Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Atraps.Gen festgestellt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.04.2012, 20:51   #1
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



Guten Tag

seit Kurzem habe ich den Trojaner TR/Atraps.Gen durch das Programm Avira festgestellt und komme erst jetzt dazu gegen ihn etwas zu unternehmen (PC wird auch von anderen benutzt)

Der Trojaner hat einige Tage nichts getan, aber jetzt funktioniert der PC nicht mehr richtig (ich schreibe gerade über Laptop).

-Windows braucht länger zum Starten.
-Internet funktioniert gar nicht mehr auf dem PC.
-Anti-Viren-Programme werden geblockt.

System: Vista 32-bit
Jetzt wollte ich eine Hilfsanfrage starten und habe wie gefordert zuerst die drei Schritte (defogger, dds, Gmer) gemacht. Leider funktionerte nur ersteres. dds startet erst gar nicht und GMER stürzt mitten im Scan ab.

Daher im Anhang nur der Bericht von defogger. Ansonsten noch ein Bericht über einen kompletten Scan von Avira sowie ein kompletter Scan von Malwarebytes.

Keine Ahnung warum im Avira Bericht der Trojaner nicht drin steht wo er doch 3 Dateien infiziert hatte.

C:\Windows\System32\aptwx5day.dll
C:\Windows\System32\d3dytd1vd.dll
C:\Windows\System32\xptn0r8k.dll

hatte er befallen.

Hoffe ich habe alles soweit.
Vielen Dank für eine schnelle Antwort

MfG

Alt 30.04.2012, 14:57   #2
markusg
/// Malware-holic
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 30.04.2012, 18:24   #3
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



Erstmal vielen Dank, dass du dich hier meldest

Hier OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.04.2012 19:04:10 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,63% Memory free
10,72 Gb Paging File | 9,59 Gb Available in Paging File | 89,51% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 37,09 Gb Free Space | 12,64% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 109,62 Gb Free Space | 37,40% Space Free | Partition Type: NTFS
Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 3,71 Gb Total Space | 3,55 Gb Free Space | 95,65% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.30 18:56:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.20 10:33:24 | 000,497,152 | ---- | M] (LOL Replay) -- C:\Programme\LOLReplay\LOLRecorder.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.04.11 00:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.12.18 11:13:54 | 000,132,560 | ---- | M] (United Internet AG) -- C:\Programme\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe
PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.20 10:33:22 | 000,265,728 | ---- | M] () -- C:\Programme\LOLReplay\LOLUtils.dll
MOD - [2012.03.05 14:45:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2012.01.31 12:37:24 | 012,907,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\03c1786328450d3eb3129a6ee9c161d0\System.Windows.Forms.ni.dll
MOD - [2012.01.31 12:37:17 | 001,653,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6abcaa7df5e346b0912197bcf7fcab15\System.Drawing.ni.dll
MOD - [2012.01.31 12:37:10 | 005,764,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1d2279b148a6fb152f2a45b7d31fff2d\System.Xml.ni.dll
MOD - [2012.01.31 12:37:06 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0360226da2794a6b15a262f3e48709ef\System.Configuration.ni.dll
MOD - [2012.01.31 12:37:04 | 008,367,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9b3afa5f4ba74c561f0fa1bfceba7e0\System.ni.dll
MOD - [2012.01.31 12:35:58 | 015,424,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3cdbdfe526ccd9eef32943313ea0231d\PresentationFramework.ni.dll
MOD - [2012.01.31 12:35:44 | 013,094,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4861ab3c08650851bc270cebd6745e99\PresentationCore.ni.dll
MOD - [2012.01.31 12:35:32 | 003,568,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a17ee74a7d2abf0a25e989efe881f3c\WindowsBase.ni.dll
MOD - [2012.01.31 12:32:16 | 002,517,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\5f3a699a62a098beef04f48514c47a58\System.Core.ni.dll
MOD - [2012.01.29 14:10:59 | 000,406,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cd5c2f950025f574dde718eb20af161\PresentationFramework.Aero.ni.dll
MOD - [2009.08.21 16:47:12 | 004,361,056 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009.03.29 22:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 22:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.20 17:08:32 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.12 19:08:16 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Stopped] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.08.21 16:47:14 | 030,510,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.08.21 16:39:22 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.21 16:36:08 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- d:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.12.18 11:13:54 | 000,132,560 | ---- | M] (United Internet AG) [Auto | Running] -- C:\Programme\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe -- (SmartSurferManager)
SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2005.09.23 17:45:46 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.10.13 08:00:27 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV85.sys -- (SSHDRV85)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.31 13:15:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.31 13:15:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.01.15 19:36:52 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.12.25 13:02:13 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PzWDM.sys -- (PzWDM)
DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.02.12 04:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.05.07 03:00:00 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV - [2007.05.07 03:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2005.09.23 17:38:44 | 000,316,928 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ)
DRV - [2004.05.24 14:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2003.01.14 11:41:10 | 000,273,664 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\AGFUCAPI.sys -- (agfucapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19764&mntrId=2cec11f30000000000000007776409320932
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.09 10:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.15 18:39:29 | 000,000,000 | ---D | M]
 
[2011.03.06 11:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.04.27 19:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions
[2012.03.03 11:19:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.27 17:16:56 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.04.03 19:35:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\engine@conduit.com
[2011.09.30 15:05:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\ffxtlbr@babylon.com
[2011.11.15 18:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8NS316PJ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8NS316PJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.09 10:26:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.06 13:14:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.09 10:26:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.24 17:54:18 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.04.09 10:26:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.09 10:26:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.09 10:26:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.09 10:26:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.09 10:26:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3059536D-C6FF-4A7F-BBB5-ED3FF977FDCB}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.06 17:31:24 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2012.01.06 17:55:32 | 000,806,912 | R--- | M] (Ion Storm) - E:\Autorun.exe -- [ CDFS ]
O33 - MountPoints2\{4e8aca29-e32b-11dd-9a8c-0021853ffcbf}\Shell - "" = AutoRun
O33 - MountPoints2\{4e8aca29-e32b-11dd-9a8c-0021853ffcbf}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{73852072-12c9-11e1-adbc-9c3512d860d1}\Shell - "" = AutoRun
O33 - MountPoints2\{73852072-12c9-11e1-adbc-9c3512d860d1}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{880e8c92-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun
O33 - MountPoints2\{880e8c92-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = J:\PopCDRun.exe
O33 - MountPoints2\{880e8c95-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun
O33 - MountPoints2\{880e8c95-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{880e8c97-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun
O33 - MountPoints2\{880e8c97-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{b176a6b2-8a2c-11dd-ac62-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b176a6b2-8a2c-11dd-ac62-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.01.06 17:55:32 | 000,806,912 | R--- | M] (Ion Storm)
O33 - MountPoints2\{ce9aac69-fba5-11de-9c88-0021853ffcbf}\Shell\AutoRun\command - "" = avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.30 19:03:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.27 17:54:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.27 17:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.27 17:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.27 17:53:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.27 17:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.27 17:53:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.60.0.1800.exe
[2012.04.20 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Thief - Deadly Shadows
[2012.04.20 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Thief - Deadly Shadows
[2012.04.20 19:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Thief - Deadly Shadows
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.30 19:07:13 | 000,690,600 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.30 19:07:13 | 000,647,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.30 19:07:13 | 000,152,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.30 19:07:13 | 000,125,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.30 18:58:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.30 18:58:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.30 18:58:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.30 18:56:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.28 21:42:09 | 000,428,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.28 20:09:14 | 000,002,855 | ---- | M] () -- C:\Users\***\Desktop\dds.PIF
[2012.04.28 19:59:19 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.28 17:05:08 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.04.27 17:55:04 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.27 17:53:23 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.60.0.1800.exe
[2012.04.20 16:52:15 | 000,001,782 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.04.20 16:52:15 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.04.17 19:58:48 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.04.17 19:58:39 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.04.17 19:58:25 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.28 21:41:57 | 000,428,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.28 20:09:14 | 000,002,855 | ---- | C] () -- C:\Users\***\Desktop\dds.PIF
[2012.04.28 19:59:02 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.04.27 17:53:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.31 22:40:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.31 22:39:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011.04.21 18:45:32 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.04.21 18:45:32 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.04.21 18:45:32 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.04.21 18:18:10 | 000,070,308 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.04.14 11:30:01 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.02.17 18:50:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll
[2010.11.20 19:49:45 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.10.30 20:18:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE
[2010.10.13 08:00:27 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys
[2010.06.20 18:01:57 | 000,000,674 | ---- | C] () -- C:\Windows\eReg.dat
 
========== LOP Check ==========
 
[2010.04.22 16:04:41 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.08.12 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.09.24 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2011.06.18 09:06:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.08.29 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.10.17 11:14:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2010.10.18 17:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.06.19 10:10:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools
[2012.01.13 13:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.06.19 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2009.04.23 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FFSJ
[2011.04.09 13:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios
[2011.09.24 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2012.01.13 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2008.12.25 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.06.08 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.11.27 18:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.11.11 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2011.12.04 15:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT
[2010.05.07 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2010.09.07 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation
[2012.01.13 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartSurfer
[2011.04.10 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2011.04.08 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2011.04.06 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.01.13 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2011.05.30 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2008.12.30 14:42:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEBDE
[2012.04.28 17:05:08 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.04.28 17:08:52 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%. >
 
< %PROGRAMFILES%.exe >
 
< %LOCALAPPDATA%.exe >
 
< %systemroot%. mp s >
 
< md5start >
 
< userinit.exe >
 
< eventlog.dll >
 
< scecli.dll >
 
< netlogon.dll >
 
< cngaudit.dll >
 
< ws2ifsl.sys >
 
< sceclt.dll >
 
< ntelogon.dll >
 
< winlogon.exe >
 
< logevent.dll >
 
< user32.DLL >
 
< explorer.exe >
 
< iaStor.sys >
 
< nvstor.sys >
 
< atapi.sys >
 
< IdeChnDr.sys >
 
< viasraid.sys >
 
< AGP440.sys >
 
< vaxscsi.sys >
 
< nvatabus.sys >
 
< viamraid.sys >
 
< nvata.sys >
 
< nvgts.sys >
 
< iastorv.sys >
 
< ViPrt.sys >
 
< eNetHook.dll >
 
< ahcix86.sys >
 
< KR10N.sys >
 
< nvstor32.sys >
 
< ahcix86s.sys >
 
< md5stop >
 
< %systemroot%system32drivers.sys lockedfiles >
 
< %systemroot%System32config.sav >
 
< %systemroot%system32.dll lockedfiles >
 
< %USERPROFILE%. >
 
< %USERPROFILE%Local SettingsTemp.exe >
 
< %USERPROFILE%Local SettingsTemp.dll >
 
< %USERPROFILE%Application Data.exe >
 
< HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystemsWindows rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 56044 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
--- --- ---

Und hier Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.04.2012 19:04:10 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,63% Memory free
10,72 Gb Paging File | 9,59 Gb Available in Paging File | 89,51% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 37,09 Gb Free Space | 12,64% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 109,62 Gb Free Space | 37,40% Space Free | Partition Type: NTFS
Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 3,71 Gb Total Space | 3,55 Gb Free Space | 95,65% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Program Files\Combat Arms EU\CombatArms.exe" = D:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"D:\Program Files\Combat Arms EU\Engine.exe" = D:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0395D966-5124-478E-BB1A-8B4013589898}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{0B074541-DCE1-4E13-A596-68BEED113198}" = lport=445 | protocol=6 | dir=in | app=system | 
"{10F249D5-4925-42C8-80D6-3CF020C64A26}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1B4B318C-5D00-4B7C-B555-5AD364E35294}" = lport=138 | protocol=17 | dir=in | app=system | 
"{253E8AC0-9FE5-41DA-AB24-217766B9A325}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{4D1D05ED-B8D4-46B4-A374-AF5EFA0F132D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5B392386-BE32-4967-9959-93E3011523ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5E8CFE6B-AC05-4145-A698-38C3CD790973}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{742E9F08-44F0-4629-9A0F-A77D6FEDD002}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7809D06C-8CE5-4D82-979B-A094B276F251}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8832AD9B-0AB8-435D-81D8-3960A46C167F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8BEBDF46-68CA-4FF4-9CDC-881FC3E70293}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A6E254F5-51E1-4ABF-982E-68C7F9662FA2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{AD8B79A8-420B-48F1-9D32-0781539D8C9F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B4043FFD-6C9B-4150-9810-E0BA7C5443C7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FE759ACE-AE52-42DB-BEAD-6D18B099C819}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039C1103-3FC4-4AD5-896B-1219957CD743}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{08E48ED4-342A-45C8-BC40-EAE14BA7B2ED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{0B277B2C-D8AC-48CA-8679-7E5D77C52124}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{0D69C4EF-4967-4C70-A4BA-3DB7665E6ADD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{0FEF0ED0-299A-4D82-A366-C1E60F52F52F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{1103BF39-4F8C-485D-B751-F72419842DAD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{11AC2C7A-3E65-4336-9A71-DD3CE55CE40E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1253CDD9-4F31-4E22-BEB9-92EAD6A26237}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{131D4B7F-5AB1-4D73-8755-ADA03C1BAADD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{15B13F34-82D0-4BAD-8CA3-1051C3D21046}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{1997CB96-7552-494E-BAA8-467343A8C1E9}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe | 
"{19C85426-B25C-4597-9CC4-9F3D53524B1D}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{1B50BEE7-6785-4CB6-92CE-8038E30918A0}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{1D463E1B-9315-4D0A-A66F-C845DC330165}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2A730283-FE19-4920-944E-460DC4831394}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{2EF8AE37-3F12-4733-ACE7-7ADDF31B0815}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe | 
"{3832F267-0C1A-42F7-83A7-F828F250BF5B}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{3B24459D-2515-4813-8297-46673257B304}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{3B468A51-7935-4C53-AAA4-EA22421CA4BC}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{3DFFA4A8-816F-4402-A5F9-7851407B1FD1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3FDBA2EF-A5A1-493E-9145-42CD5C964550}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{40BD987E-FE24-4487-96D8-04AF788401F8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{43BC04D6-FD7A-48BD-921F-8B9100060A01}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{45D91E8A-1E30-4360-A413-1E3ACAD9D493}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe | 
"{47570617-57E5-48BE-9234-DA55A32B318C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{51CEB41A-2E02-43C5-B7F8-E9AE03D67C93}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | 
"{541EFD1F-1790-495B-8AD0-FFBD29A4E14A}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{550F0D9C-2759-4034-B1C3-01B51E52FC4A}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe | 
"{595C85C0-B813-4C14-A99D-1AD49240EA1D}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{59C549CD-F2FA-495F-B7BE-B49821FBB645}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe | 
"{5B8C4E44-0F97-4F04-A232-0A465A807757}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{5F4F4A9E-5999-400C-858C-E9A722D22980}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\blackprophecy.exe | 
"{5F78F51E-243A-4197-90F6-3D17CDC36086}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{62131C02-BEE1-46DC-BA2C-4B0691537111}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{678054F7-B923-4565-945D-BFECFA7AAD1A}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\launcher.exe | 
"{6A0918DD-2C36-466D-B99F-C59C6816E7B4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7215D894-967B-4F77-A690-302DCD0D5E35}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{72C1AC9B-2689-4A51-926D-FAC9F6055B1C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{73B7353A-B379-4A54-AF13-FECEA99D5C96}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{7624909E-7878-44ED-9203-F1C94E410B91}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\launcher.exe | 
"{76B9D823-7611-40A7-9A8B-F72E5E5305BF}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe | 
"{778F3C38-07A5-467C-B8CE-E47B284D329C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{782E9C2C-1C57-4E41-924F-BB981004259E}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{79E1F77C-80EA-4D7C-9E67-33AFB1C6290A}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe | 
"{7AA113C5-3152-47BA-BC28-41F4A16098B3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe | 
"{7F388A50-DEE1-4D6C-897A-0C62CD1097E4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | 
"{84245EDF-A8E6-47C1-AB7B-BDBA4787D5F3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{845F6259-2F67-4530-9F6C-F023D8EB7738}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\patcher.exe | 
"{84A116CE-8287-4ECA-9E9F-5F826164DB8F}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{8BFBD4C6-3B61-4522-9A8C-6F22E5B5953C}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{8C8CDF9D-029F-4AEE-8E95-0E035F88C0CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8E2D8158-45EE-49BC-BC9A-8182D43B67AE}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{95561682-1890-4704-A8B9-F77323AD4182}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | 
"{98833D45-2301-4C74-92C1-9EBB8C5ED320}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\patcher.exe | 
"{989B4984-63C8-4D00-B907-279B216C1DC4}" = protocol=6 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{99F92906-07D2-4DB2-A25F-505A0A24412D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9BD1C6DF-F6DA-41FB-BE31-D0D6755E994A}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{9E07DAD7-1696-4603-A3AD-80B17E6A793D}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{9FEFF40F-2749-4BA5-BDB9-79C053D953D6}" = protocol=17 | dir=in | app=d:\program files\combat arms eu\nmservice.exe | 
"{A12A4BF5-1F09-42A9-B2EA-CCE3B13C1F72}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{A37A02E1-E77A-4D76-BE10-C28206868CA8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A44EB374-80E8-4870-B089-840883709F32}" = protocol=6 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{ABAE2BA1-34DE-49CE-9BE6-8F340DCEB44D}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{AD6BBDD6-E5F0-40E0-AFF9-F95A78513F51}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{B3AC6BCD-064E-40D2-B58D-5664911D3ACE}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{B8D8B61B-C60E-4414-B1D1-B999AFC9938A}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{B921883F-F2B0-4737-A7C0-448097BAA241}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{BB1B4D66-0268-43DA-ACC4-E9A296A90BC1}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{BC2C7675-A3C9-4404-B507-BC12B442ED1E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{BF8D7381-1CAC-4536-ABF9-BBE643D5445C}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{C06F3282-ADAD-44EB-9CF0-09D22259CB68}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe | 
"{C0C6188A-9971-4C9D-B87B-8721CB2C5C73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{C4F9D52A-509C-4B91-B73E-098F9B14CE50}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{C50969D3-EFC4-41A4-970E-3D413C3E757B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C7236144-A2B3-4047-A2BF-3754EA89DA77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C8193F27-1869-4179-A128-73F41FD6B798}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{CC9CFEB2-EC4D-41BA-A7E0-A116226A8247}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{D095E801-56C6-4D0B-9313-73952CA1A3F5}" = protocol=17 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{D4BFACC7-FC45-4912-A5A2-B680BB76ABB3}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe | 
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{DDE41A50-73A3-4609-9220-D46869DB953E}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{DF693DEC-C2D3-4B98-B119-C1D715DF5CBB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{E35E42A5-AA14-4A89-9FCD-533FB37AF8DC}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe | 
"{E3F4D504-2189-49BA-B5E6-87D292B49AE0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{E46C46D3-12F1-4EA2-9A38-889B27F4A025}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{E5A54859-9308-45D7-AD37-575F2A1A37CB}" = protocol=6 | dir=in | app=d:\program files\combat arms eu\nmservice.exe | 
"{E9D1C5E7-BD9D-4F38-83BA-518A07D81B9D}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\blackprophecy.exe | 
"{F02DC6E8-4781-4672-B9D0-105D98D8B775}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{F2A0DCA4-DD2A-40A2-AD26-9937CFD318F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{F5FE6640-9394-4816-B83C-4B6437EFE7E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{F610FEF9-52B1-46A8-B803-5247BBDAE6A0}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{F86EDB41-43F4-4A78-B7BC-3563BF63EC75}" = protocol=17 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{F9CCC119-6AD7-46BA-8C2E-C64A8A25846D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{FBFDED03-C66D-421D-947B-6AE0877045EE}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{FC2AB6EB-CC82-45BA-B5D4-27A1F3A7E087}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{029A61C0-ACAC-4212-8EC7-4F478732E2E1}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"TCP Query User{043BD321-CE6C-4640-910C-DB86B853F2F6}C:\program files\frozen synapse\frozensynapse.exe" = protocol=6 | dir=in | app=c:\program files\frozen synapse\frozensynapse.exe | 
"TCP Query User{0465769C-4FAB-49FE-90A4-352DB536A932}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"TCP Query User{452ECE8F-ABEC-43B0-8835-63212324EF3B}C:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe | 
"TCP Query User{5B25FB28-0650-4EBA-AB8B-C246EF8F9823}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{8170F916-555C-49EC-8D72-3CCEE083855B}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{83360715-7875-4E12-8793-889BA8CF0625}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{8E497A54-DCE9-4DA6-A8D2-11AC938F0FF3}C:\program files\defcon\defcon (2).exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon (2).exe | 
"TCP Query User{8F274C24-81E0-40B1-AF16-FEA02AF085D9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{8FF86361-C44C-4894-BAC1-DB56FDAD0217}D:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=d:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{90EF570A-9779-4689-8DB1-5936C09A852D}D:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=6 | dir=in | app=d:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe | 
"TCP Query User{941725AC-8AEB-4DAB-B229-BA54DCA20C0E}D:\programme\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=d:\programme\thq\company of heroes\reliccoh.exe | 
"TCP Query User{989714AC-C7AD-4911-97C4-4DA41857C7D2}C:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{A7BF466F-2F30-4491-8E95-A91873A89050}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{A9CEEB4A-5DB2-4C79-BB2D-106488A5343B}D:\program files\combat arms eu\engine.exe" = protocol=6 | dir=in | app=d:\program files\combat arms eu\engine.exe | 
"TCP Query User{AF6C71AA-8274-4619-B604-FAA0ABF2E414}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | 
"TCP Query User{B1D7CAFA-635D-4750-9743-08F8FFBC00B7}C:\program files\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon.exe | 
"TCP Query User{B8785842-9A50-41E7-AE7B-9911EBAC0EBB}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{BCEB1D43-6598-4C28-9886-CFAA21210F93}D:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe | 
"TCP Query User{BEF1A818-E3C7-4BDC-AC4C-629DE0E607B7}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{D1621A1C-5231-47B2-A48D-ED4EC4680496}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{E1576CF9-6384-47BD-9C92-57571CDB2E0D}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe | 
"TCP Query User{E38BF9B6-E7F5-4E00-91B9-D0348227FEBF}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{E45E443E-7D8E-4C28-A005-3B26735B7E8B}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{E5B8197E-BA10-4000-92E7-1F0491F0239A}C:\users\***\desktop\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\world of warcraft\repair.exe | 
"TCP Query User{EA7F38C1-3CB8-41FD-A183-D6EF9B1F5815}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{01A068DB-7E74-4F1D-892E-0D5B3A79949E}D:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=17 | dir=in | app=d:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe | 
"UDP Query User{1B90522C-A771-4D5C-B119-EF405CE17E33}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{1CB2256E-4A91-496F-8FE3-FF3B30AF1010}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{340801C1-0314-495C-8610-D9D14F626040}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{4911193B-D101-4BB3-A7E9-2908890099EF}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{56C708EC-F91D-4A65-A693-57E7E80E31F1}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{70BBFE8B-9737-44B3-9826-A7F70B238F69}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{7528C4CE-B7C1-4C5C-9E6D-4C437024689B}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"UDP Query User{84B52E3C-3667-48A2-BC89-DC7988DF5AF2}C:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe | 
"UDP Query User{895FC838-40BC-4F07-9680-D0A081C563B1}D:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=d:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{89A6AC7A-6D5B-4B8A-B306-6615B121F8B3}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe | 
"UDP Query User{8BE9652E-9D57-4C29-9F60-303D1537D6B4}C:\program files\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon.exe | 
"UDP Query User{94DE0A5A-A223-4F58-BB7A-7B71FE5F9A4C}C:\users\***\desktop\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\world of warcraft\repair.exe | 
"UDP Query User{98276506-1E2D-4E76-8185-F10966BA3556}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{9FDA8560-9621-45B5-8D91-6C4A2C18FDD4}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{AC2320E8-85BF-4055-9C71-D72031036690}C:\program files\frozen synapse\frozensynapse.exe" = protocol=17 | dir=in | app=c:\program files\frozen synapse\frozensynapse.exe | 
"UDP Query User{ADFF1377-669B-4252-9A2F-C3B55C4508E1}C:\program files\defcon\defcon (2).exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon (2).exe | 
"UDP Query User{B8877521-C136-4092-9766-E9ABA6DD725E}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{BCFD42F1-F777-4B89-B130-36EB50F2786E}D:\program files\combat arms eu\engine.exe" = protocol=17 | dir=in | app=d:\program files\combat arms eu\engine.exe | 
"UDP Query User{CDDA0730-3594-4EDA-AAEF-75D583076612}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe | 
"UDP Query User{D03B47B5-D1D7-4317-A706-ED9EB43891AD}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{D0AF568D-2AD3-47F1-B054-53AC294F468B}D:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe | 
"UDP Query User{E013F960-8DC9-4F40-8663-B241E8E94D9A}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | 
"UDP Query User{E7FAEFC8-D3E2-4FC0-A54F-AAAAF3F275AE}C:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{F74E6033-3798-4196-85D3-088C62B2F51C}D:\programme\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=d:\programme\thq\company of heroes\reliccoh.exe | 
"UDP Query User{FFD36144-5F41-41F3-8965-9E57EE4BC523}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06029DFB-9E17-410D-A1FE-7EB5F1A1E3FD}" = HOT ALBUM MYBOX
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0D5FAD7E-C1A2-4753-8A28-346A5CD42813}" = Defense Grid: The Awakening
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{11CA6E01-3992-4115-AB6E-D325552C166D}" = WEB.DE SmartSurfer AutoUpdate 5.2
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20140000-000F-0000-0000-0000000FF1CE}" = Microsoft Office Mondo 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0102-0409-0000-0000000FF1CE}" = Microsoft Office MondoOnly MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Herz des Winters
"{47957648-B46A-4211-85E1-01A15B6A1B45}" = Ace of Spades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E2FAB2F-9004-40D6-8BF8-DB2F2DA16DEC}" = Crashday Patch#2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7AF32AB1-CB97-11D4-9607-0050BA84F5F7}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaos
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday
"{9FB2CE8C-E86C-4368-B3C9-F472898F926E}" = Desert Storm
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3620221-A9E3-43AD-BDB9-985C88E85AC1}" = Silent Storm
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B785CA1C-3EA0-4EFC-91BC-330EC34555BA}" = GhostMaster
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D99DFFE0-EBB5-4A3E-8430-7995353E6870}" = Stranded 2
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E074FB23-D61B-4C6A-AD15-AB9695ED2EF7}" = Red Faction® II
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Black Prophecy_is1" = Black Prophecy
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Clonk Planet" = Clonk Planet
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"Cossacks : Back To War" = Cossacks - Back To War
"Counter-Strike Source 1.9.1" = Counter-Strike Source 1.9.1
"Cultures - Die Entdeckung Vinlands" = Cultures - Die Entdeckung Vinlands
"Defcon_is1" = Defcon v1.6
"Diablo II" = Diablo II
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"EVE" = EVE Online (remove only)
"Fallout 2" = Fallout 2
"Fallout New Vegas_is1" = Fallout New Vegas
"Fraps" = Fraps (remove only)
"FRITZ! 2.0" = AVM FRITZ!
"Glary Utilities_is1" = Glary Utilities 2.41.0.1358
"Greed Corp_is1" = Greed Corp
"Icewind Dale" = Icewind Dale
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark X1100 Series" = Lexmark X1100 Series
"Little Fighter 2" = Little Fighter 2 version 2.0a
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.MONDO" = Microsoft Office Mondo 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PokerStars.net" = PokerStars.net
"Prototype_is1" = Prototype
"PunkBusterSvc" = PunkBuster Services
"Rekkaturvat" = Truck Dismount (remove only)
"RollerCoaster Tycoon Setup" = Roll
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"S4Uninst" = Die Siedler IV
"Sid Meier's Colonization" = Sid Meier's Colonization 1.0
"Soldat patch 1.4.2-1.5.0_is1" = Soldat 1.5.0
"Soldat_is1" = Soldat 1.4.2
"ST6UNST #1" = Defcon-5 WEP KeyGen
"ST6UNST #2" = Defcon-5 WEP KeyGen (C:\Program Files\WEP KeyGen\)
"ST6UNST #3" = Defcon-5 WEP KeyGen (C:\Program Files\WEP KeyGen\) #3
"StarCraft" = StarCraft
"Steam App 550" = Left 4 Dead 2
"The KMPlayer" = The KMPlayer (remove only)
"ThiefDeinstallKey" = Dark Project: Der Meisterdieb
"Thunder Brigade" = Thunder Brigade
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Vindictus EU" = Vindictus EU
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WEB.DE SmartSurfer" = WEB.DE SmartSurfer
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{8D722BFA-5764-4A36-85D1-839F991CF641}" = Space Siege Demo
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah 
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"StarOffice 7" = StarOffice 7
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         
--- --- ---


Mein Name wurde übrigens durch *** ersetzt.
__________________

Alt 01.05.2012, 15:17   #4
markusg
/// Malware-holic
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
SRV - [2011.11.12 19:08:16 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Stopped] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
führe jetzt lsp fix aus:
LSPfix - Freeware - DE - Download.CHIP.eu
teste ob alle browser funktionieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.05.2012, 18:17   #5
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



Leider kam die Antwort ein wenig spät, sodass ich jenes erst am Sonntag ausführen kann.

Melde mich dann aber sofort


Alt 01.05.2012, 18:20   #6
markusg
/// Malware-holic
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



heut ist feiertag, das ist dir hoffendlich schon klar :-) da können antworten schon mal dauern.
__________________
--> TR/Atraps.Gen festgestellt

Alt 06.05.2012, 11:22   #7
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



wie könnte ich nur meinen Helfer anprangern, also ich bitte dich^^
sollte natürlich kein Vorwurf sein.

Hier der OTL-Bericht:

All processes killed
========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
C:\Windows\System32\UpdSvc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ***
->Flash cache emptied: 3130812 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 41404 bytes
->Temporary Internet Files folder emptied: 1098260 bytes
->Java cache emptied: 1623987 bytes
->FireFox cache emptied: 49759010 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 1598848 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52,00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 05062012_120724

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Und Lsp-Fix hat keine Probleme gefunden, aber dennoch gehen die Browser nicht (Firefox, IE), aber das liegt auch daran, dass allgemein der Rechner sich nicht mit dem Internet verbinden kann.

Alt 06.05.2012, 16:08   #8
markusg
/// Malware-holic
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



start ausführen, tippe:
cmd.exe
strg+shift+enter
nachfrage von uac bestätigen
netsh winsock reset
eingeben
enter
wenn keine fehlermeldung aufkommt:
exit
enter
neustart, internet testen.
ansonsten bescheid geben welche meldung auftritt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2012, 08:37   #9
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



wenn ich netsh winsock reset eingebe, bräuchte ich erhöhte Rechte.

Aber bevor ich das ausprobiert hatte, ging das Internet wieder ganz normal. Gestern nach Lsp-Fix ging es noch nicht.

Alt 07.05.2012, 15:38   #10
markusg
/// Malware-holic
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



deswegen solltest du die eingabeaufforderung genauso starten, wie ichs gesagt hatte.
geht das internet für alle instalierten browser? internet explorer auch?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2012, 15:58   #11
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



achso ich soll nach im Ausführen-Fenster Strg+Shift+Enter benutzen

diese Nachfrage von uac kam aber nicht. Und ja alle Browser funktionieren.

Jetzt kommt aber ein weiteres Problem dazu.
Ein neuer Trojaner namens TR/Crypt.ZPack.Gen2 wurde direkt nach dem Start gefunden.

Dabei hatte ich den PC nur dann an, wenn ich deinen Anweisungen gefolgt bin.

Alt 07.05.2012, 16:47   #12
markusg
/// Malware-holic
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



und woher soll ich wissen wo er gefunden wurde wenn edu es nicht schreibst?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2012, 17:05   #13
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



achja sorry da war was.

Der Trojaner ist in der wie schon zuvor befallenen Datei

Windows/System32/xptn0r8k.tsp

Alt 07.05.2012, 20:12   #14
markusg
/// Malware-holic
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2012, 08:47   #15
Duskdragon
 
TR/Atraps.Gen festgestellt - Standard

TR/Atraps.Gen festgestellt



So hier die Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-08.01 - *** 08.05.2012   9:31.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1936 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\.#
c:\users\***\AppData\Roaming\FFSJ
c:\users\***\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\IsUn0407.exe
c:\windows\system32\Msvcrt.1
c:\windows\unin0407.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-08 bis 2012-05-08  ))))))))))))))))))))))))))))))
.
.
2012-05-06 10:07 . 2012-05-06 10:07	--------	d-----w-	C:\_OTL
2012-04-27 15:54 . 2012-04-27 15:54	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-04-27 15:53 . 2012-04-27 15:53	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-27 15:53 . 2012-04-27 15:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-27 15:53 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-20 17:39 . 2012-04-20 17:43	--------	d-----w-	c:\program files\Thief - Deadly Shadows
2012-04-11 08:45 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAA02FE7-316E-4557-B32B-AE944BEB9E9F}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 17:58 . 2009-01-17 10:56	140800	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-04-17 17:58 . 2011-04-14 11:31	283304	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-04-17 17:58 . 2009-01-17 10:55	283304	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-04-17 17:58 . 2009-01-17 10:55	280904	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-02-23 08:18 . 2011-03-06 09:43	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-14 17:55 . 2011-03-09 08:57	235	----a-w-	c:\windows\system32\nxEuUninstall.bat
2012-02-14 17:55 . 2011-03-09 08:57	446464	----a-w-	c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-02-14 10:27 . 2009-01-17 10:54	76888	----a-w-	c:\windows\system32\PnkBstrA.exe
2012-02-14 10:24 . 2009-01-17 10:55	138056	----a-w-	c:\users\***\AppData\Roaming\PnkBstrK.sys
2012-04-09 08:26 . 2011-04-03 07:30	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\uTorrentBar_DE\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"= "c:\program files\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38	121392	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2012-4-20 497152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2008-01-09 17:43	326176	----a-w-	c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10	1983816	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40	767312	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 22:38	526896	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2012-02-14 17:53	438272	----a-w-	c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-01-25 17:49	204908	----a-w-	c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48	57344	----a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Skytel"=Skytel.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-08 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-01-13 08:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3059536D-C6FF-4A7F-BBB5-ED3FF977FDCB}: NameServer = 192.168.120.252,192.168.120.253
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8ns316pj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-AIRSTRIKE3D - c:\program files\Blimb Entertainment\AIRSTRIKE3D\uninstall.exe
AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-ThiefDeinstallKey - c:\windows\IsUn0407.exe
AddRemove-Thunder Brigade - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-08 09:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3751203636-424131746-382816556-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:32,58,63,00,c1,45,a0,4f,5c,b9,36,61,c5,6b,64,cf,ee,63,f5,bf,da,2e,b5,
   af,f5,48,05,12,e4,63,9d,fe,85,79,7c,2b,e2,76,39,7d,67,05,d4,41,d9,05,e8,ac,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-3751203636-424131746-382816556-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,9f,db,22,e8,90,85,48,ce,ea,92,3d,2f,a0,2a,c9,c1,8a,ab,62,83,
   bc,ed,4d,37,98,e5,b0,3e,c9,95,90,07,ae,fb,05,4e,c7,b7,03,f2,73,52,15,ee,d7,\
"rkeysecu"=hex:09,59,1b,f3,86,2b,14,fd,c5,97,8f,90,41,c3,69,23
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4944)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-05-08  09:41:34
ComboFix-quarantined-files.txt  2012-05-08 07:41
.
Vor Suchlauf: 24 Verzeichnis(se), 38.227.046.400 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 38.640.611.328 Bytes frei
.
- - End Of File - - BD65581A823619650B99515CF6F00E16
         
--- --- ---


Nach dem Neustart kam keine Fehlermeldung

Antwort

Themen zu TR/Atraps.Gen festgestellt
ahnung, anderen, anhang, avira, bericht, brauch, dateien, festgestellt, frage, funktioniert, gmer, guten, infiziert, laptop, länger, nicht mehr, nichts, programm, richtig, scan, startet, system32, tr/atraps.gen, trojaner, trojaner tr/atraps.gen, vista, warum



Ähnliche Themen: TR/Atraps.Gen festgestellt


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  5. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  8. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  9. TR/Atraps.gen - TR/Atraps.gen2 - BDS/ZAccess.T - über AVIRA Antivirus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (4)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  14. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  16. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  17. tr/atraps.gen2 gefunden und Registryänderungen festgestellt
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (7)

Zum Thema TR/Atraps.Gen festgestellt - Guten Tag seit Kurzem habe ich den Trojaner TR/Atraps.Gen durch das Programm Avira festgestellt und komme erst jetzt dazu gegen ihn etwas zu unternehmen (PC wird auch von anderen benutzt) - TR/Atraps.Gen festgestellt...
Archiv
Du betrachtest: TR/Atraps.Gen festgestellt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.