| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skype und Verschlüßelungstrojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.11.2012, 21:49
| #1 |
| |  Skype und Verschlüßelungstrojaner? Hallo Forum, ich, bzw mein jüngerer Bruder, habe seit geraumer Zeit mehrere vermutlich Virenbedingte PC Probleme. Das ganze geht seit ungefähr 2 Wochen, er weis die genaue Reihenfolge und das auftreten allerdings nicht mehr genau. Ich habe mich bereits Anhand der Symptome im Internet informiert und versucht den Virus zu identifizieren, allerdings bin ich mir unsicher was ich genau habe. Ich Schildere jetzt hier einfach mal alle Probleme/Symptome und im Anschluss alles was ich bereits Unternomen habe: - Mein Bruder hat sich auf jeden Fall diesen Skype Trojaner eingefangen(Er hat ungefähr so eine Nachricht bekommen "Sind das deine Fotos" und eine Datei heruntergeladen und ausgeführt) Was alles genau nicht funktioniert hat weis er nicht mehr, er hat dan anhand irgendeiner Anleitung im Internet Dateien gelöscht damit Skype wieder funktioniert - Ein Ordner mit Fotos ist auf einmal verschwunden - Er kommt nicht mehr richtig ins Internet, über den Browser gehts für 20 Sekunden, dann nicht mehr, erst nach dem man das Netzwerkkabel aus und wieder ein steckt, gehts wieder kurz. Das lässt sich beliebig oft wiederholen. Wir haben folgendes Unternommen: -Kaspersky Lab installiert(Vollversion), Updates gemacht, System gescannt. Hat auch einiges gefunden - Mit einem Wiederherstellungstool (recuva) nach gelöschten Fotos gesucht, diese auch gefunden und wiederhergestellt. Nun kann mal allerdings die meisten Fotos nicht öffnen. Verschlüsselungstrojaner? -Beim Internet Problem bin ich ratlos So, dann habe ich noch gemacht was unter "Für alle Hilfesuchenden" steht. Ich poste nun mal alle Logfiles incl. Kaspersky : Kaspersky Code:
ATTFilter Status: Gelöscht (Ereignisse: 23)
27.10.2012 18:53:37 Gelöscht Adware not-a-virus:HEUR:AdWare.Win32.SweetIM.gen D:\MEDIA\installation\FlashPlayer install.exe//UPX Mittel
27.10.2012 18:53:37 Gelöscht Adware not-a-virus:HEUR:AdWare.Win32.SweetIM.gen D:\MEDIA\installation\FlashPlayer install.exe Mittel
27.10.2012 18:03:55 Gelöscht trojanisches Programm Trojan.Win32.Agent.hwcw C:\Windows\Temp\wincout.exe Hoch
27.10.2012 17:33:09 Gelöscht trojanisches Programm Trojan.Win32.Yakes.axwp C:\Documents and Settings\Public\nvsvc32.exe Hoch
27.10.2012 17:31:23 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\FF98.exe Hoch
27.10.2012 17:31:23 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\F8DF.exe Hoch
27.10.2012 17:31:23 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\E08.exe Hoch
27.10.2012 17:31:23 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\DE32.exe Hoch
27.10.2012 17:31:23 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\D600.exe Hoch
27.10.2012 17:31:22 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\D176.exe Hoch
27.10.2012 17:31:22 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\C3F.exe Hoch
27.10.2012 17:31:22 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\C17E.exe Hoch
27.10.2012 17:31:22 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\A632.exe Hoch
27.10.2012 17:31:22 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\9481.exe Hoch
27.10.2012 17:31:22 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\904D.exe Hoch
27.10.2012 17:31:22 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\8C4B.exe Hoch
27.10.2012 17:31:21 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\5B4D.exe Hoch
27.10.2012 17:31:21 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\5234.exe Hoch
27.10.2012 17:31:21 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\31DD.exe Hoch
27.10.2012 17:31:21 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Documents and Settings\kingkong\Anwendungsdaten\316C.exe Hoch
27.10.2012 17:29:35 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Users\kingkong\AppData\Roaming\4569.exe Hoch
27.10.2012 17:29:35 Gelöscht trojanisches Programm Trojan-Ransom.Win32.PornoAsset.atra C:\Users\kingkong\AppData\Roaming\A4DA.exe Hoch
27.10.2012 16:55:44 Gelöscht Virus HEUR:Trojan.Win32.Generic c:\Users\kingkong\AppData\Roaming\Xroaox.exe Hoch
Status: Verdächtig (Ereignisse: 3)
30.10.2012 22:25:54 Verdächtig legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen PDM.Keylogger kernel mode memory patch Mittel
30.10.2012 16:43:18 Verdächtig legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen PDM.Keylogger D:\SPIELE\VIETCONGNEU2\VIETCONG\VIETCONG.EXE Mittel
27.10.2012 19:37:56 Verdächtig legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen PDM.Keylogger D:\SPIELE\BATTELFIELD PLAY FOR FREE\BFP4F.EXE Mittel
Status: Nicht vorhanden (Ereignisse: 1)
27.10.2012 19:41:20 Nicht gefunden legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen not-a-virus:HEUR:WebToolbar.Win32.BetterInstaller.gen D:\$RECYCLE.BIN\S-1-5-21-2865795408-1716504761-312820871-1000\$RXZ01G7.exe//biclient.exe Niedrig
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:25 on 06/11/2012 (kingkong)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/6/2012 9:27:30 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kingkong\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.79% Memory free 7.83 Gb Paging File | 5.91 Gb Available in Paging File | 75.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 32.51 Gb Free Space | 32.51% Space Free | Partition Type: NTFS Drive D: | 578.01 Gb Total Space | 490.59 Gb Free Space | 84.88% Space Free | Partition Type: NTFS Computer Name: MARKUS | User Name: kingkong | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/06 21:23:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kingkong\Desktop\OTL.exe PRC - [2012/10/19 01:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012/10/17 14:22:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/08/23 14:40:04 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/03/30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/03/30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/03/30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/03/30 13:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011/02/16 22:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe PRC - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe PRC - [2010/09/30 02:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009/08/13 15:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe PRC - [2007/01/31 15:14:28 | 000,360,448 | ---- | M] (Ricoh Company, Ltd.) -- C:\Program Files (x86)\Caplio Software\RGateLXP.exe ========== Modules (No Company Name) ========== MOD - [2010/10/01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtGui4.dll MOD - [2010/10/01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtCore4.dll MOD - [2010/10/01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\localization_manager.dll MOD - [2009/10/30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\dblite.dll MOD - [2004/05/11 11:38:20 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Caplio Software\zlib.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/13 14:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2012/08/23 14:40:04 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2011/01/05 22:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/01/05 22:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/01/05 22:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/10/07 23:58:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/17 23:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/10/28 22:19:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/19 15:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/17 14:22:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/09/13 13:12:08 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/08/29 11:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/03/30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/03/30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/03/30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011/02/16 22:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe -- (Sierra Wireless QDL Service) SRV - [2011/02/01 22:24:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 22:24:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/27 16:48:02 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 11:45:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/04/15 03:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/24 06:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/03/24 06:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/03/22 17:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/08 13:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/03/08 13:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/02/04 00:58:00 | 000,424,448 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swg3kmbb00.sys -- (swg3kmbb00) DRV:64bit: - [2011/02/04 00:57:20 | 000,073,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibusflt00.sys -- (swibusflt00) DRV:64bit: - [2011/02/04 00:57:20 | 000,073,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibus00.sys -- (swibus00) DRV:64bit: - [2011/02/04 00:57:06 | 000,034,304 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kflt00.sys -- (swg3kflt00) DRV:64bit: - [2011/02/04 00:56:58 | 000,256,384 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kser00.sys -- (swg3kser00) DRV:64bit: - [2011/02/04 00:56:58 | 000,256,384 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3knmea00.sys -- (swg3knmea00) DRV:64bit: - [2011/01/04 03:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010/12/28 19:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/10/09 14:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010/05/07 03:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009/12/14 11:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2009/12/14 11:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2009/11/19 13:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG) DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/24 06:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/11/01 11:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 11:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5B31D884-E7E4-470F-B0A6-5CEED594F51F} IE:64bit: - HKLM\..\SearchScopes\{5B31D884-E7E4-470F-B0A6-5CEED594F51F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.26010003&st=12&barid={9DEC6880-81A4-4F42-A349-DB97AAD2AEAD} IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {5B31D884-E7E4-470F-B0A6-5CEED594F51F} IE - HKLM\..\SearchScopes\{5B31D884-E7E4-470F-B0A6-5CEED594F51F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.26010003&st=12&q={searchTerms}&barid={9DEC6880-81A4-4F42-A349-DB97AAD2AEAD} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {5B31D884-E7E4-470F-B0A6-5CEED594F51F} IE - HKCU\..\SearchScopes\{04237ED4-1BC3-44D7-A572-7ABDD93A0614}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=4f7cb9fe-44b5-4b15-8df5-a440a6e8ad71&apn_sauid=DC45494C-AF2A-496E-A17B-127332AF48FA IE - HKCU\..\SearchScopes\{5B31D884-E7E4-470F-B0A6-5CEED594F51F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=4f7cb9fe-44b5-4b15-8df5-a440a6e8ad71&apn_ptnrs=%5EAGS&apn_sauid=DC45494C-AF2A-496E-A17B-127332AF48FA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\vlc mediaplayer\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/03 17:00:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/03 17:00:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 22:19:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2012/10/27 16:48:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 22:19:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/16 17:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingkong\AppData\Roaming\mozilla\Extensions [2012/10/23 16:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingkong\AppData\Roaming\mozilla\Firefox\Profiles\poh75szc.default\extensions [2012/10/16 17:47:36 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\kingkong\AppData\Roaming\mozilla\Firefox\Profiles\poh75szc.default\extensions\battlefieldplay4free@ea.com [2012/10/28 22:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/10/28 22:19:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2012/10/28 22:19:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/10/11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/10/11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Driver Whiz] D:\windows sounds\sounds\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false File not found O4 - Startup: C:\Users\kingkong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Change your facebook look - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll (TODO: <Company name>) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEE701F9-6002-45EE-9721-E93128467913}: DhcpNameServer = 192.168.178.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF14B3B1-F238-4E26-B063-2221317D56C6}: DhcpNameServer = 192.168.178.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab) O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/06 21:25:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kingkong\Desktop\OTL.exe [2012/11/06 21:19:12 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (4) [2012/11/06 21:19:12 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (3) [2012/11/06 21:19:10 | 000,000,000 | ---D | C] -- C:\Neuer Ordner (2) [2012/11/06 21:19:05 | 000,000,000 | ---D | C] -- C:\Neuer Ordner [2012/11/06 19:22:13 | 000,000,000 | ---D | C] -- C:\Fotos [2012/11/04 10:39:57 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012/10/29 15:21:04 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\Diagnostics [2012/10/28 22:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/27 16:48:39 | 000,085,048 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys [2012/10/27 16:48:39 | 000,066,104 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys [2012/10/27 16:48:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012/10/27 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch [2012/10/27 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE [2012/10/27 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/10/27 16:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012/10/27 16:48:02 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012/10/27 16:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2012/10/27 15:52:04 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\AskToolbar [2012/10/27 15:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/10/27 15:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/10/27 09:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/10/27 09:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/10/22 13:53:05 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Roaming\PCCUStubInstaller [2012/10/22 13:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2012/10/22 13:53:00 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\PC_Drivers_Headquarters [2012/10/22 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2012/10/22 13:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz [2012/10/16 22:24:33 | 000,000,000 | ---D | C] -- C:\Users\kingkong\Documents\Battlefield Play4Free [2012/10/16 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\Macromedia [2012/10/16 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Roaming\Mozilla [2012/10/16 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\Mozilla [2012/10/16 17:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/10/16 17:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/10/15 20:59:53 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Roaming\WinRAR [2012/10/09 16:39:26 | 000,000,000 | ---D | C] -- C:\Users\kingkong\AppData\Local\PunkBuster [2012/09/21 19:42:30 | 019,054,352 | ---- | C] (GIANTS Software ) -- C:\Users\kingkong\FarmingSimulator2011Patch2.2DE.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/06 21:25:56 | 000,000,000 | ---- | M] () -- C:\Users\kingkong\defogger_reenable [2012/11/06 21:23:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kingkong\Desktop\OTL.exe [2012/11/06 21:23:00 | 000,050,477 | ---- | M] () -- C:\Users\kingkong\Desktop\Defogger.exe [2012/11/06 21:13:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/06 20:33:21 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/06 19:33:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/05 20:46:03 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/05 20:46:03 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/05 19:14:46 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/05 19:14:46 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/11/05 19:14:46 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/05 19:14:46 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/11/05 19:14:46 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/04 21:03:14 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml [2012/11/04 21:03:14 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2012/11/04 11:13:44 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/11/04 11:13:44 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/04 11:13:37 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/11/03 13:27:18 | 000,001,221 | ---- | M] () -- C:\Users\kingkong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012/11/03 13:25:09 | 3152,506,880 | -HS- | M] () -- C:\hiberfil.sys [2012/10/27 19:25:07 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/10/27 17:14:37 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012/10/27 17:14:37 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012/10/27 16:48:02 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012/10/17 14:22:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/10/16 17:44:37 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/06 21:25:56 | 000,000,000 | ---- | C] () -- C:\Users\kingkong\defogger_reenable [2012/11/06 21:25:03 | 000,050,477 | ---- | C] () -- C:\Users\kingkong\Desktop\Defogger.exe [2012/11/04 20:55:43 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml [2012/11/04 20:55:43 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml [2012/10/27 16:48:47 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012/10/27 16:48:47 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012/10/27 09:00:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/10/17 14:18:24 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/10/16 17:44:37 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/10/16 17:44:37 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/09/21 19:39:12 | 000,000,680 | RHS- | C] () -- C:\Users\kingkong\ntuser.pol [2012/07/07 10:12:14 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/07/07 10:11:57 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/01/03 23:26:14 | 000,000,980 | ---- | C] () -- C:\Windows\eReg.dat [2012/01/01 17:01:11 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SUPPORT.INI [2011/12/25 11:50:08 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011/12/25 11:50:08 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011/12/25 09:28:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2011/12/25 05:55:27 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2011/12/25 05:55:27 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2011/12/25 05:55:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011/05/07 18:16:59 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/02 01:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/05/02 01:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/05/02 01:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/05/02 01:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/05/02 01:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2010/11/25 05:43:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/04 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\.minecraft [2012/10/05 14:14:44 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\.terasology [2012/09/22 09:55:33 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\Canon [2011/05/07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\Fujitsu [2012/09/21 19:39:26 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\Fujitsu Launch Center [2012/10/22 13:53:05 | 000,000,000 | ---D | M] -- C:\Users\kingkong\AppData\Roaming\PCCUStubInstaller ========== Purity Check ========== < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11/6/2012 9:27:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kingkong\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.79% Memory free
7.83 Gb Paging File | 5.91 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 32.51 Gb Free Space | 32.51% Space Free | Partition Type: NTFS
Drive D: | 578.01 Gb Total Space | 490.59 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
Computer Name: MARKUS | User Name: kingkong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\vlc mediaplayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017BCFDE-7942-4272-9AEA-62AF81A0C8FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0194E714-8467-47AB-AD78-63284C73D3D6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{06E89086-29C2-4D18-AC5D-25C083906403}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0D34FE69-8253-440A-8762-D75792B14D50}" = rport=138 | protocol=17 | dir=out | app=system |
"{39697303-8E2E-442C-8712-8113EC945DB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{43C335CA-2AEB-46AE-9976-46293EE6369F}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E7867D6-69CF-43B0-A7F4-06A3B243CE16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72D2D6CB-674E-4271-BA9E-EA3BB0CCD96B}" = lport=138 | protocol=17 | dir=in | app=system |
"{7892B361-8453-4996-9B06-D26FFE0604A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A49FAD4-FEEF-4B05-8352-43EF64B72CC0}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DA73E97-ED71-499F-ADEC-B40ABD75872A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2333D8A-49CB-469A-97C6-3DB1C3181158}" = rport=139 | protocol=6 | dir=out | app=system |
"{C2801341-CA9F-409B-B4CA-D124FB38A2EA}" = rport=137 | protocol=17 | dir=out | app=system |
"{CA4BD762-A7AB-4727-882B-62402F42E4D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F6A662F2-9A72-487C-A76B-AC67A926E1F8}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C6BDC0-4461-43F9-A87F-FD53F571D808}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{151801DE-8379-4AB3-9E55-7A10DA11E647}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{153DDFAB-7F2F-4B99-A503-775E2BBE95B6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{20896436-C190-4388-90C9-F51221BAAD2C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{20B936E1-FB61-4F9F-BE6C-9E38A76260C5}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{20F7CFE6-5720-48BB-990A-EBAA8CD8BA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{31DAF177-2BA2-40BA-9BFB-49B4D36391A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{32719CCF-70FE-4929-BD7A-92A8BD305825}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{331B12BF-08D6-46D9-B879-2549E6FA0436}" = protocol=17 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\snowcat2011.dll |
"{42EC16F4-FDBD-4FDD-B068-17B68CD3EC05}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{42F4D90C-419D-4117-9B47-6A2D1CA5F432}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{437B58AC-61FA-4F9B-A386-0DCCEEB76A5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51D7DB46-520A-4387-A527-61D2BD4F74E0}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{54956544-7A05-48F6-8BCA-BBD5C830DEE9}" = protocol=17 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\iupdate.dll |
"{6367BA8E-CC6F-48A9-AA6C-C633FBA8C7F5}" = protocol=6 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\snowcat2011.dll |
"{6399AC6D-74BB-4BD3-8E56-0937267B18C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{653731A5-FB14-434F-BBCF-32FDA602B692}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{68CA7D54-999F-4C5A-A94E-789CBFDAD723}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{6FC3321F-D31F-442D-961A-290336CDD4BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72928B9B-23C9-4C7A-AB72-37C1944769F5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{73416DEF-4528-4C1D-9F8F-D255B2AE685F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
"{73458EA1-588A-4B83-8799-15770C6D439C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{73FF8CAB-6DE7-48E2-B2DB-9D70C6BFA60A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7F2558C4-3573-4D96-A8CD-1B208D495312}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F60367F-EB11-4D4C-BF5B-49E11CC84A67}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{82D6BD3A-7677-4846-B484-E92D9661D870}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{88599510-3ABA-46CB-A734-C3A0624C8396}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8AEC4A58-F00F-44E4-86D8-401799BE1DE3}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8D06D5AB-7647-4735-902A-DDF0DC4F4BDA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8DD686D3-3B0C-4B71-BFB1-417133158F6F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9628FCBE-D346-44C0-A3A1-B6D8F727E342}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{97AE961B-C23B-4674-B110-79DE36011DD2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A78DA0D-5FB9-4AEB-918C-AC071CA47D8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B601E1E-5A29-4529-AF79-4D6DBFEB43FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A47D9FD1-B4DF-4EF5-AA65-A83C8C7A8525}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A5D8F862-8C69-4AF3-8DCA-6905200EA40D}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{AEDA65EE-1A06-4D3D-95E2-75B34EA710A0}" = protocol=17 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"{B0F66C6C-D664-48A6-B516-DBEB2859021B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BB6A8D13-9DAA-4240-9C48-485A13345648}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1C95627-496C-4141-AF53-754CC1FFD115}" = protocol=17 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe |
"{C360380A-C347-4B25-9F75-079412CD8B83}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C487C5F0-E590-40D3-A025-7770B18D33B0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C4E6696D-650B-4F92-AED4-B4CAC057CF48}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{C854ABDC-3B33-4644-B113-D01C00BE0F16}" = protocol=6 | dir=in | app=c:\program files (x86)\snowcat simulator 2011\iupdate.dll |
"{D025DAFC-B7E1-4402-B0DB-A19B3AD40A3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6F50812-9B04-4BC3-9584-9613BD70717B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DB33AEAF-1640-457E-802E-85ED1018A925}" = protocol=6 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"{E2F38963-A68C-4225-BC66-63B32989FF29}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E9C70965-C998-4011-93C1-CA028BB5EBB8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EC66966B-800B-4436-812A-855957C7F040}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{F01CD302-3234-4ABD-95A4-5EF6EE7105E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F449777F-BD37-421B-91CF-C23ED1CC2996}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F4594059-1AD0-43CD-9751-136BE3D94AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{F6B5E89F-FFEC-432E-8599-7661750EECC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
"{F81DAE36-F012-45D7-B79F-D4EAB469E0BC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FA1F7A55-8066-462B-9FBA-09016B6E497C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{FC52CC17-8D98-45F2-AD7E-26355693BDF3}" = protocol=6 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe |
"TCP Query User{07593F01-FF54-4A53-8F49-3553489EABEA}D:\spiele\stronghold\stronghold2.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold\stronghold2.exe |
"TCP Query User{3970252F-2478-412B-80DE-2A1773D40853}D:\spiele\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\spiele\left4dead\left4dead.exe |
"TCP Query User{4630814A-D31F-44A1-BA19-51380DDBB594}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"TCP Query User{89BDF480-F755-4860-B66B-1B0D41BFFF1F}D:\spiele\flat out2\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe |
"TCP Query User{91EBD3AE-14EE-4DA6-9355-C4CE1D262F38}D:\spiele\stronghold\stronghold2.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold\stronghold2.exe |
"TCP Query User{AE67E190-AA7B-410F-98B3-5AD7B4DAF79E}D:\spiele\vietcongneu\vietcong.exe" = protocol=6 | dir=in | app=d:\spiele\vietcongneu\vietcong.exe |
"TCP Query User{C091F683-A23D-467A-89A2-A709EF5BD2EC}D:\stronghold\stronghold2.exe" = protocol=6 | dir=in | app=d:\stronghold\stronghold2.exe |
"TCP Query User{C74C4FF8-D286-491F-BD33-13ED66A9EFE8}D:\spiele\cod4\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele\cod4\iw3mp.exe |
"TCP Query User{DCE44E6D-7B7D-49F7-84F9-AAABB4F44E85}D:\spiele\generals\stunde null\game.dat" = protocol=6 | dir=in | app=d:\spiele\generals\stunde null\game.dat |
"TCP Query User{EFE7E236-7C7D-4F85-84A1-FD569C847FA2}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{FAFA3760-B563-4836-BCB1-3D90BA2ED081}D:\aoe gold\empiresx.exe" = protocol=6 | dir=in | app=d:\aoe gold\empiresx.exe |
"TCP Query User{FD274282-B84F-4BC2-BD66-B44650D8C6C8}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{0202E547-B9EB-45FB-A72E-2B7D120950CC}D:\spiele\generals\stunde null\game.dat" = protocol=17 | dir=in | app=d:\spiele\generals\stunde null\game.dat |
"UDP Query User{21D89624-2DB0-40C6-AABC-7F915C135E40}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{22D9CBF7-746F-4F48-8753-D24DDA87F995}D:\spiele\stronghold\stronghold2.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold\stronghold2.exe |
"UDP Query User{25D57BEC-0D6B-4CB8-9864-883074177E83}D:\spiele\cod4\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele\cod4\iw3mp.exe |
"UDP Query User{3E112127-F00B-47E1-9FA8-21485A2967F0}D:\spiele\vietcongneu\vietcong.exe" = protocol=17 | dir=in | app=d:\spiele\vietcongneu\vietcong.exe |
"UDP Query User{43F7F876-49D3-4F99-8348-4D9B4BC2DA63}D:\spiele\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\spiele\left4dead\left4dead.exe |
"UDP Query User{4F3C2F8C-F131-46D9-A28D-ADA656B0CFB0}D:\spiele\stronghold\stronghold2.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold\stronghold2.exe |
"UDP Query User{52BC817B-7760-4907-A8E6-384E0A0D287E}C:\program files (x86)\caplio software\rgatelxp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\caplio software\rgatelxp.exe |
"UDP Query User{62BEA6EB-66BC-48D8-8A27-07BEC33BD12A}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{67EC4C8C-DEFF-4F5D-BACB-74556B7C99AA}D:\stronghold\stronghold2.exe" = protocol=17 | dir=in | app=d:\stronghold\stronghold2.exe |
"UDP Query User{979C15A2-74BF-464C-9E52-E6319ED28F0A}D:\spiele\flat out2\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flat out2\flatout 2\flatout2.exe |
"UDP Query User{BDF0D10B-327A-4F61-9BAF-F57E18F30859}D:\aoe gold\empiresx.exe" = protocol=17 | dir=in | app=d:\aoe gold\empiresx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}" = Driver Whiz
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8F5F4AB-512F-44EB-9018-3C527AF6A717}" = Irodio Photo & Video Studio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F66CCDA6-950B-4F72-AE59-337765446589}" = Caplio Software
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIS Connect" = AIS Connect
"Audacity_is1" = Audacity 1.2.6
"BabylonToolbar" = Babylon toolbar on IE
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeskUpdate_is1" = DeskUpdate 4.11
"DPP" = Canon Utilities Digital Photo Professional 3.1
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FilesFrog Update Checker" = FilesFrog Update Checker
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"LayoutsExpress" = LayoutsExpress
"LogMeIn Hamachi" = LogMeIn Hamachi
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"STANDARD" = Microsoft Office Standard 2007
"SWIQMIDrvInstaller" = Sierra Wireless QMI Driver Package
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"Waldmeister Sause XXL_is1" = Waldmeister Sause XXL
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/3/2012 8:25:57 AM | Computer Name = Markus | Source = WinMgmt | ID = 10
Description =
Error - 11/3/2012 8:32:49 AM | Computer Name = Markus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlarp.exe, Version: 15.4.3508.1109,
Zeitstempel: 0x4cda6de3 Name des fehlerhaften Moduls: wlarp.exe, Version: 15.4.3508.1109,
Zeitstempel: 0x4cda6de3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000bac71 ID des fehlerhaften
Prozesses: 0xe68 Startzeit der fehlerhaften Anwendung: 0x01cdb9bf5134ef4a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Berichtskennung:
93a871ed-25b2-11e2-b230-8c736ea49c59
Error - 11/4/2012 9:34:58 AM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.70.10 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b2c Startzeit:
01cdba90e94116e0 Endzeit: 8 Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID:
Error - 11/4/2012 4:02:18 PM | Computer Name = Markus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0,
Zeitstempel: 0x4ce795f5 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932,
Zeitstempel: 0x503285c2 Ausnahmecode: 0xc0000017 Fehleroffset: 0x000000000000caed
ID
des fehlerhaften Prozesses: 0x17f8 Startzeit der fehlerhaften Anwendung: 0x01cdbac72a8cf341
Pfad
der fehlerhaften Anwendung: E:\setup.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung:
88edc471-26ba-11e2-b230-8c736ea49c59
Error - 11/5/2012 9:50:06 AM | Computer Name = Markus | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 11/5/2012 10:42:12 AM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm vietcong.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e1c Startzeit:
01cdbb5d1684cf14 Endzeit: 33 Anwendungspfad: D:\spiele\Vietcongneu2\vietcong\vietcong.exe
Berichts-ID:
Error - 11/5/2012 10:44:50 AM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm StrongholdLegends.exe, Version 1.5.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1670 Startzeit: 01cdbb63cadf5300 Endzeit: 14 Anwendungspfad:
D:\spiele\strongholds\Firefly Studios\Stronghold Legends\StrongholdLegends.exe Berichts-ID:
Error - 11/5/2012 2:01:46 PM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm vietcong.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b60 Startzeit:
01cdbb7db26346ef Endzeit: 11 Anwendungspfad: D:\spiele\Vietcongneu2\vietcong\vietcong.exe
Berichts-ID:
Error - 11/5/2012 2:03:57 PM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm StrongholdLegends.exe, Version 1.5.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1230 Startzeit: 01cdbb7fb836ea20 Endzeit: 17 Anwendungspfad:
D:\spiele\strongholds\Firefly Studios\Stronghold Legends\StrongholdLegends.exe Berichts-ID:
Error - 11/5/2012 2:34:53 PM | Computer Name = Markus | Source = Application Hang | ID = 1002
Description = Programm StrongholdLegends.exe, Version 1.5.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1ad0 Startzeit: 01cdbb840326cbd6 Endzeit: 23 Anwendungspfad:
D:\spiele\strongholds\Firefly Studios\Stronghold Legends\StrongholdLegends.exe Berichts-ID:
[ System Events ]
Error - 10/31/2012 5:21:08 PM | Computer Name = Markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 11/1/2012 12:20:14 PM | Computer Name = Markus | Source = bowser | ID = 8003
Description =
Error - 11/2/2012 8:24:51 AM | Computer Name = Markus | Source = bowser | ID = 8003
Description =
Error - 11/2/2012 8:31:09 AM | Computer Name = Markus | Source = BROWSER | ID = 8032
Description =
Error - 11/3/2012 8:25:18 AM | Computer Name = Markus | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?11.?2012 um 11:12:30 unerwartet heruntergefahren.
Error - 11/3/2012 8:25:25 AM | Computer Name = Markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 11/3/2012 12:37:26 PM | Computer Name = Markus | Source = bowser | ID = 8003
Description =
Error - 11/3/2012 12:58:21 PM | Computer Name = Markus | Source = BROWSER | ID = 8032
Description =
Error - 11/4/2012 5:36:47 AM | Computer Name = Markus | Source = bowser | ID = 8003
Description =
Error - 11/5/2012 5:11:35 PM | Computer Name = Markus | Source = BROWSER | ID = 8032
Description =
< End of report >
Ok, ich hoffe das ist alles richtig. Im weiteren würde ich gerne wissen, was den nun mich an einem warscheinlich noch nicht befallenen Computer im gleichen Netzwerk vor derartigen Problemen schützen kann? Vielen Dank, Andi Tut mir leid, hab etwas vergessen: Das wichtigste ist mir das ich checken kann ob die Fotos wiederhergestellt werden können bzw ob ich diesen Verschlüsselungstrojaner habe oder ob es ein anderes Problem ist. Wenn das geklärt ist, kann ich das System problemlos formatieren. MFG Geändert von Quartz234 (06.11.2012 um 22:00 Uhr) Grund: Code Tags eingefügt |
|
12.11.2012, 11:42
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Skype und Verschlüßelungstrojaner? Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Wenn der Verschlüsselungstrojaner am Werk war, dann wären deine Dateien schrott, also zB mit völlig anderem Dateinamen und nicht mehr zu öffnen Code:
ATTFilter PDM.Keylogger D:\SPIELE\VIETCONGNEU2\VIETCONG\VIETCONG.EXE Mittel
PDM.Keylogger D:\SPIELE\BATTELFIELD PLAY FOR FREE\BFP4F.EXE Mittel
__________________ |
|
12.11.2012, 21:40
| #3 | ||
| | Skype und Verschlüßelungstrojaner? Hi,
__________________Vielen Dank erstmal, hier nähere Infos: Zitat:
Zitat:
Wie gesagt, beide Programme, sowie das ganze System können problemlos formatiert werden, es geht mir nur um die Fotos. MFG Andi |
|
12.11.2012, 22:07
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype und Verschlüßelungstrojaner?Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.11.2012, 22:13
| #5 |
| | Skype und Verschlüßelungstrojaner? Ich habe die Bilder bereits wiederhergestellt, allerdings werden 80% wenn ich einen doppelklick mache um sie zu öffnen nicht angezeigt, es kommt eine Fehlermeldung, darum habe ich mir gedacht das sie eventuel verschlüsselt worden sind ? Soll ich mal eine Beispieldatei hochladen ? MFG |
|
12.11.2012, 22:32
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype und Verschlüßelungstrojaner? Nein, ich kann deine verlorenen Daten auch nicht wieder zurückhexen - zudem stehen alle Möglichkeiten beim Verschlüsselunstrojaner ganz oben angepinnt - die Möglichkeiten sind sehr begrenzt! Deswegen sollte man im Falle eines Verschlüsselungstrojaners der letzten Generation erstmal prüfen ob man ein einigermaßen aktuelles Backup hat, wenn dann was fehlt wäre der ShadowExplorer günstig und erst wenn alle Stricke reißen versucht man Entschlüsselungstools Diese Reihenfolge ist am sinnvollsten. Je schneller und wahrscheinlicher man eine Datei aus der Methode zurückbekommt desto eher wendet man sie an. Niemand würde auf die Idee kommen, Tage oder Wochen mit einer Entschlüsselungs Zeit zu verplempern wenn man die Daten eh mal auf einem sicher extern gelegten Datenträger gesichert hat.
__________________ --> Skype und Verschlüßelungstrojaner? |
|
13.11.2012, 07:27
| #7 |
| | Skype und Verschlüßelungstrojaner? Zurückhexen verlangt auch niemand. Ein Backup ist leider nicht vorhanden, den Shadow Explorer werde ich mal probieren. Bevor ich allerdings recht viel rumprobiere wollte ich erst mal checken ob es überhaupt dieser Trojaner ist, kann man das nicht herrausfinden ? MFG Andi |
|
13.11.2012, 12:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype und Verschlüßelungstrojaner? Hm, also wir wissen doch, dass die Daten weg sind. Was bringt dir das also wenn du denn genau weißt welcher Schädling es war bzw, ob es ein Schädling war? Diese Erkenntnis allein bringt dir die Daten auch nicht wieder und am schnellsten bekommst du die Daten über eine halbwegs aktuelle Datensicherung oder eben mit Glück über den ShadowExplorer zurück. Und mit dem ShadowExplorer muss man nicht viel rumprobieren! Entweder er zeigt die Dateien aus den Schattenkopien an oder eben nicht Die Rumprobiererei hast du ja selbst schon gemacht, allerdings bleibt nichts anderes übrig wenn keine Datensicherung da ist und auch der ShadowExplorer nichts findet. Da du das System eh formatieren willst würde ich auch keine große Arbeit in eine Analyse und Bereingung stecken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Skype und Verschlüßelungstrojaner? |
| audacity, avira searchfree toolbar, babylontoolbar, benutzerdaten, bho, browser, computer, dateien gelöscht, error, failed, firefox, flash player, grand theft auto, helper, heur, incredibar toolbar, internet problem, microsoft office starter 2010, mozilla, msiexec.exe, office 2007, plug-in, programm, realtek, recuva, recycle.bin, registry, security, sekunden, sierra, software, svchost.exe, sweetpacks, system, tastatur, teamspeak, trojaner, updates, usb 2.0, virus, windows, wrapper |
Linear-Darstellung
