:50
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 18:24:50
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 18:24:50
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 18:24:50
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 18:24:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 18:24:50
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 18:24:50
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 18:24:50
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 18:24:50
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 18:24:50
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_501bfeda\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +PFS,
Beginn des Suchlaufs: Freitag, 3. August 2012 19:30
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avwsc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'updrgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'procexp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ocontrol.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Vosla\AppData\Roaming\unlocker.dll'
C:\Users\Vosla\AppData\Roaming\unlocker.dll
[FUND] Ist das Trojanische Pferd TR/Agent.ewu.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '540da4cd.qua' verschoben!
Ende des Suchlaufs: Freitag, 3. August 2012 19:32
Benötigte Zeit: 01:56 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
14 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
13 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Alle alten Logs sind ansonsten als Anhang in diesem Thread. |
