Joker2010 | 03.06.2013 21:53 | Internet Explorer öffnet sich selbstständig. Liste der Anhänge anzeigen (Anzahl: 1) Hinweis: Bei Schritt 3 in der Anleitung sollte man GMER starten, welches bei einer bestimmten Pfad dann hängen bleibt. Ein ScreenShot ist nochmal unten bzw. angehängt.
Hallo liebes Trojaner-Board Team,
zuerst werde ich mal etwas Allgemein über mein Problem schreiben, damit Ihr wisst wo und in welche Richtung mein Problem ungefähr ist und geht:
Und zwar habe ich seit ein paar Tagen bemerkt, dass mein PC plötzlich, wenn ich ein paar Minuten nichts an der Tastatur mache, auf "eigener Faust" Internet Explorer öffnet auf dem schon eine Seite offen ist. Es öffnet sich also nicht so, als ob einer da langsam oder auch schnell rum tippt, sondern auf "einen Schlag", als wäre es so als Datei gespeichert.
Beispielsweise wurde einmal hxxp://www.sparritter.de/ geöffnet, ohne dass ich etwas gemacht habe außer es zu beobachten. Es wurden auch noch andere Seiten meistens nacheinander geöffnet, von denen ich die Links allerdings nicht kopiert habe.
Noch ein paar Informationen: Ich habe, bevor ich die Anleitung gelesen habe, schon die "Malwarebytes Anti-Malware" einmal die ganze Festplatte scannen lassen.
LogFile vom Malwarebytes Anti-Malware Scan: Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.06.03.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
USER1 :: MT7-PC [Administrator]
Schutz: Aktiviert
03.06.2013 12:39:17
mbam-log-2013-06-03 (12-39-17).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 494997
Laufzeit: 2 Stunde(n), 40 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\Users\USER1\AppData\Roaming\noc\scvhost.exe (Trojan.BitMiner) -> 3952 -> Löschen bei Neustart.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\USER1\AppData\Roaming\jabconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 6
C:\Users\USER1\AppData\Roaming\noc\scvhost.exe (Trojan.BitMiner) -> Löschen bei Neustart.
C:\Users\USER1\y0353p10gcpk5.exe (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a2e915b-6bbfedd0 (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005267.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\AppData\Roaming\noc\chp.exe (Trojan.Bitcoin) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\USER1\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) Ausserdem wurde ein Virus während ich Schritt 2 von der Anleitung durchgeführt von meinem Anti Virus Programm "Avira Anti-Virus" gefunden, jedoch habe ich mal alles vom heutigen Tag (03.06) kopiert: Code:
Exportierte Ereignisse:
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 19:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 19:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Aber nun zu den Dateien, welche unter der Anleitung erfordert werden:
Defogger:
Keine Fehlermeldung.
OTL.txt: Code:
OTL logfile created on: 03.06.2013 19:45:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER1\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,89% Memory free
5,50 Gb Paging File | 4,39 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 54,40 Gb Free Space | 36,52% Space Free | Partition Type: NTFS
Computer Name: MT7-PC | User Name: USER1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.03 19:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe
PRC - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013.05.14 13:20:51 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.05 12:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.05 12:47:25 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.05 12:47:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) -- C:\Programme\Soda 3D PDF Reader\ConversionService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.11.16 09:27:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Programme\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
PRC - [2009.11.05 16:56:38 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll
MOD - [2011.12.15 13:38:45 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.06 22:18:16 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [1997.10.18 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL
========== Services (SafeList) ==========
SRV - [2013.05.15 17:30:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.05 12:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.05 12:47:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.03.10 03:56:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) [Auto | Running] -- C:\Programme\Soda 3D PDF Reader\ConversionService.exe -- (Soda 3D PDF Reader Service)
SRV - [2011.12.23 18:57:10 | 000,821,592 | ---- | M] (LULU Software) [On_Demand | Stopped] -- C:\Programme\Soda 3D PDF Reader\HelperService.exe -- (Soda 3D PDF Reader Helper Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.11.05 16:56:38 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013.05.05 12:47:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.05.05 12:47:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.05.05 12:47:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.04.12 16:27:36 | 001,399,680 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2005.08.18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E2 B2 4B 0C 5C CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQkVkTMcB&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {E634117B-33A8-4C70-8210-198010F03834}:1.0
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.26 22:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFSodaReaderPDFConverter@sodapdf.com: C:\Program Files\Soda 3D PDF Reader\FFSodaReaderExt [2012.03.04 00:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.20 10:27:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.05.20 10:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.05.20 10:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 21:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 23:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.20 10:27:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E634117B-33A8-4C70-8210-198010F03834}: C:\Users\USER1\AppData\Roaming\01003.128 [2013.05.08 17:14:47 | 000,000,000 | ---D | M]
[2011.08.16 18:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Extensions
[2012.07.24 20:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions
[2011.12.06 13:52:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.01.10 22:03:46 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\ffxtlbr@incredibar.com
[2012.01.10 22:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\staged
[2011.10.16 23:50:47 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\welcome@toolmin.com
[2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\cg64vhj4.default\searchplugins\conduit.xml
[2012.01.10 22:03:36 | 000,002,203 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\cg64vhj4.default\searchplugins\MyStart Search.xml
[2011.10.27 21:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.24 22:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.01.26 22:31:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.10.24 22:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2013.05.08 17:14:47 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER1\APPDATA\ROAMING\01003.128
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.11 15:47:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.11 15:47:33 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.11 15:47:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 23:50:47 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.11.11 15:47:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.11 15:47:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - Extension: Bflix extension = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp\1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (bflix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Programme\BFlix\bflix.dll (bflix)
O2 - BHO: (Soda 3D PDF Reader Helper) - {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} - C:\Programme\Soda 3D PDF Reader\PDFIEHelper.dll (LULU Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Soda 3D PDF Reader Toolbar) - {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Programme\Soda 3D PDF Reader\PDFIEPlugin.dll (LULU Software)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\USER1\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [noc] C:\Users\USER1\AppData\Roaming\noc\dan.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDB803B-F5F3-49CA-B9FE-F15D1BFF8A6B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ECE886D-5CAD-4782-8D86-C1244F893B44}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE3D900F-6C92-4032-825A-ED6EA2364909}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dcf42ee8-ecde-11e0-9357-0016173bcafe}\Shell - "" = AutoRun
O33 - MountPoints2\{dcf42ee8-ecde-11e0-9357-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dcf42efa-ecde-11e0-9357-0016173bcafe}\Shell - "" = AutoRun
O33 - MountPoints2\{dcf42efa-ecde-11e0-9357-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fdd78564-edad-11e0-867c-0016173bcafe}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd78564-edad-11e0-867c-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.03 19:43:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe
[2013.06.03 12:33:20 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Malwarebytes
[2013.06.03 12:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.03 12:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.03 12:33:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.03 12:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.03 12:31:08 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Local\Programs
[2013.06.03 12:30:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\USER1\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.02 19:35:45 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\USER1\AppData\Roaming\chromebrowser.exe
[2013.06.02 19:35:24 | 000,000,000 | RHSD | C] -- C:\Users\USER1\AppData\Roaming\aaFa3
[2013.06.02 19:35:15 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\noc
[2013.05.22 19:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.22 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2013.05.17 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.05.17 15:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.05.17 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.05.15 18:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.14 13:21:33 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.08 17:14:43 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\01003.128
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\USER1\AppData\Roaming\*.tmp files -> C:\Users\USER1\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.03 19:56:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.03 19:44:17 | 000,015,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 19:44:17 | 000,015,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 19:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe
[2013.06.03 19:42:55 | 000,000,000 | ---- | M] () -- C:\Users\USER1\defogger_reenable
[2013.06.03 19:35:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.03 19:34:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.03 19:34:19 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.03 19:30:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 19:19:18 | 000,050,477 | ---- | M] () -- C:\Users\USER1\Desktop\Defogger.exe
[2013.06.03 12:33:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.03 12:30:13 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\USER1\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.02 19:35:10 | 000,274,944 | ---- | M] () -- C:\Users\USER1\9yapgjot7acsk.exe
[2013.06.02 19:35:08 | 000,030,720 | ---- | M] () -- C:\Users\USER1\2wvb79qzp81y4.exe
[2013.05.25 10:54:03 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.25 00:19:30 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.17 15:05:02 | 000,000,971 | ---- | M] () -- C:\Users\USER1\Desktop\SpeedFan.lnk
[2013.05.17 15:05:01 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013.05.17 15:04:08 | 000,000,000 | ---- | M] () -- C:\Users\USER1\Desktop\initdebug.nfo
[2013.05.17 13:53:26 | 000,001,078 | ---- | M] () -- C:\Users\USER1\Desktop\EVEREST Home Edition.lnk
[2013.05.17 13:46:37 | 000,321,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 12:57:53 | 000,654,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 12:57:53 | 000,615,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 12:57:53 | 000,129,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 12:57:53 | 000,106,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.14 13:21:02 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.13 11:21:07 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll
[2013.05.13 11:21:01 | 000,237,664 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll
[2013.05.08 17:15:04 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll
[2013.05.05 12:47:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.05 12:47:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.05 12:47:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\USER1\AppData\Roaming\*.tmp files -> C:\Users\USER1\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.03 19:42:55 | 000,000,000 | ---- | C] () -- C:\Users\USER1\defogger_reenable
[2013.06.03 19:19:17 | 000,050,477 | ---- | C] () -- C:\Users\USER1\Desktop\Defogger.exe
[2013.06.03 12:33:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.02 19:35:10 | 000,274,944 | ---- | C] () -- C:\Users\USER1\9yapgjot7acsk.exe
[2013.06.02 19:35:08 | 000,030,720 | ---- | C] () -- C:\Users\USER1\2wvb79qzp81y4.exe
[2013.05.25 10:54:03 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.17 15:05:02 | 000,000,971 | ---- | C] () -- C:\Users\USER1\Desktop\SpeedFan.lnk
[2013.05.17 15:04:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013.05.17 15:04:08 | 000,000,000 | ---- | C] () -- C:\Users\USER1\Desktop\initdebug.nfo
[2013.05.13 11:21:07 | 000,007,544 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll
[2013.05.13 11:21:01 | 000,237,664 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll
[2013.05.08 17:15:04 | 000,007,544 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll
[2013.04.02 22:42:34 | 000,000,599 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\rost.dat
[2012.10.23 12:03:27 | 000,076,348 | ---- | C] () -- C:\ProgramData\abivsjtuhhunbod
[2012.05.20 10:18:59 | 000,233,507 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.11.06 22:18:16 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.08.18 14:58:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.08.16 21:18:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.08.16 21:18:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.08.16 21:18:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.08.16 21:18:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.08.16 21:18:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.08.16 21:18:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.08.16 21:18:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.08.16 21:18:56 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.08.16 21:18:56 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.08.16 21:18:56 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.08.16 21:18:56 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.08.16 21:18:56 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.08.16 21:18:56 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.08.16 21:18:56 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.08.16 21:18:56 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.08.16 21:18:56 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.08.16 21:18:56 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.08.16 21:18:56 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.08.16 21:18:56 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.08.16 21:16:11 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2011.08.16 18:43:09 | 000,442,368 | R--- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2011.08.16 18:42:18 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.exe
[2011.08.16 18:42:18 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll
[2011.08.16 18:42:12 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.08.16 18:42:12 | 000,000,501 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.01 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\.minecraft
[2013.05.08 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\01003.128
[2013.06.02 19:35:24 | 000,000,000 | RHSD | M] -- C:\Users\USER1\AppData\Roaming\aaFa3
[2012.10.07 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\BitTorrent
[2011.10.02 12:15:01 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Bytemobile
[2011.10.08 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\DVDVideoSoft
[2012.01.14 14:15:21 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.26 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\LolClient
[2013.06.03 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\noc
[2012.07.20 23:43:03 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Notepad++
[2011.10.27 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\OpenOffice.org
[2013.06.02 21:30:31 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\PDF Software
[2013.04.02 16:00:29 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Teeworlds
[2011.08.22 03:34:44 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\temp
[2012.01.15 19:23:45 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\toolplugin
[2013.03.16 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\TS3Client
[2012.02.15 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\ts3overlay
[2013.04.14 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\UsAgt
[2011.10.02 12:15:25 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Vodafone
[2011.10.02 15:25:59 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Vodafone Mobile Connect
[2013.05.13 11:21:52 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\xmldm
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
Extras.txt: Code:
OTL Extras logfile created on: 03.06.2013 19:45:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER1\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,89% Memory free
5,50 Gb Paging File | 4,39 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 54,40 Gb Free Space | 36,52% Space Free | Partition Type: NTFS
Computer Name: MT7-PC | User Name: USER1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0334813A-691E-4FD1-88FB-0915E59F1C1B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2251BF11-B487-4AB6-BD67-1E8D590F02CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{230314BA-F12C-4C35-8C25-2832B5BC5795}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2869462E-B2D5-4844-A3D9-4E9121BD0209}" = lport=10243 | protocol=6 | dir=in | app=system |
"{303612EB-1DDD-418E-BABE-7061F71B9DD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DDDB1D0-66F9-430D-8918-169D6816032A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D3DCF4C-BD2D-4F44-AEEF-CE15BAC9991E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{55142102-EEEC-48BF-B299-F2651585ADD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{613F29E3-2179-48F7-8A5E-40E7F9FF7461}" = rport=138 | protocol=17 | dir=out | app=system |
"{620B2A21-78FC-4437-B57D-F97A6C72D477}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{670BA082-D60E-43C8-A4C7-1CF3048B63F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EC3D7D4-1D25-41EF-A86D-220F8706AB89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74F55D33-3DC5-45C4-A840-88164C519976}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78A390C9-B7ED-4EF9-8509-BBEC7BF5D3DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{80869229-842E-4580-8355-87269DED9CDE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8ABCF3FA-1961-4B28-9870-94C56F9DA407}" = lport=57133 | protocol=6 | dir=in | name=pando media booster |
"{A047E5FE-C65D-44C3-A61C-B66FE1D51286}" = rport=137 | protocol=17 | dir=out | app=system |
"{A31032ED-EF8F-42EF-AB4C-7489F3412785}" = lport=57133 | protocol=6 | dir=in | name=pando media booster |
"{A56EFB03-22BE-4671-BCFA-78DC83B78C09}" = lport=57133 | protocol=17 | dir=in | name=pando media booster |
"{AFF69521-4E66-45D0-9D06-457592460513}" = rport=445 | protocol=6 | dir=out | app=system |
"{B178BAA3-FC17-4714-AEB3-B5EE336406C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC1CF1CC-E5E6-456F-9C20-39E96260DCE4}" = rport=139 | protocol=6 | dir=out | app=system |
"{CBAE5F35-0842-47E5-976A-6C13637A9F44}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7BF645F-B920-45B7-AAF6-02339215C67D}" = lport=57133 | protocol=17 | dir=in | name=pando media booster |
"{F41853B4-DBFE-4254-860E-73D930DFF731}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E89CAE-C0CB-4678-AEFE-F87DC2CD6F6B}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{018ACA99-A9D9-4C71-9AE5-CE5F8FF8ADF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11B4C47F-F265-4B68-9AE2-62B9D2530E72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{168EB602-6E7C-49A1-A168-A6A32A8DF61F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{24D18681-F41C-4E53-8520-9C9EC8CDC6E1}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"{278280D7-B328-4846-9C06-3D15B7D26192}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2783B91A-7030-4132-AA48-E8FCD820D4A5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{28377901-B9E8-472E-A75E-277507353DCD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{29F72E16-537B-495C-A73C-2A475C16FE11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2AE708C4-EFB3-436E-A009-D2B3395C66C1}" = protocol=6 | dir=out | app=system |
"{2E157471-4FD3-4CC9-87F4-43BC2653F57D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{2FEBF80B-DCD8-461D-9864-D9832A71DDE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32201CCA-EB59-4666-B732-ED34BAD2F633}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{325B95BD-7F33-41C8-90E3-3F8FB8134B5F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{327F4792-23CF-4045-956D-5BA2E858B118}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{38EFADAF-64CA-4006-9E86-FBBA01459028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EF40341-1112-4F21-A2C3-46B26F808E82}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{404AE62C-F9AF-4F74-BB8E-0CA5E113F021}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42730ECB-9428-4C32-8F3D-3B7DAF3C02AA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{47FEDBB5-A38F-418B-80E3-C61EF1E4C395}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{4942FF6B-4266-4EA3-912F-D99AEC5CE3AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{4A43E85E-97F8-4104-AB92-F17FB6FFEC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"{4C9F823B-304D-45A9-94B7-FC7381C74996}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4DA1166B-EBDB-471B-8A6D-71AD7A98E21F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{51A1FBC4-8F6D-4A1B-8B46-2E9D96477098}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{5782E9BA-4C41-40C5-AC9C-6B31646F3CA4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{5C364372-FC19-481D-B6D0-26B6C256C408}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DA906D1-3642-4C9B-8909-6552073885C9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5E4C1D35-747E-4F70-A693-0012903738DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{633ABA89-C018-4EBE-966C-FB45506749AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A15AD97-B535-4483-ABB1-B021FB7116C2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7038A9F3-CA4A-4B8C-ABF9-9A75C4344050}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{7136D1FD-07FB-41BC-B185-ABB250596D56}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{7B6E22F4-09E3-43A9-9CB0-D6EFEC7BF15A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7D26674F-44E8-47AF-B76A-0A646AA25C71}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7F202755-73B9-42E5-B8A4-0074D7B475E7}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"{7FC4EF48-19D1-4A85-ADBC-5FB8B8DCB8EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{801AA570-C94B-4D46-90E2-52D14B976097}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8712C6E0-26E4-45E8-BBC8-A84A013E8A28}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{87134543-DF80-4096-93D5-E074C6AB621F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8EEDE076-A70F-4C3A-990D-AF946CCC3B53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{92942E4A-41BF-4330-B5A9-4C7AE640ED2E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9A3187A0-EFFD-4952-8915-7483BCF4C20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A83D42EB-5709-4EF7-B2EF-220BBA80E4E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9DE0659-21AE-42C6-BD64-60BA2837F066}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{AB9981E1-1A9B-4A82-B130-F2FA2DD92617}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{ADF834AC-BEBD-49BC-B8B2-87E66AFE01E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B37F6966-DFA0-4960-A0BA-3FEE2A5CE0DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B4CAE5D8-D194-4E44-A8A4-1B6B1E572CE0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B5FC7F5A-0556-4737-91B3-55A5B99E58CD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{B93EDE24-5748-4497-B6C6-C64F3E66E2D8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{BCDBD746-CB43-4725-B98C-632667F22784}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C09AEC6A-06B6-4043-B854-AD59500812B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1170972-839D-4D38-8BD6-D8ABBB74856F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{C42A45B6-0854-4B1A-860E-2BBDEB115211}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"{C45B99B8-0333-42C4-A960-6E1BA550ED75}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C882BE0A-E819-4441-8359-83345FB5A270}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{CF65F4B2-17E5-4D46-A8D4-A1233B462009}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D10E5746-632B-4B56-8152-176D6A78330C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D48F6A72-A3F4-4641-B112-413B39F1AA56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{D9F20DB8-C30D-40A9-A5D4-0F275D825030}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DEF833F8-0A45-434D-9046-C4D0012BD0C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0F3B602-77FD-4309-984E-49698CEB7E50}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F2D7359C-FDD5-4762-AF01-1E62C5262C49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA94BE6A-1EAB-411B-A7BC-F57171E353EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{FB1C3229-3782-48DC-B27A-FDBED21F7ACD}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{FDFB311B-2B35-4E92-945E-4AE246A8DE92}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{03ED5597-4EC7-4163-99AA-22FAC850BCA2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{0BCBF953-8B22-4FF5-891E-EFA996F6B8AE}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"TCP Query User{1EF1117B-A16C-440E-8095-C29D5A798EF5}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"TCP Query User{2E15D928-FD38-446C-ABDE-888E8FA22246}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
"TCP Query User{36055596-1E56-45A0-859A-399832570ACA}C:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"TCP Query User{69C8768A-653C-410A-880C-BE4FCEAD0329}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{755DD6F2-F503-4171-BC15-D06A8E856787}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{85078C5E-EB0C-476A-AFC0-C35C3299B368}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"TCP Query User{93446E65-59C7-4A04-925D-CF09EDBBA47C}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"TCP Query User{A7577759-26A0-434F-B4B3-4ADA08E8AF8D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B1BE2A1A-4982-4AFD-B20E-213465A8B230}C:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe |
"TCP Query User{CE9C13A7-F71D-49AF-A24E-A11903265B7A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D1C8C986-E126-4B5D-BDB0-E10084AEC963}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{EC5D1478-C65B-42C2-838F-80D6F81E8667}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{F953989D-F0FA-44D7-9F03-4517DB472649}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
"UDP Query User{0BFCD941-1AFD-4AD2-BA14-A3DB81A174E7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2DF6D60C-7E65-48DE-8245-FCF7237765A2}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"UDP Query User{5422A819-8624-45BC-BCF3-D66FD2067ED6}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"UDP Query User{575F8106-744F-42AC-979F-ABE4210A5B2F}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"UDP Query User{6321C670-2D79-4CF6-AFEE-498EFFA53CD4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{6BDC34EA-3836-4AA8-8F6A-119815646533}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{8AE22133-F51C-4970-92F3-04236351929A}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{A7F95BE5-3647-4EBB-9627-ED880F176E7C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ADAA683C-6D7D-4505-A64B-6398893D0E9E}C:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe |
"UDP Query User{D2E35A77-AB37-4CBB-891E-ED112856F621}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
"UDP Query User{D3520711-9DE9-4CDD-B280-8C32530ECF31}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{DC3FC0EE-7655-4703-90AF-52890B381CFB}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"UDP Query User{DFE3E643-F86E-49A9-BE4A-57F4841FB260}C:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"UDP Query User{E2AA8BB1-9651-4ABD-B63C-9184AFC83A74}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{F0558651-CC19-49D6-AC0C-3E4AB2F742F1}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B2BEE05-FB82-49AB-A23B-32BB8FAC79FC}" = S4 League_EU
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1CBB6DE3-43F0-409D-8DD3-0171B498DE01}" = Soda 3D PDF Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFlix" = BFlix
"BitTorrent" = BitTorrent
"C-Media PCI Audio Driver" = Aureon 5.1 PCI
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Setup" = DivX-Setup
"Elsword_DE_is1" = Elsword_DE
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"incredibar" = Incredibar Toolbar on IE and Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"toolplugin" = toolplugin
"WinRAR archiver" = WinRAR 4.10 beta 5 (32-bit)
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JNLP" = JNLP
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2013 12:46:14 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 26.05.2013 19:29:04 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1d60 Startzeit: 01ce5a684da3d633 Endzeit: 466 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 27.05.2013 07:09:50 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.05.2013 07:10:47 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 01.06.2013 05:15:29 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.06.2013 05:16:22 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 01.06.2013 08:26:38 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.7.0.328 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 6f4 Startzeit: 01ce5ec2eb5ed309 Endzeit: 81 Anwendungspfad:
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.232\deploy\League
of Legends.exe Berichts-ID: 3cec4427-cab6-11e2-862c-0016173bcafe
Error - 03.06.2013 05:56:38 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 554 Startzeit: 01ce603f67a9f4bf Endzeit: 0 Anwendungspfad: C:\Program
Files\Internet Explorer\iexplore.exe Berichts-ID: d3b54431-cc33-11e2-8360-0016173bcafe
Error - 03.06.2013 06:36:29 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm mbam-setup-1.75.0.1300.tmp, Version 51.52.0.0 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 498 Startzeit: 01ce6045698a6225 Endzeit: 91 Anwendungspfad:
C:\Users\USER1\AppData\Local\Temp\is-CFK4M.tmp\mbam-setup-1.75.0.1300.tmp Berichts-ID:
Error - 03.06.2013 13:14:40 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\alaplaya\S4League\Aegis64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 03.06.2013 13:37:34 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description =
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description =
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description =
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
< End of report >
Zu Schritt drei von der Anleitung: Ich habe die GMER-Datei ausgeführt und alle Häkchen wie beschrieben weggemacht, jedoch blieb es bei der Datei/dem Pfad die man im ScreenShot sieht hängen. (Oder habe ich es doch Missverstanden und falsch angekreuzt?)
Oder kann es sein, dass es normal ist, dass der Scan an bestimmten Pfaden/Daten länger braucht als 3-10 Minuten?
Wie auch immer, ich würde mich freuen wenn ich hier etwas Hilfe bekommen könnte.
P.S.: Kein Fachchinesisch bitte, mein Wissen mit so etwas und auch damit, was ich hier reinkopieren sollte, ist gleich null.
/Edit: Nach dem Fix vom OTL.exe und nach dem Neustart sollte ich die Textdatei hier in den Thread kopieren: Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\noc deleted successfully.
C:\Users\USER1\AppData\Roaming\noc\dan.bat moved successfully.
C:\Users\USER1\AppData\Roaming\chromebrowser.exe moved successfully.
C:\Users\USER1\AppData\Roaming\aaFa3 folder moved successfully.
C:\Users\USER1\AppData\Roaming\01003.128\components folder moved successfully.
C:\Users\USER1\AppData\Roaming\01003.128 folder moved successfully.
C:\Users\USER1\9yapgjot7acsk.exe moved successfully.
C:\Users\USER1\2wvb79qzp81y4.exe moved successfully.
C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll moved successfully.
C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll moved successfully.
========== FILES ==========
C:\Users\USER1\AppData\Roaming\noc folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: USER1
->Temp folder emptied: 2934734262 bytes
->Temporary Internet Files folder emptied: 49844819 bytes
->Java cache emptied: 146442 bytes
->FireFox cache emptied: 130327740 bytes
->Google Chrome cache emptied: 448919671 bytes
->Flash cache emptied: 810 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 683769940 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4.051,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_231458
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot... |