| |
| |||||||
Log-Analyse und Auswertung: Malware die meinen PC zum Zombie machteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
04.01.2012, 18:43
| #1 |
| |  Malware die meinen PC zum Zombie machte Hallo! ich habe seit genau 20 min folgendes Problem: Ich hab mir ein Hoaxprogramm runtergeladen dies gestartet und gleich bemerkt das da was net stimmt(hab es gelöscht). Ich wollte den TaskManager aufrufen doch dieser wurde angeblich durchmich geblockt, nach paarmal googlen hab ich den entsperrungsbefehl gefunden. Prompt stellte ich fest das plötzlich "java.exe" 4mal lief. Ich hab dann alle 4 beendet und gleich darauf startete sich "CMDhost.exe" 12 mal. Wieder alles beendet, Malwarebytes schnelllauf durchlaufen lassen 18 funde(am Vortag 0) alles beseititgt und dann vollscan gestartet und HijackThis log gemacht hochgeladen auf hickjackthis und auswerten lassen dawurden 2 sachen festgestellt beide entfernt. Nach 2 Stunden suchen(ca. 40%hätten noch gefehlt) wurde 1 Objekt gefunden. Plötzlich beginnt der PC mit mir zureden. Klingt komisch ist aber so. Das sah folg. aus: Von Mälwärebit Kumpoiter sakt du hast käne Wirus! Sai froh däs du käine hast! dacht ich mir das is noch der virus der das schreibt gleich geschlossen suchlauf ging weiter. nach weiteren 10 min öffnete sich das selbe nochmal. Wieder geschlossen. Dann wollt ich mir ein Video ansehen "Die Top10 Hacker der Welt" Platz 2 Steve Wozniak. Plötzlich Youtube schliesst sich. Von Steve Wozniak Du schaust ein Video über mich an du unwürdiger! dann gings los: Mälwärebit: Wer ist Steve Wozniak? Steve Wozniak: Ich?!? nach 1 min amüsanter Unterhaltung hab ich den Internetstecker gezogen. Puff Computer eingefroren und lässt sich nicht mehr starten. Gibt es noch eine möglichkeit den Pc zu retten außer neuaufsetzen? //edit PC läuft wieder ich lass ihn erstmal net in Inet. Log ist angefertigt. Avira/Malwarebytes/Firewall zerschossen nichts davon lässt sich starten. LOG: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:51:43, on 04.01.2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files\My Lockbox\mylbx.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Users\Lukas\Desktop\HiJackThis204.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file) R3 - URLSearchHook: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file) R3 - URLSearchHook: (no name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-3864650561-2820080528-2103416458-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3864650561-2820080528-2103416458-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Free YouTube Download - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: hxxp://members.brazzers.com O16 - DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} (Portalarium Player Web Plugin) - hxxp://test.player.portalarium.com/installers/win32/PortalariumPlayer.cab O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\SysWOW64\fsproflt.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WireHelpSvc - Unknown owner - C:\Program Files\Common Files\WireHelpSvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe -- End of file - 12418 bytes mfg sudden Geändert von sudden_death (04.01.2012 um 19:21 Uhr) |
|
04.01.2012, 19:58
| #2 |
| /// Malware-holic   | Malware die meinen PC zum Zombie machte hi
__________________1. öffne malwarebytes, logdateien, poste alle scan logs 2. öffne hijackthis, open misk tools, sag mir was du in die quarantäne genommen hast. 3. hast du den link noch wo du dir das hoax geladen hast? falls ja, als private nachicht an mich 4. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.01.2012, 20:07
| #3 |
| | Malware die meinen PC zum Zombie machte zu 1. davon ist leider nichts mehr da
__________________ OTL Logfile:Code:
ATTFilter OTL logfile created on: 04.01.2012 20:36:53 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = I:\ 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,63% Memory free 8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 28,40 Gb Free Space | 6,10% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,32% Space Free | Partition Type: NTFS Drive I: | 3,76 Gb Total Space | 3,76 Gb Free Space | 99,95% Space Free | Partition Type: FAT32 Computer Name: SPIELEBUDE | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.04 20:25:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\OTL.exe PRC - [2011.12.01 21:06:24 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2011.12.01 21:06:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.11.29 10:50:02 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.27 14:52:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.01 05:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.05.30 16:16:08 | 001,696,992 | ---- | M] (FSPro Labs) -- C:\Programme\My Lockbox\mylbx.exe PRC - [2010.01.06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe PRC - [2009.10.23 20:24:54 | 001,085,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe PRC - [2009.07.10 11:23:54 | 000,036,864 | R--- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe ========== Modules (No Company Name) ========== MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.02.28 01:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device) SRV - [2011.12.08 16:31:43 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.12.01 21:06:24 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011.12.01 21:06:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.11.29 10:50:02 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2011.09.09 18:46:10 | 008,158,720 | ---- | M] () [Auto | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2011.08.03 09:58:52 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.07.18 14:49:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto | Running] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService) SRV - [2011.06.06 17:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 14:52:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt) SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009.07.10 11:23:54 | 000,036,864 | R--- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.28 01:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device) SRV - [2007.12.21 03:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\xampp\service.exe -- (XAMPP) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.27 09:02:32 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2011.07.18 14:49:27 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.18 14:49:27 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.12.08 11:53:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010.04.12 09:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2010.03.15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2010.03.15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV:64bit: - [2010.03.15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2010.03.15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2010.03.15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV:64bit: - [2010.03.15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2010.03.15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV:64bit: - [2009.10.22 20:24:26 | 000,674,304 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2009.07.14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.17 08:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 08:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.01.19 19:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2008.06.06 15:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter) DRV:64bit: - [2007.02.18 00:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm) DRV:64bit: - [2007.01.29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV:64bit: - [2007.01.04 16:52:18 | 000,255,232 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MRVW23C.sys -- (MRV6X64U) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.12.22 12:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice) DRV - [2009.12.22 12:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lukas\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 10 24 EE 2B 8E CB 01 [binary data] IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..network.proxy.type: 0 FF - user.js..network.proxy.type: 0 FF - user.js..network.proxy.http: "" FF - user.js..network.proxy.http_port: FF - user.js..network.proxy.no_proxies_on: "" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lukas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.12.10 21:20:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.18 18:35:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.16 10:23:47 | 000,000,000 | ---D | M] [2011.08.26 10:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2011.08.26 10:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.12.18 17:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\4bh6p7f4.default\extensions [2011.09.27 22:28:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\4bh6p7f4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.18 17:05:19 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\4bh6p7f4.default\extensions\player@portalarium.com [2011.09.27 12:42:22 | 000,000,943 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\4bh6p7f4.default\searchplugins\conduit.xml [2011.10.24 15:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.08 13:25:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.10.24 15:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.12.18 18:35:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.18 18:35:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.18 18:35:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.18 18:35:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.18 18:35:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.18 18:35:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.18 18:35:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.19 18:30:44 | 000,000,076 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.example.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: brazzers.com ([members] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} hxxp://test.player.portalarium.com/installers/win32/PortalariumPlayer.cab (Portalarium Player Web Plugin) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2110A87A-2E72-42A6-BE42-267EDBB96CBC}: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DAEC05F-2B76-4D1D-8403-63B9245F61B5}: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85AE6EA6-F469-4F86-98A0-11A0AC651EED}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2fee6b6a-c346-11e0-864d-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{2fee6b6a-c346-11e0-864d-00ff01000001}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{3c08d19f-16b5-11e1-b7af-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{3c08d19f-16b5-11e1-b7af-00ff01000001}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{8dd8c3d3-6b94-11e0-88bb-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{8dd8c3d3-6b94-11e0-88bb-00ff01000001}\Shell\AutoRun\command - "" = G:\CD_Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EasySetPackage.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) MsConfig:64bit - StartUpReg: lxdxamon - hkey= - key= - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe () MsConfig:64bit - StartUpReg: lxdxmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe () MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.04 18:36:29 | 000,000,000 | RHSD | C] -- C:\Windows\MicroUpdate [2012.01.04 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Vitalwerks [2012.01.04 17:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP [2012.01.04 16:43:12 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\L3G!T-Labs [2011.12.28 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Glock [2011.12.28 15:28:22 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\usp [2011.12.28 02:53:23 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World [2011.12.28 02:12:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Electronic_Arts_Inc [2011.12.17 23:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.12.16 20:15:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\EVEREST Ultimate Edition 5.50.2100 +Serials [UT] [2011.12.16 18:12:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\PortalariumPlayer [2011.12.16 18:11:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\PortalariumPlayer [2011.12.08 20:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rondomedia [2011.12.08 20:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rondomedia [2011.12.08 20:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2011.12.06 23:24:42 | 000,000,000 | ---D | C] -- C:\xampp [2011.01.24 23:29:16 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll [2011.01.24 23:29:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll [2011.01.24 23:29:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll [2011.01.24 23:29:15 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll [2011.01.24 23:29:15 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll [2011.01.24 23:29:15 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll [2011.01.24 23:29:15 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll [2011.01.24 23:29:15 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcoms.exe [2011.01.24 23:29:15 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll [2011.01.24 23:29:15 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll [2011.01.24 23:29:15 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxih.exe [2011.01.24 23:29:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll [2011.01.24 23:29:14 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcfg.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.04 20:40:05 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 20:40:05 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 20:32:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.04 20:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.04 20:32:14 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.01.04 20:31:17 | 001,905,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.04 20:31:17 | 000,812,918 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.04 20:31:17 | 000,746,718 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.04 20:31:17 | 000,192,356 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.04 20:31:17 | 000,156,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.04 20:31:10 | 000,000,020 | ---- | M] () -- C:\Users\Lukas\defogger_reenable [2012.01.04 20:08:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.01 17:23:45 | 000,000,221 | ---- | M] () -- C:\Users\Lukas\Desktop\Call of Duty Modern Warfare 3.url [2012.01.01 17:23:28 | 000,000,221 | ---- | M] () -- C:\Users\Lukas\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url [2011.12.29 14:48:45 | 002,319,739 | ---- | M] () -- C:\Users\Lukas\Desktop\hackmc.jar [2011.12.29 14:48:40 | 002,402,414 | ---- | M] () -- C:\Users\Lukas\Desktop\hackedclient2.jar [2011.12.28 02:09:11 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.12.24 17:20:45 | 029,942,558 | ---- | M] () -- C:\Users\Lukas\Desktop\Unbenannt-3.psd [2011.12.24 16:38:06 | 005,325,121 | ---- | M] () -- C:\Users\Lukas\Desktop\oooomgaufo.psd [2011.12.15 16:42:56 | 005,112,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.13 18:06:24 | 010,765,791 | ---- | M] () -- C:\Users\Lukas\Desktop\Stars_and_Glamour_by_crazy_alice.psd [2011.12.08 21:49:28 | 002,362,837 | ---- | M] () -- C:\Users\Lukas\Desktop\minecraft.jar [2011.12.08 21:43:32 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\CraftBukkit Server.lnk [2011.12.06 23:57:49 | 000,000,173 | ---- | M] () -- C:\Users\Lukas\AppData\Local\msmathematics.qat.Lukas [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.04 20:31:09 | 000,000,020 | ---- | C] () -- C:\Users\Lukas\defogger_reenable [2012.01.01 17:23:45 | 000,000,221 | ---- | C] () -- C:\Users\Lukas\Desktop\Call of Duty Modern Warfare 3.url [2012.01.01 17:23:28 | 000,000,221 | ---- | C] () -- C:\Users\Lukas\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url [2011.12.29 14:47:33 | 002,402,414 | ---- | C] () -- C:\Users\Lukas\Desktop\hackedclient2.jar [2011.12.29 14:47:33 | 002,362,837 | ---- | C] () -- C:\Users\Lukas\Desktop\minecraft.jar [2011.12.29 14:47:33 | 002,319,739 | ---- | C] () -- C:\Users\Lukas\Desktop\hackmc.jar [2011.12.28 02:09:11 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.12.24 17:16:14 | 029,942,558 | ---- | C] () -- C:\Users\Lukas\Desktop\Unbenannt-3.psd [2011.12.24 16:38:05 | 005,325,121 | ---- | C] () -- C:\Users\Lukas\Desktop\oooomgaufo.psd [2011.12.13 18:06:23 | 010,765,791 | ---- | C] () -- C:\Users\Lukas\Desktop\Stars_and_Glamour_by_crazy_alice.psd [2011.10.27 16:30:12 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2011.10.16 15:58:09 | 000,000,173 | ---- | C] () -- C:\Users\Lukas\AppData\Local\msmathematics.qat.Lukas [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.09.29 21:13:25 | 000,024,576 | ---- | C] () -- C:\Windows\UUENCODE.EXE [2011.09.29 18:52:25 | 000,361,984 | ---- | C] () -- C:\Windows\SysWow64\pythoncom32.dll [2011.09.28 21:47:21 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI [2011.09.25 17:29:07 | 000,000,004 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini [2011.09.16 21:00:53 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\bass.dll [2011.08.23 19:18:51 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.08.15 10:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.08.09 19:08:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.08 14:18:55 | 000,000,132 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.08.07 13:29:25 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.07.30 20:49:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.07.12 18:54:13 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.05.06 17:27:48 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys [2011.05.06 17:27:48 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin [2011.04.30 11:16:33 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011.04.23 20:52:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\XSIChooser.exe [2011.04.20 23:11:58 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.03.26 17:55:47 | 000,000,000 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\chrtmp [2011.03.09 21:41:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.02.17 23:24:39 | 000,000,251 | ---- | C] () -- C:\Windows\4dv4nc3d.ini [2011.02.09 17:59:21 | 000,007,600 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg [2011.01.27 22:27:37 | 000,000,037 | ---- | C] () -- C:\Windows\settings.ini [2011.01.26 20:01:28 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.26 20:00:14 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.24 23:29:17 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll [2011.01.24 23:29:17 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll [2011.01.17 19:54:09 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2011.01.17 19:54:09 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2011.01.17 19:53:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.01.05 10:44:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll [2010.12.29 21:39:17 | 000,000,132 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010.12.29 21:32:59 | 000,000,132 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\Adobe Targa Format CS5 Prefs [2010.12.12 19:30:20 | 000,000,554 | ---- | C] () -- C:\Windows\eReg.dat [2010.12.10 22:11:30 | 002,171,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.30 17:51:21 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010.11.28 23:50:08 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll [2010.11.28 23:50:08 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll [2010.11.28 23:50:08 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.10.21 15:59:32 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft [2011.01.03 15:51:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Anti-spyware [2011.11.26 13:42:17 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Audacity [2011.02.27 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\AUTOSICH [2010.11.27 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\AVG10 [2011.11.07 21:06:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\BF3CC [2011.06.19 13:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.09.29 02:32:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\CheckPoint [2011.06.20 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2011.12.03 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite [2011.07.07 11:53:02 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Directory [2011.12.29 01:52:26 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DVDVideoSoft [2011.03.26 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.21 12:36:48 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FDRLab [2011.12.27 01:44:14 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FileZilla [2011.09.29 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\GetRightToGo [2011.07.19 19:41:18 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ijjigame [2010.12.13 18:14:36 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\inkscape [2011.09.07 21:14:18 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Kalypso Media [2012.01.04 16:43:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\L3G!T-Labs [2011.04.02 16:36:23 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Leadertech [2011.10.06 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\MAXON [2011.05.03 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mount&Blade Warband [2011.07.07 11:25:44 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mount&Blade With Fire and Sword [2011.12.28 02:53:23 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World [2011.10.31 10:33:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin [2011.07.14 00:33:39 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Outerspace Software [2011.08.02 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ProtectDisc [2011.07.13 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Publish Providers [2011.12.03 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Screaming Bee [2011.07.07 11:53:24 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Secure-Soft Stealer [2011.07.15 15:42:57 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Sony [2010.12.16 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.12.25 12:11:20 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\SuperHideIP [2011.12.02 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TeamViewer [2011.04.01 18:12:39 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\The Creative Assembly [2011.08.26 10:06:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TomTom [2011.09.08 23:51:02 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Tropico 4 [2012.01.04 19:18:21 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TS3Client [2011.08.15 02:16:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Tunngle [2011.12.16 20:16:32 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\uTorrent [2011.09.21 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\wargaming.net [2011.11.17 23:13:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.27 13:04:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.02.09 16:17:48 | 000,000,000 | ---D | M] -- C:\AeriaGames [2011.10.29 13:25:28 | 000,000,000 | ---D | M] -- C:\CFLog [2011.12.06 23:36:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.07.31 14:59:25 | 000,000,000 | ---D | M] -- C:\DirectX9 [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.07.08 16:03:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.15 15:58:03 | 000,000,000 | ---D | M] -- C:\Fraps [2011.08.25 15:30:06 | 000,000,000 | ---D | M] -- C:\Games [2011.05.28 10:52:15 | 000,000,000 | ---D | M] -- C:\gamigo [2011.07.13 23:13:21 | 000,000,000 | ---D | M] -- C:\HammerAutosave [2011.07.19 17:36:49 | 000,000,000 | ---D | M] -- C:\ijji [2011.12.03 00:14:29 | 000,000,000 | ---D | M] -- C:\inetpub [2011.03.02 18:47:25 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.04.01 17:48:46 | 000,000,000 | ---D | M] -- C:\My Lockbox [2011.04.30 12:24:54 | 000,000,000 | ---D | M] -- C:\My Music [2010.07.09 12:56:41 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.07.14 00:33:31 | 000,000,000 | ---D | M] -- C:\Outerspace Software [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.10.27 21:04:50 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.04 19:16:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.24 17:30:57 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.07.08 16:03:44 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.29 23:21:43 | 000,000,000 | ---D | M] -- C:\Python32 [2010.11.27 13:04:15 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.09.24 10:44:37 | 000,000,000 | ---D | M] -- C:\SG Interactive [2011.04.23 20:52:04 | 000,000,000 | ---D | M] -- C:\Softimage [2011.05.26 18:19:07 | 000,000,000 | ---D | M] -- C:\Symbols [2012.01.04 20:39:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.25 01:57:51 | 000,000,000 | ---D | M] -- C:\temp [2011.10.29 21:18:26 | 000,000,000 | R--D | M] -- C:\Users [2012.01.04 19:18:21 | 000,000,000 | ---D | M] -- C:\Windows [2010.12.26 14:06:17 | 000,000,000 | ---D | M] -- C:\Windows.old [2011.07.18 15:13:31 | 000,000,000 | ---D | M] -- C:\WINLine [2011.12.06 23:28:04 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\SysNative\drivers\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.01.2012 20:36:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = I:\
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,63% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 28,40 Gb Free Space | 6,10% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 70,32 Mb Free Space | 70,32% Space Free | Partition Type: NTFS
Drive I: | 3,76 Gb Total Space | 3,76 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Computer Name: SPIELEBUDE | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Lukas\AppData\Local\Temp\InjectorShield.exe" = C:\Users\Lukas\AppData\Local\Temp\InjectorShield.exe:*:Enabled:Windows Messanger
"C:\Users\Lukas\AppData\Local\Temp\InjectorShield.exe" = C:\Users\Lukas\AppData\Local\Temp\InjectorShield.exe:*:Enabled:Windows Messanger
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E31AD2E7-7018-4085-88B0-3FFCCF8AE9C9}" = Microsoft DirectX 9.0 Developer Runtime for x64
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"ESL Wire_is1" = ESL Wire 1.10.1
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"MAXON8C66D661" = NET Render Client 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"My Lockbox_is1" = My Lockbox 2.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{058AF8C6-E4DE-4D91-9879-B72860E9F615}" = MorphVOX Pro
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C9CB04A-5A5A-499E-95FC-F7FA9D70AA8A}" = Autodesk Softimage Mod Tool 7.5
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{188D89CF-599B-4F16-9FF5-EAD6294D822E}" = Microsoft DirectX 9.0 SDK Update (Summer 2004)
"{190B4E60-FE37-4B8C-A661-172997347A90}" = Sony Media Manager 2.2
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D6293F2-53DA-45A1-B7F4-1843CA3B2658}" = Darkest of Days
"{433E2032-D3E0-46FF-BAA4-0976F333C1E4}" = IIS 7.5 Express
"{471DCE2E-75B0-4B4F-B6B1-C4EA5A3D1E2C}" = Autodesk Softimage Mod Tool 7.5
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E0E4D61-11EC-11E0-B454-0013D3D69929}" = Vegas Pro 10.0
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E23DEA9-9912-47FA-A71E-5E014A59FA32}" = Gamestudio 7 Extra
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1" = War Inc Battlezone version 1.0.0
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9935C7E-ED44-427D-B8DF-39E2ACF1AA6A}_is1" = Men of War: Vietnam (Remove Only)
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}" = Sci-Fi Sound Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EDF704ED-3800-4BE5-BEF8-39189C5E42BE}" = Modern War Sounds
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE9A131E-5B18-4EFD-9095-E18D1F898900}_is1" = Erotic Empire
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"4PL-Insight" = 4PL-Insight!
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ant.com IE add-on" = Ant.com IE add-on
"ARMA 2 REINFORCEMENTS" = ARMA 2 REINFORCEMENTS Uninstall
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudioConverter Studio_is1" = AudioConverter Studio 6.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CraftBukkit" = CraftBukkit
"Cross Fire_is1" = Cross Fire En
"Crossfire Europe" = Crossfire Europe
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"EA Installer.-1797597899" = EA Installer
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Fallout New Vegas_is1" = Fallout New Vegas
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FileZilla Client" = FileZilla Client 3.5.2
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"GamersFirst LIVE!" = GamersFirst LIVE!
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = PRODUCT_NAME
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.5.3
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PowerISO" = PowerISO
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Roccat GUI3.0" = Roccat GUI
"Steam App 10500" = Empire: Total War
"Steam App 107900" = War Inc. Battlezone
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 211" = Source SDK
"Steam App 22350" = Brink
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55410" = Warhammer 40,000: Space Marine Demo
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 9880" = Champions Online: Free For All
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VTFEdit_is1" = VTFEdit 1.2.5
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP 1.7.7
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"af8063ee51cc0619" = BF3CC
"Tropico 4" = Tropico 4 1.00
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.01.2012 14:48:53 | Computer Name = Spielebude | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error - 04.01.2012 14:49:28 | Computer Name = Spielebude | Source = Avira AntiVir | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 04.01.2012 14:49:28 | Computer Name = Spielebude | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error - 04.01.2012 14:49:47 | Computer Name = Spielebude | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 10.0.12.31 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7d0 Startzeit:
01cccb117f477dc0 Endzeit: 0 Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avcenter.exe
Berichts-ID:
dc9d7101-3704-11e1-a3bc-00ff01000001
Error - 04.01.2012 15:32:29 | Computer Name = Spielebude | Source = Avira AntiVir | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 04.01.2012 15:32:29 | Computer Name = Spielebude | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error - 04.01.2012 15:32:47 | Computer Name = Spielebude | Source = MySQL | ID = 100
Description = Plugin 'InnoDB' init function returned error. For more information,
see Help and Support Center at hxxp://www.mysql.com.
Error - 04.01.2012 15:32:47 | Computer Name = Spielebude | Source = MySQL | ID = 100
Description = Plugin 'InnoDB' registration as a STORAGE ENGINE failed. For more information,
see Help and Support Center at hxxp://www.mysql.com.
Error - 04.01.2012 15:32:47 | Computer Name = Spielebude | Source = MySQL | ID = 100
Description = Unknown/unsupported storage engine: InnoDB For more information, see
Help and Support Center at hxxp://www.mysql.com.
Error - 04.01.2012 15:32:47 | Computer Name = Spielebude | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at hxxp://www.mysql.com.
[ System Events ]
Error - 04.01.2012 14:50:32 | Computer Name = Spielebude | Source = Service Control Manager | ID = 7034
Description = Dienst "Apache2.2" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 04.01.2012 14:50:49 | Computer Name = Spielebude | Source = Service Control Manager | ID = 7034
Description = Dienst "Ant Toolbar updater service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 04.01.2012 15:32:23 | Computer Name = Spielebude | Source = NetBT | ID = 4311
Description = Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht
erstellt werden konnte. Verwenden Sie die Zeichenfolge "00248C7ED8CC", um die Schnittstelle
zu identifizieren, die nicht initialisiert werden konnte. Sie stellt die MAC-Adresse
der Schnittstelle mit dem Initialisierungsfehler oder die GUID (Globally Unique
Interface Identifier) dar, wenn NetBT keine Zuordnung von der GUID zur MAC-Adresse
herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar waren, dann
stellt die Zeichenfolge einen Clustergerätenamen dar.
Error - 04.01.2012 15:32:23 | Computer Name = Spielebude | Source = NetBT | ID = 4311
Description = Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht
erstellt werden konnte. Verwenden Sie die Zeichenfolge "00248C7ED8CC", um die Schnittstelle
zu identifizieren, die nicht initialisiert werden konnte. Sie stellt die MAC-Adresse
der Schnittstelle mit dem Initialisierungsfehler oder die GUID (Globally Unique
Interface Identifier) dar, wenn NetBT keine Zuordnung von der GUID zur MAC-Adresse
herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar waren, dann
stellt die Zeichenfolge einen Clustergerätenamen dar.
Error - 04.01.2012 15:32:51 | Computer Name = Spielebude | Source = W3SVC | ID = 1004
Description =
Error - 04.01.2012 15:32:51 | Computer Name = Spielebude | Source = HTTP | ID = 15005
Description =
Error - 04.01.2012 15:32:57 | Computer Name = Spielebude | Source = Service Control Manager | ID = 7034
Description = Dienst "mysql" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 04.01.2012 15:33:22 | Computer Name = Spielebude | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.01.2012 15:33:25 | Computer Name = Spielebude | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.01.2012 15:35:02 | Computer Name = Spielebude | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
05.01.2012, 11:29
| #4 |
| /// Malware-holic | Malware die meinen PC zum Zombie machte und wie soll ich dir da ne vernünftige analyse machen, du hast mir ja gestern 2 links geschickt, hast du beide ausgeführt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2012, 13:23
| #5 |
| /// Malware-holic | Malware die meinen PC zum Zombie machte du hast mir ja per pm geschrieben du hast beide ausgeführt 1. Datenrettung:
4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2012, 14:00
| #6 |
| | Malware die meinen PC zum Zombie machte daten sind auf einer ext. hdd gesichert hab eine Windows CD jop ich weiß wie man neuaufsetzt |
|
05.01.2012, 14:15
| #7 |
| /// Malware-holic | Malware die meinen PC zum Zombie machte ok gebe nur noch mal kurze stichpunkte, damit's auf jeden fall klappt. cd einlegen. - pc neustarten, f12 fürs boot menü dort cd bzw dvd laufwerk dann beliebige taste drücken, benutzerdefiniert, dann bei der partitionsauswahl die c:\windows partition wählen, optionen, formatieren, bestätigen. dann erst instaliren, falls daten nach windows.old verschoben werden sollen, abbrechen, zurück zu der partitionsauswahl erneut formatieren. wenns geklappt hat mit der instalation: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware und du kannst vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: https://www.google.com/chrome?hl=de falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: Windows 7 Systemabbild erstellen (Backup) Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Malware die meinen PC zum Zombie machte |
| acrobat update, aufrufe, auswerten, beendet, computer, eingefroren, festgestellt, folge, geblockt, gelöscht, google, hacker, hijack, hijackthis, log, malware, malwarebytes, min, nicht mehr, nvidia update, plötzlich, problem, retten, suche, taskmanager, video, virus, youtube, zombie |
