| |
| |||||||
Log-Analyse und Auswertung: nach gema trojaner der den pc sperrt fehler beim systemstartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.06.2012, 03:59
| #1 |
| |  nach gema trojaner der den pc sperrt fehler beim systemstart hallo, ich hab ein problem ich hatte den Gema trojaner drauf, der den pc sperrt. Und jetzt kommt beim windowsstart c:\users\maki\appdata\local\temp\jork_0_typ_col.exe könnte nicht gestartet werden. ich konnte den trojaner in abgesichtertenmodus mit kaspersky löschen leider weiss ich nicht wie er hies und eine logdata in kaspersky hab ich noch nicht endeckt. und ich denke ich hab noch mehr schlimme sachen auf mein pc die kaspersky nicht gefunden hat. defogger hat kein fehler gehabt. zumindest hat es keine datei auf mein destop gelegt. die otl daten: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.06.2012 04:33:50 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\maki\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,19% Memory free 15,99 Gb Paging File | 13,92 Gb Available in Paging File | 87,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,94 Gb Total Space | 4,28 Gb Free Space | 10,71% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS Drive E: | 1622,98 Gb Total Space | 1291,86 Gb Free Space | 79,60% Space Free | Partition Type: NTFS Computer Name: MA | User Name: maki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.29 04:11:47 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe ========== Modules (No Company Name) ========== MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] [2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions [2012.06.21 07:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions [2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.11.02 16:22:45 | 000,002,059 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml [2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.07 15:44:06 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI [2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.12 15:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.12 15:15:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.12 15:15:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 15:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 15:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15068 more lines... O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2004.08.28 15:37:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell - "" = AutoRun O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia [2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider ========== Files - Modified Within 30 Days ========== [2012.06.29 04:22:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 04:22:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 04:17:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.29 04:17:09 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys [2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable [2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini [2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.24 05:19:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.06.24 05:15:17 | 000,001,895 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.20 05:47:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.06.17 23:40:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.17 23:40:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.17 23:40:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.17 23:40:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.17 23:40:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 13:42:01 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u ========== Files Created - No Company Name ========== [2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable [2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf [2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.24 05:15:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.06.24 05:15:17 | 000,001,895 | ---- | C] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u [2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg [2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft [2012.01.04 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Azureus [2010.11.02 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite [2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft [2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ [2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local [2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient [2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble [2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin [2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr [2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio [2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.06.2012 04:33:50 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\maki\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,19% Memory free
15,99 Gb Paging File | 13,92 Gb Available in Paging File | 87,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 4,28 Gb Free Space | 10,71% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,86 Gb Free Space | 79,60% Space Free | Partition Type: NTFS
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B12A2D-C8FD-4594-8FC2-471F8B8CD29D}" = lport=56239 | protocol=17 | dir=in | name=pando media booster |
"{083EDC4A-F4C6-48F2-BF0B-8B52E537BAF1}" = lport=56239 | protocol=6 | dir=in | name=pando media booster |
"{0BA61008-E65B-4860-AF91-D770F5351168}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0C6597F9-5C2E-4A1C-B0EF-3C47B2BCCC86}" = rport=139 | protocol=6 | dir=out | app=system |
"{120D1015-9D15-49FA-949E-DFE83562119C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{15E25C59-FC41-4515-A405-DF3533F4EFBC}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{16E8224A-5A5D-4E4C-9BED-48114D4CFEF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20AFCAC8-E3D4-4930-AB67-6D0447544DDD}" = rport=137 | protocol=17 | dir=out | app=system |
"{220B76DC-D36B-400A-B71F-23D63A8FDD01}" = lport=56239 | protocol=6 | dir=in | name=pando media booster |
"{2F43D689-3C6A-49FA-AEAF-FC5A9487F35D}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{334D3E8D-FEA3-4806-B514-22BB352861FC}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{36551E85-BEE0-44E6-B97E-8FED5A28148E}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{3922FE1B-ECCF-4C7D-A643-EDC0A2DBB747}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher |
"{3A8BF361-66F8-4C64-A440-562ED1703C66}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{44A30F58-3D9B-4CDB-8B32-3975E0C5DDAC}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher |
"{475893E4-6A19-4DAA-A214-843647129EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D6B2B78-6A13-4F4E-B51A-519F5590B5ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E391BCB-81A3-4138-9E22-927D520825E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50F892AD-D87E-4EB8-9A5E-1F49E405F95A}" = lport=445 | protocol=6 | dir=in | app=system |
"{54AFEC8B-34B9-4FDE-A364-542DF3ABBCE7}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A8F34B8-2DFC-494E-9B12-C488B78B57AD}" = lport=56943 | protocol=6 | dir=in | name=pando media booster |
"{5C8E93CF-82BE-46DD-B2F1-626FEAD64ED5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DCF2294-3975-456B-92DD-75EFBA3FD38D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6168711C-4B11-4EA9-8EF1-657B66C28D40}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{61F21FE5-CAC6-4A12-ACC1-7F250C465141}" = lport=2869 | protocol=6 | dir=in | app=system |
"{637F9A14-8175-4EDB-8B1F-2327DABC3C23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C6C16C9-AC75-4BA8-8294-65055B8AF122}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{6D4C8F5E-BA7B-47D3-88D7-0BFAB1426DDD}" = rport=138 | protocol=17 | dir=out | app=system |
"{70BE25A6-9F35-4E9B-A147-EF68BAEFDEE4}" = lport=56943 | protocol=6 | dir=in | name=pando media booster |
"{859271AA-1A71-4C8A-B9FA-1B90BD6C1DAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88674E82-8429-4E11-AB90-04533865A181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A969E20-9782-41BD-A965-E3874EF39FE7}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{9D41D45C-2389-4D71-B5A1-86D276CCDB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A055A39B-8C9A-4FE5-BF44-27B3E0B47290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A0F53810-E536-4D8B-8E0A-9E8D9E0BF10C}" = lport=56943 | protocol=17 | dir=in | name=pando media booster |
"{A1D68B97-E6F2-40E5-B561-95414BC457B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAC08E18-43F1-44AC-ADDA-7E552A848BEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACD11528-3788-4007-AB63-EFEC6F8626B6}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{B11927D1-1F72-4ED1-9455-D5277C877FC8}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher |
"{B4726FE4-067B-471E-A991-E982C54E35F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA270A0A-1BCF-4B72-B731-FCC242909FD9}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher |
"{BD923188-0C37-45D5-9C83-217641FCE076}" = lport=56943 | protocol=17 | dir=in | name=pando media booster |
"{C0E7FDCB-0EA2-4DEE-B564-6A7D2CE94DC7}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{C18963F2-514A-4558-BBD3-23F50DB1667A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C1ABE3BA-E479-4944-B5CD-6E1F581840A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{C464B320-8A9F-4BD8-A9EF-267B28C9356A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{C6141466-1FDB-47C2-9A44-782D54D3D3B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7CCF420-3921-41CC-898F-C9E64838055F}" = lport=137 | protocol=17 | dir=in | app=system |
"{CB85EABF-4727-488C-8DA3-371F548F4AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBE31870-E69F-4DDB-AF50-5B63E0D3FC78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CE2B3187-219D-4B91-9962-195B6DE1FBF3}" = lport=56239 | protocol=17 | dir=in | name=pando media booster |
"{CFE0B770-24FA-4326-9D8B-09FC173AE7F4}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher |
"{D229929A-9A76-4920-96DA-BAD4B7E63376}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{D2F9E3A6-3AFB-4810-AA19-57F403FD59BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB2BCE3B-332D-4CB1-9B77-B8D18D10D943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB7E4DC1-B9BB-4112-8959-D40F33F0CC65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DE7BC26E-5B80-412F-AB6D-075DF6CCA598}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher |
"{DEAE600E-FBA3-4B2E-9701-00D223DC760D}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher |
"{DF266C9A-1AAC-421C-B4F1-47314DD41EEB}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{DFA810AB-04DA-437D-86CB-60E1C1A1A2B4}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{E0CBCA70-CC77-48AA-911B-D7D647EF1109}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher |
"{EA263BE0-285A-4D56-AA9A-80167E508F94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC1EE431-D9E2-404D-88D9-0BD9037C3113}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEFCD2BA-0D89-46EA-8C95-B0B23623BF0F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FF05DF33-FF09-4208-8896-4EDE63A7680A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00188318-3434-4561-AB62-8E4B257B686A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03194B6B-E2EE-41C8-830B-EECF9C574C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{1079138B-F054-44B7-8B51-7EDCF4F0702D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10D70222-8747-4D25-AB3C-656B2F3819C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1A7958F4-96CA-4D22-B4A6-C70908352D3D}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe |
"{1D1DFF57-E8B7-4F79-990B-EB9CB90A33E6}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe |
"{1D5187BE-1470-45AB-A8D3-B219B68A1BBA}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe |
"{1EC60D01-B2BC-4DB5-A8E2-2234B47F1D01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{2339FE7C-7530-46B9-BE31-1867E2FC9BE6}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe |
"{23E94450-FBFA-4290-9109-2578E977FEE2}" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe |
"{259DAC79-5941-4FB4-AA1B-42A0C32A4B23}" = protocol=6 | dir=in | app=e:\league of legends\game\league of legends.exe |
"{25D75D12-F54A-4894-BD13-0AA208C66D63}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe |
"{2FAFA836-C346-4AAF-AFB8-67EB9FCEA65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{342D8C0D-397B-4BBE-90A1-268F2EFAF0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3678F865-7B44-4511-9AE9-B7440BADF9C8}" = protocol=6 | dir=in | app=e:\valve\steam.exe |
"{3C3DC46A-A6D2-4154-A088-85ED8B911491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42EAEBC4-FB70-4AF3-AA33-02097CB77BD8}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe |
"{4397F01D-62DE-4E25-876E-339646BB94B7}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe |
"{45F700AE-117E-436C-94E7-4180067CFDD8}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{48EB54D3-24F1-40FE-9B6E-75D01D8A879E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4A9019EA-0EA2-4D43-8CBF-FC961589D46A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{51661261-393D-4D87-A5DB-000A4E47D3D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52A37D89-6E08-4B21-970A-E643ACB0823A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{543D2457-F83F-4559-B840-A1398DACBEC5}" = dir=in | app=d:\skype\phone\skype.exe |
"{58495DCF-F7F2-447C-BA8B-01D3954619C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{586C605C-9C69-44D6-BA7D-7B7047142D4A}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe |
"{5D64EE52-65A8-4EB4-9388-DADE998B2EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5EE0D5D2-0F06-4829-B43C-F71AA4B34028}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{603B1768-668A-4C8E-991E-FDA886042DD1}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike source\hl2.exe |
"{64269AB3-8E91-4A85-95E2-1632EB71EB8D}" = protocol=6 | dir=in | app=e:\diablo iii beta\diablo iii.exe |
"{68347310-28BE-47EB-B4CA-2FE5B650CAEF}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{690194C0-23E0-40EA-BB54-C4E311719EFB}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"{6BF61799-51D3-4BC5-B171-168248BD0DE6}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike source\hl2.exe |
"{6C73A531-C280-4782-BC43-0562AE17B971}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6DD0311F-47FB-454C-9E46-EDDF98405691}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{7104320D-59DE-4F8D-B59A-7692081DC74B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{755832E1-00DF-4518-8835-12984B2CA9C3}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{7817D259-95C2-47E7-90DE-F215337B8006}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe |
"{79228880-ECB4-45E7-A587-F77D72676861}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe |
"{79A01895-1387-4B10-B778-8E1E5D13B756}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{7A737697-9819-4165-A350-C1F6BD5A129F}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{7F2A932B-D5BA-4E77-A334-2217C670B2C5}" = protocol=17 | dir=in | app=e:\league of legends\air\lolclient.exe |
"{816D1808-EB8F-4B28-99C0-BB5CE05C5F7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81F7693D-9870-46F8-A36C-A0139783304F}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe |
"{823DE03C-FBDF-4FD4-96C3-E152FE1E4360}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe |
"{84A38EE3-D790-4741-9D60-298F77089175}" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe |
"{8947B655-0002-469F-8745-BADFD9C35B3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9034D00C-A69E-4319-95AB-8C5B425B9D2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91B953C5-AEAB-4C51-AD3A-1C6497929B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{95DB39AB-E2A9-4908-86C8-3705B5737F65}" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe |
"{982A40E9-6134-479A-8D09-069C3C5716AF}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe |
"{985BB86E-BFAA-424D-A773-31F7C9D4CA9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99955B47-9206-4815-94A7-F809FC0D0EE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AAD7561-0DAD-41B6-8713-58E83B4F5C3B}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"{9FD1B678-E526-4193-8DA2-F123EA9DA252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0F1F88A-C62D-462D-BC4F-BF806117EB88}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe |
"{A4EC1188-5B73-469A-A586-34C548BD5335}" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe |
"{A81F2578-EEAE-4959-B879-4411EB384A0F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A94B9C9F-936E-4244-AFC5-72174AB6A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAEF82C4-835F-4367-A516-DB91E81CE7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD48212E-C5DB-4BFB-9619-9A13765590C6}" = protocol=17 | dir=in | app=e:\league of legends\game\league of legends.exe |
"{BD85C7D2-AD4B-4AF6-978A-BFA095396C53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BF43F9AB-CAA1-45A7-AA21-4AD6A0AF708D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C6751553-4B32-47EA-8820-24C85FAE0B11}" = protocol=17 | dir=in | app=e:\diablo iii beta\diablo iii.exe |
"{C7D2BCFE-CA0F-480D-B651-3E7822173AD4}" = protocol=17 | dir=in | app=e:\valve\steam.exe |
"{C867EAEA-383B-409F-BA1D-18DCE0F757F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CBD8350C-FA20-4600-9672-D44B89F69FE4}" = protocol=6 | dir=in | app=e:\league of legends\air\lolclient.exe |
"{CF5E2B61-5895-43E3-9AEA-63E2E57C7799}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe |
"{D0AE6C02-42B3-46EA-9E17-1B6B35F71FC6}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{D46CF4A7-31E4-4406-9842-DD4D12A7D282}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{D9420C8C-8D8F-4500-8E0D-813452A43E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DCDD9190-C759-46DE-B576-97C007FE9861}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF27D0F3-2B1D-495F-B606-63BBC4672BD5}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{DFB6E3AE-F3AF-4704-B502-3D9E6802E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E29C5FF4-6A58-4F48-8E70-46FB2A58DBED}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{E4560C4C-E7B9-4BFB-BCC8-FE88E5458F96}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E8681331-6DEA-41EE-9EB8-AB9D8C0E76D0}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{EAAE6A74-1A56-49AD-BDDE-A8B6DBD12071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF59237D-E24A-4E15-959A-F9CE7E008808}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{F0708F61-4C61-4B6C-95C1-DDFA9695840A}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe |
"{F0A22330-7EE7-41A1-B960-2856F4A86C5F}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{F11C738C-4C11-4726-98FB-CD3D8A44297D}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe |
"{F5E5673B-566E-45DF-A886-CD14048260A3}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{F972F9D6-77FD-4120-A5F0-B245AEB41688}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FA1EAAAE-D883-40AD-B484-304263CB4415}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe |
"{FE5AD9D2-0D9F-446F-A309-051BAE358B54}" = protocol=6 | dir=out | app=system |
"{FE7916AA-5C5F-4856-AFE7-350B53FC6562}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{16FE1040-395B-44AE-975A-FAC82B4E1698}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{1DD18B8F-6081-47D2-9B83-01279FF8EBAC}C:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe |
"TCP Query User{1E3BC40D-FF7A-4779-A554-51F3AAD43854}E:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{217898EF-70F7-4736-97F5-7EF03E3DA321}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{23C9C9CF-F915-4ED7-90CD-B235097CA957}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{2759EFEC-7BD4-4F1A-80C2-52CA77AA603A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{2EA84010-7011-4DE5-AA0B-E70BC191DD46}E:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{49D9CC1C-16CE-45F8-AA93-3F14A2BFB405}E:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{4C00B47E-5272-44CC-89FF-FD3A75B74616}E:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe |
"TCP Query User{4C77765D-C99A-433E-BAF0-984DA0612844}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{4D69F569-1FE0-4CAB-B37A-DC11F7D7D5D4}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{51E4F43B-D6E6-43F3-AB02-DF63889B60AB}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"TCP Query User{5EABBEE1-38D5-4BDA-BD4B-B635CC2EA9D4}E:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\blizzard downloader.exe |
"TCP Query User{6415E3DC-6443-4280-A51D-1B347986F6C0}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{901B7E10-51F9-474A-B615-CB41A350C170}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe |
"TCP Query User{9AB5B951-9C49-446E-8954-193F490879A6}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{AA11E205-B7F0-4350-93B0-A789FAD9CE03}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{ACD821E2-86BC-43A8-8192-46C3E24CD5C0}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{AD8ECCCE-D018-4E60-B1A9-0822BAAEC43F}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{AFEC8B82-A948-43F8-B307-111619454E60}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{B70A5157-A3C4-49FC-9E99-4F23A34FC17D}E:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{BF93D70F-135F-46FB-81ED-A86E71B1C874}C:\users\maki\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\maki\downloads\starcraft_2_eu_de-de.exe |
"TCP Query User{BFEBF612-9498-4990-A88B-F8FA1A4B43A3}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{CE903C5A-F256-420E-A4A0-E5D350F96E9D}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe |
"TCP Query User{CF9D3D88-26C9-4ADA-82CB-B27F81547BAE}E:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{D01BAA9B-81BD-4A4E-8292-F58680DB2D55}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{D993C068-0722-4F76-811E-4C1D1EE7B07B}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{DC48E084-EE8F-4BA7-8A95-355522694B35}E:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{E3A5C123-5C38-4600-A1E6-86B5599B19DC}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe |
"TCP Query User{E94D7D63-EBF2-414C-97DC-B2DB7B16C9F5}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{EE663DCF-3594-4C43-B1FE-5B0E456895DC}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{EF7A8780-D2B2-49EF-AF69-AE1314CCEAB4}E:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe |
"TCP Query User{F1021219-4991-45D9-9ACE-71FA551E95D6}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{F3781D47-9E57-43CE-8974-038E7A550AEE}E:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{008A63AD-AA38-491F-A6EC-E25F8D707968}E:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe |
"UDP Query User{021D78C9-C74D-4A86-AB6C-962AAE98F90D}E:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{03253933-9422-48F9-88CB-EC873F6F4CD6}E:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{07F97C36-53B2-4755-A126-7A8223F919E9}E:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{0845C00D-526B-42A3-A593-F0FC37AAC594}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{08F74434-C870-4B1B-A27F-C64E9335C0FB}E:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{0AA1F2E0-E554-4D19-9BAC-BBA6B91E3E82}E:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\blizzard downloader.exe |
"UDP Query User{209320CC-16FF-44DC-A4DC-BB2A1BDA632D}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe |
"UDP Query User{3B988D18-B2DA-4F3D-BAA8-D9A32D58700D}C:\users\maki\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\maki\downloads\starcraft_2_eu_de-de.exe |
"UDP Query User{43A4B2C2-05C9-4B7B-8081-FED47ED89512}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{51D38C14-7ED7-4138-8B29-152898EDA0A5}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{527BE6B7-44F9-4E23-B229-0F5E364A1EDF}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe |
"UDP Query User{563C2772-DF4E-46B5-8EB5-8A0777940BB5}E:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{5DDFDB42-FF21-4139-8605-E2B175D72104}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{72413AC5-D162-4B26-8D4A-2710A433E892}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{78548A1A-8C30-409B-B89E-98D599C1730D}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{7B7C621B-9BA1-497F-8D08-2992CD3EFE55}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe |
"UDP Query User{84FFF629-8834-4C58-BF0A-868CA6239133}E:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{89F233B7-2996-47F3-904E-70BE187E781B}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{97D0BEF5-8225-44E3-A934-99F04AEB1B11}E:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{98A98762-422F-4C6F-9EE1-23E2BE49823D}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{AB7B1780-9C9B-4ECE-8B75-67D621EBB483}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{AD208A88-C402-49A6-8941-E6ECD284B145}C:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe |
"UDP Query User{ADC4BB8F-7E4F-4090-9F04-E39251D504F5}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"UDP Query User{AF8EE3E6-1A6C-417E-8D24-74ECF5534938}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{BC518AED-B957-4968-A2A3-E532D7B0ED8C}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{C1B6FDAD-D268-4D8F-9CE6-0E1F4387F20A}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{DB829D66-8FA2-4C55-A25D-4D01B4C73CFA}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{DB9DBCD3-9A43-4383-B9C9-475755D46823}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{E2F3AF79-C525-4D66-87B2-439E0BD2141D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{E75115C1-9754-468A-B0D3-F936FD97C9FD}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{F2CB6110-4F18-42BD-9DE8-43B6973BF2E8}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{F60AC854-F0EA-401C-98AF-778146B7A697}E:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe |
"UDP Query User{F7F9992D-33D4-47C3-9686-A21031A8133B}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.06.2012 21:59:00 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x000ccb60 ID des fehlerhaften Prozesses: 0x1458 Startzeit der fehlerhaften Anwendung:
0x01cd51acc906cd0c Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
2a45d776-bda0-11e1-b8ca-20cf30958817
Error - 23.06.2012 23:16:43 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x624 Startzeit der fehlerhaften Anwendung: 0x01cd51550bb95001
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
056a5835-bdab-11e1-b8ca-20cf30958817
Error - 23.06.2012 23:43:24 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x564 Startzeit der fehlerhaften Anwendung: 0x01cd51b9e6286a09
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
bf7da8a7-bdae-11e1-84c0-20cf30958817
Error - 23.06.2012 23:46:48 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x570 Startzeit der fehlerhaften Anwendung: 0x01cd51bba556ee31
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
391e0711-bdaf-11e1-8550-20cf30958817
Error - 24.06.2012 09:20:37 | Computer Name = ma | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1477837245-3929076867-2894469876-1000\$RJYMF32.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 24.06.2012 13:56:23 | Computer Name = ma | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
0077467drv. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 24.06.2012 13:56:23 | Computer Name = ma | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
08076179. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 24.06.2012 15:03:52 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x5b8 Startzeit der fehlerhaften Anwendung: 0x01cd521f90e5a126
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
56442a4b-be2f-11e1-9125-20cf30958817
Error - 27.06.2012 12:26:19 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x5e0 Startzeit der fehlerhaften Anwendung: 0x01cd544a0f0ee71a
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
d32df8c8-c074-11e1-a943-20cf30958817
Error - 28.06.2012 20:02:05 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x5c4 Startzeit der fehlerhaften Anwendung: 0x01cd554876a9f474
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
a8f4043b-c17d-11e1-af55-20cf30958817
[ System Events ]
Error - 28.06.2012 12:09:58 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.06.2012 12:10:54 | Computer Name = ma | Source = DCOM | ID = 10010
Description =
Error - 28.06.2012 20:02:06 | Computer Name = ma | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.06.2012 20:02:06 | Computer Name = ma | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 28.06.2012 20:02:06 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1069
Error - 28.06.2012 21:57:25 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.06.2012 21:59:28 | Computer Name = ma | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 28.06.2012 22:16:21 | Computer Name = ma | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.06.2012 22:17:15 | Computer Name = ma | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?06.?2012 um 04:16:14 unerwartet heruntergefahren.
Error - 28.06.2012 22:17:19 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
ich bedanke mich schonmal für die hilfe und ich hoffe ich hab kein fehler gemacht. und die zipdatei. Geändert von lalalula (29.06.2012 um 04:04 Uhr) |
|
29.06.2012, 05:03
| #2 | |||
| /// Helfer-Team    | nach gema trojaner der den pc sperrt fehler beim systemstart Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Hast Du OTL falsch installiert: OTL muss auf dem Desktop gespechert werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen: -> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Nach installation in der Log-Datei soll etwa so aussehen: Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
4. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
5. nur prüfen! MBR mit aswMBR von Avast prüfen Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin). XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern. Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread. Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
29.06.2012, 06:06
| #3 |
| | nach gema trojaner der den pc sperrt fehler beim systemstart also der einzige fehler der mir jetzt aufgefallen ist ist [das ich es nicht auf den destop gespeichert habt] der rest stand nicht in der hilfe.
__________________also ihr die logs von Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.25.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 maki :: MA [Administrator] Schutz: Aktiviert 25.06.2012 18:11:30 mbam-log-2012-06-25 (18-11-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 686 Laufzeit: 9 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 29.06.2012 06:57:16 - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\maki\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,87 Gb Available Physical Memory | 60,89% Memory free 15,99 Gb Paging File | 12,68 Gb Available in Paging File | 79,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,94 Gb Total Space | 4,72 Gb Free Space | 11,81% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS Drive E: | 1622,98 Gb Total Space | 1291,86 Gb Free Space | 79,60% Space Free | Partition Type: NTFS Computer Name: MA | User Name: maki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe ========== Modules (No Company Name) ========== MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] [2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions [2012.06.21 07:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions [2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.11.02 16:22:45 | 000,002,059 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml [2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.07 15:44:06 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI [2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.12 15:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.12 15:15:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.12 15:15:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 15:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 15:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15068 more lines... O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2004.08.28 15:37:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell - "" = AutoRun O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.29 06:41:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe [2012.06.29 06:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.06.29 06:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.06.29 06:36:27 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe [2012.06.29 06:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe [2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia [2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider ========== Files - Modified Within 30 Days ========== [2012.06.29 06:53:20 | 000,000,512 | ---- | M] () -- C:\Users\maki\Desktop\MBR.dat [2012.06.29 06:42:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe [2012.06.29 06:37:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.29 06:36:36 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe [2012.06.29 04:57:16 | 000,027,861 | ---- | M] () -- C:\Users\maki\Desktop\logfiles.rar [2012.06.29 04:47:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 04:47:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 04:41:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.29 04:41:53 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys [2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable [2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini [2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.24 05:19:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.06.24 05:15:17 | 000,001,895 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.20 05:47:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.06.17 23:40:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.17 23:40:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.17 23:40:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.17 23:40:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.17 23:40:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 13:42:01 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u ========== Files Created - No Company Name ========== [2012.06.29 06:53:20 | 000,000,512 | ---- | C] () -- C:\Users\maki\Desktop\MBR.dat [2012.06.29 06:37:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.29 04:57:16 | 000,027,861 | ---- | C] () -- C:\Users\maki\Desktop\logfiles.rar [2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable [2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf [2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.24 05:15:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.06.24 05:15:17 | 000,001,895 | ---- | C] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u [2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg [2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft [2012.01.04 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Azureus [2010.11.02 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite [2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft [2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ [2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local [2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient [2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble [2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin [2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr [2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio [2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ccleaner software Code:
ATTFilter Adobe AIR Adobe Systems Inc. 16.01.2011 2.5.1.17730 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 06.11.2011 6,00MB 11.0.1.152 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.06.2012 6,00MB 11.3.300.257 Adobe Reader X (10.0.1) - Deutsch Adobe Systems Incorporated 13.02.2011 115MB 10.0.1 Alice Madness Returns Electronic Arts 18.02.2012 64,9MB 1.0.0.0 AMD Catalyst Install Manager Advanced Micro Devices, Inc. 29.04.2012 26,2MB 8.0.873.0 Apple Application Support Apple Inc. 06.07.2011 52,8MB 1.4.1 Apple Software Update Apple Inc. 06.07.2011 2,15MB 2.1.1.116 Battlefield 3™ Electronic Arts 11.11.2011 1.0.0.0 Battlelog Web Plugins EA Digital Illusions CE AB 10.06.2012 1.122.0 CCleaner Piriform 22.06.2012 3.20 Curse Client Curse 29.03.2012 4.0.1.260 D-Fend Reloaded 1.2.1 (deinstallieren) Alexander Herzog 06.02.2012 1.2.1 DAEMON Tools Toolbar DT Soft Ltd 02.11.2010 1.1.2.0185 Diablo III Blizzard Entertainment 23.06.2012 1.0.3.10057 DivX-Setup DivX, LLC 21.01.2011 2.3.0.20 Edna Bricht Aus 6.3 12.06.2012 ESN Sonar ESN Social Software AB 10.06.2012 0.70.4 Fiesta Online(EU_German) 1.04.000 gamigo Games 04.09.2011 1.04.000 Free YouTube Download version 3.0.22.221 DVDVideoSoft Ltd. 12.03.2012 60,5MB 3.0.22.221 Free YouTube to MP3 Converter version 3.10.17.221 DVDVideoSoft Ltd. 12.03.2012 71,5MB 3.10.17.221 GOM Player Gretech Corporation 01.05.2012 2.1.40.5106 GOMTV Streamer Gretech Corporation 14.03.2012 1.0.0.26 Guitar Pro 5.2 Arobas Music 12.02.2011 ICQ7.2 ICQ 02.11.2010 7.2 Java(TM) 6 Update 24 Oracle 15.01.2011 94,9MB 6.0.240 Kaspersky Internet Security 2012 Kaspersky Lab 24.06.2012 12.0.0.374 League of Legends Riot Games 18.01.2011 1.02.0000 Logitech GamePanel Software 2.00 Logitech 02.11.2010 11,2MB 2.00.171 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 25.06.2012 18,0MB 1.61.0.1400 McAfee Security Scan Plus McAfee, Inc. 06.12.2010 8,30MB 2.0.181.2 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.11.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.11.2010 2,93MB 4.0.30319 Microsoft Office Professional Edition 2003 Microsoft Corporation 13.05.2012 1,10GB 11.0.8173.0 Microsoft Silverlight Microsoft Corporation 13.05.2012 180MB 4.1.10329.0 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 14.04.2011 790KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 598KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.11.2010 252KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 31.10.2010 788KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 18.02.2012 234KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.11.2011 240KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.01.2011 594KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 12.11.2011 15,2MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.11.2011 15,0MB 10.0.40219 Mozilla Firefox 13.0.1 (x86 de) Mozilla 17.06.2012 35,8MB 13.0.1 Mozilla Maintenance Service Mozilla 17.06.2012 309KB 13.0.1 Mumble and Murmur Mumble 03.11.2010 1.2.2 NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 31.10.2010 993KB 1.0.19.0 Origin Electronic Arts, Inc. 05.03.2012 8.5.0.4550 Paint.NET v3.5.10 dotPDN LLC 15.05.2012 10,6MB 3.60.0 Pando Media Booster Pando Networks Inc. 04.09.2011 5,46MB 2.3.6.0 Pflanzen gegen Zombies PopCap Games 10.04.2011 PunkBuster Services Even Balance, Inc. 15.02.2012 0.991 QuickTime Apple Inc. 06.07.2011 73,6MB 7.69.80.9 Realtek Ethernet Controller Driver For Windows 7 Realtek 31.10.2010 7.15.209.2010 Skype™ 5.8 Skype Technologies S.A. 20.03.2012 19,0MB 5.8.158 Star Wars: The Old Republic Electronic Arts, Inc. 10.01.2012 26,7MB 1.00 StarCraft II Blizzard Entertainment 22.02.2012 1.4.3.21029 Team Fortress 2 Valve 30.06.2011 TeamSpeak 3 Client TeamSpeak Systems GmbH 04.11.2010 VIA Plattform-Geräte-Manager VIA Technologies, Inc. 31.10.2010 2,61MB 1.34 VLC media player 1.1.4 VideoLAN 02.11.2010 1.1.4 Vuze Vuze Inc. 05.11.2010 4.5 Warcraft III 31.05.2011 Warcraft III: All Products 31.05.2011 Winamp (remove only) 02.11.2010 Windows Live Anmelde-Assistent Microsoft Corporation 23.06.2012 1,93MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 23.06.2012 14.0.8117.0416 Windows Live OneCare safety scanner Microsoft Corporation 03.12.2010 Windows Live-Uploadtool Microsoft Corporation 23.06.2012 224KB 14.0.8014.1029 WinRAR 03.12.2010 World of Warcraft Blizzard Entertainment 18.04.2012 4.3.4.15595 Zip Motion Block Video codec (Remove Only) DOSBox Team 06.02.2012 Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-29 06:49:37
-----------------------------
06:49:37.123 OS Version: Windows x64 6.1.7600
06:49:37.123 Number of processors: 6 586 0xA00
06:49:37.123 ComputerName: MA UserName:
06:49:37.450 Initialize success
06:49:41.615 AVAST engine defs: 12062900
06:49:43.768 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:49:43.768 Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
06:49:43.784 Disk 0 MBR read successfully
06:49:43.784 Disk 0 MBR scan
06:49:43.799 Disk 0 Windows 7 default MBR code
06:49:43.815 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
06:49:43.831 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 40900 MB offset 206848
06:49:43.846 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 204800 MB offset 83970048
06:49:43.862 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 1661927 MB offset 503400448
06:49:43.893 Disk 0 scanning C:\Windows\system32\drivers
06:49:53.643 Service scanning
06:50:09.555 Modules scanning
06:50:09.571 Disk 0 trace - called modules:
06:50:10.101 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
06:50:10.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bd0060]
06:50:10.117 3 CLASSPNP.SYS[fffff880019a643f] -> nt!IofCallDriver -> [0xfffffa8007b089b0]
06:50:10.132 5 ACPI.sys[fffff88000ed8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007bc8060]
06:50:10.444 AVAST engine scan C:\Windows
06:50:12.425 AVAST engine scan C:\Windows\system32
06:52:51.062 AVAST engine scan C:\Windows\system32\drivers
06:53:03.105 AVAST engine scan C:\Users\maki
06:53:20.172 Disk 0 MBR has been saved successfully to "C:\Users\maki\Desktop\MBR.dat"
06:53:20.187 The log file has been saved successfully to "C:\Users\maki\Desktop\aswMBR.txt"
|
|
30.06.2012, 04:57
| #4 | |||
| /// Helfer-Team | nach gema trojaner der den pc sperrt fehler beim systemstart 1. Deinstalliere unter Systemsteuerung-> Software/Programme: Code:
ATTFilter DAEMON Tools Toolbar
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. Zitat:
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere: Code:
ATTFilter McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. 3. deinstalliere: Code:
ATTFilter Azureus
Vuze
Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!  Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen! 4. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2010.11.02 16:22:45 | 000,002,059 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml
[2012.02.12 15:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 15:15:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 15:15:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 15:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 15:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004.08.28 15:37:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell - "" = AutoRun
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE
:Files
C:\ProgramData\loc_pyt_0_kroj.pad
C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\Users\maki\AppData\Roaming\Azureus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
5. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 6. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 7. reinige dein System mit CCleaner:
8.
9. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 8. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 10. erneut einen Scan mit OTL:
11. kann ich nicht zuordnen, um was handelt es sich dabei ?: Code:
ATTFilter C:\Users\maki\Desktop\ghjghkdghkd.m3u
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
30.06.2012, 09:57
| #5 |
| | nach gema trojaner der den pc sperrt fehler beim systemstart die erste otl datei Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\maki\AppData\Roaming\Mozilla\FireFox\Profiles\hgob6l6f.default\user.js moved successfully.
C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
E:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\SETUP.EXE not found.
========== FILES ==========
C:\ProgramData\loc_pyt_0_kroj.pad moved successfully.
C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\tmp\AZU5117626480262246311.tmp folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\hvi folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\logs\save folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\maki\Desktop\cmd.bat deleted successfully.
C:\Users\maki\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: maki
->Temp folder emptied: 73720607 bytes
->Temporary Internet Files folder emptied: 102664433 bytes
->Java cache emptied: 61181 bytes
->FireFox cache emptied: 172174997 bytes
->Flash cache emptied: 192157 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316037242 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045735 bytes
RecycleBin emptied: 20778760 bytes
Total Files Cleaned = 688,00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 06302012_065214
Files\Folders moved on Reboot...
C:\Users\maki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\maki\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/30/2012 at 08:02 AM
Application Version : 5.5.1006
Core Rules Database Version : 8825
Trace Rules Database Version: 6637
Scan type : Complete Scan
Total Scan Time : 00:45:15
Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC On - Limited User
Memory items scanned : 767
Memory threats detected : 0
Registry items scanned : 65936
Registry threats detected : 0
File items scanned : 62670
File threats detected : 11
Adware.Tracking Cookie
C:\Users\maki\AppData\Roaming\Microsoft\Windows\Cookies\NJEMV0G0.txt [ /atdmt.combing.com ]
.im.banner.t-online.de [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
insight.torbit.com [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Krpytik
E:\STARCARFT SAMMLUNG\STARCRAFT\REGSETUP.EXE
E:\STARCARFT SAMMLUNG\STARCRAFTS\REGSETUP.EXE
otl datei. Code:
ATTFilter OTL logfile created on: 30.06.2012 09:45:04 - Run 4 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\maki\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,46 Gb Available Physical Memory | 68,22% Memory free 15,99 Gb Paging File | 12,94 Gb Available in Paging File | 80,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,94 Gb Total Space | 5,50 Gb Free Space | 13,77% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS Computer Name: MA | User Name: maki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe PRC - [2012.06.17 16:16:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.06.13 13:43:32 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe ========== Modules (No Company Name) ========== MOD - [2012.06.17 16:16:11 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.13 13:43:32 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] [2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions [2012.06.30 03:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions [2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.30 03:17:36 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI [2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15068 more lines... O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.30 09:19:42 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.30 09:19:29 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.30 09:19:28 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.30 09:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.30 07:23:35 | 000,000,000 | ---D | C] -- C:\Users\maki\Desktop\d3 talente [2012.06.30 07:16:08 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\SUPERAntiSpyware.com [2012.06.30 07:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.06.30 07:01:45 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.30 07:01:45 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.30 06:59:34 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\maki\Desktop\jre-7u5-windows-x64.exe [2012.06.30 06:52:14 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.29 06:41:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe [2012.06.29 06:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.06.29 06:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.06.29 06:36:27 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe [2012.06.29 06:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe [2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.19 16:11:33 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 16:11:33 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 16:11:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 16:11:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 16:11:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 16:11:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 16:10:51 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 16:10:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia [2012.06.13 03:00:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 03:00:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 03:00:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 03:00:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 03:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 03:00:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 03:00:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 03:00:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 03:00:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 03:00:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 03:00:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 03:00:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 03:00:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.12 22:43:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.12 22:43:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.12 22:43:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.12 22:43:18 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.12 22:43:18 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.12 22:43:18 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.12 22:43:09 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.12 22:43:02 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.12 22:43:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider ========== Files - Modified Within 30 Days ========== [2012.06.30 09:44:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 09:44:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 09:38:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.30 09:38:53 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys [2012.06.30 09:19:15 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.30 09:19:15 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.30 09:19:15 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.30 09:19:15 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.30 09:19:15 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.30 07:15:25 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.30 07:09:30 | 001,393,418 | ---- | M] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg [2012.06.30 06:59:46 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\maki\Desktop\jre-7u5-windows-x64.exe [2012.06.29 07:05:30 | 000,004,091 | ---- | M] () -- C:\Users\maki\Desktop\logfiles teil 2.rar [2012.06.29 07:04:55 | 000,028,070 | ---- | M] () -- C:\Users\maki\Desktop\logfiles.rar [2012.06.29 06:42:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe [2012.06.29 06:37:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.29 06:36:36 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe [2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable [2012.06.28 18:18:33 | 002,714,795 | ---- | M] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip [2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini [2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.20 05:47:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.06.17 23:40:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.17 23:40:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.17 23:40:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.17 23:40:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.17 23:40:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 13:43:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.13 13:43:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.13 13:42:01 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe ========== Files Created - No Company Name ========== [2012.06.30 07:15:25 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.30 07:09:22 | 001,393,418 | ---- | C] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg [2012.06.29 07:04:55 | 000,004,091 | ---- | C] () -- C:\Users\maki\Desktop\logfiles teil 2.rar [2012.06.29 06:37:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.29 04:57:16 | 000,028,070 | ---- | C] () -- C:\Users\maki\Desktop\logfiles.rar [2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable [2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf [2012.06.28 18:18:32 | 002,714,795 | ---- | C] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip [2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u [2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg [2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft [2012.06.30 07:04:12 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite [2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft [2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ [2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local [2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient [2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble [2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin [2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr [2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio [2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.06.2012 09:45:04 - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\maki\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,46 Gb Available Physical Memory | 68,22% Memory free
15,99 Gb Paging File | 12,94 Gb Available in Paging File | 80,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 5,50 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B12A2D-C8FD-4594-8FC2-471F8B8CD29D}" = lport=56239 | protocol=17 | dir=in | name=pando media booster |
"{083EDC4A-F4C6-48F2-BF0B-8B52E537BAF1}" = lport=56239 | protocol=6 | dir=in | name=pando media booster |
"{0BA61008-E65B-4860-AF91-D770F5351168}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0C6597F9-5C2E-4A1C-B0EF-3C47B2BCCC86}" = rport=139 | protocol=6 | dir=out | app=system |
"{120D1015-9D15-49FA-949E-DFE83562119C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{15E25C59-FC41-4515-A405-DF3533F4EFBC}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{16E8224A-5A5D-4E4C-9BED-48114D4CFEF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20AFCAC8-E3D4-4930-AB67-6D0447544DDD}" = rport=137 | protocol=17 | dir=out | app=system |
"{220B76DC-D36B-400A-B71F-23D63A8FDD01}" = lport=56239 | protocol=6 | dir=in | name=pando media booster |
"{2F43D689-3C6A-49FA-AEAF-FC5A9487F35D}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{334D3E8D-FEA3-4806-B514-22BB352861FC}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{36551E85-BEE0-44E6-B97E-8FED5A28148E}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{3922FE1B-ECCF-4C7D-A643-EDC0A2DBB747}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher |
"{3A8BF361-66F8-4C64-A440-562ED1703C66}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{44A30F58-3D9B-4CDB-8B32-3975E0C5DDAC}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher |
"{475893E4-6A19-4DAA-A214-843647129EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D6B2B78-6A13-4F4E-B51A-519F5590B5ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E391BCB-81A3-4138-9E22-927D520825E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50F892AD-D87E-4EB8-9A5E-1F49E405F95A}" = lport=445 | protocol=6 | dir=in | app=system |
"{54AFEC8B-34B9-4FDE-A364-542DF3ABBCE7}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A8F34B8-2DFC-494E-9B12-C488B78B57AD}" = lport=56943 | protocol=6 | dir=in | name=pando media booster |
"{5C8E93CF-82BE-46DD-B2F1-626FEAD64ED5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DCF2294-3975-456B-92DD-75EFBA3FD38D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6168711C-4B11-4EA9-8EF1-657B66C28D40}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{61F21FE5-CAC6-4A12-ACC1-7F250C465141}" = lport=2869 | protocol=6 | dir=in | app=system |
"{637F9A14-8175-4EDB-8B1F-2327DABC3C23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C6C16C9-AC75-4BA8-8294-65055B8AF122}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{6D4C8F5E-BA7B-47D3-88D7-0BFAB1426DDD}" = rport=138 | protocol=17 | dir=out | app=system |
"{70BE25A6-9F35-4E9B-A147-EF68BAEFDEE4}" = lport=56943 | protocol=6 | dir=in | name=pando media booster |
"{859271AA-1A71-4C8A-B9FA-1B90BD6C1DAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88674E82-8429-4E11-AB90-04533865A181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A969E20-9782-41BD-A965-E3874EF39FE7}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{9D41D45C-2389-4D71-B5A1-86D276CCDB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A055A39B-8C9A-4FE5-BF44-27B3E0B47290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A0F53810-E536-4D8B-8E0A-9E8D9E0BF10C}" = lport=56943 | protocol=17 | dir=in | name=pando media booster |
"{A1D68B97-E6F2-40E5-B561-95414BC457B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAC08E18-43F1-44AC-ADDA-7E552A848BEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACD11528-3788-4007-AB63-EFEC6F8626B6}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{B11927D1-1F72-4ED1-9455-D5277C877FC8}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher |
"{B4726FE4-067B-471E-A991-E982C54E35F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA270A0A-1BCF-4B72-B731-FCC242909FD9}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher |
"{BD923188-0C37-45D5-9C83-217641FCE076}" = lport=56943 | protocol=17 | dir=in | name=pando media booster |
"{C0E7FDCB-0EA2-4DEE-B564-6A7D2CE94DC7}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{C18963F2-514A-4558-BBD3-23F50DB1667A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C1ABE3BA-E479-4944-B5CD-6E1F581840A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{C464B320-8A9F-4BD8-A9EF-267B28C9356A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{C6141466-1FDB-47C2-9A44-782D54D3D3B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7CCF420-3921-41CC-898F-C9E64838055F}" = lport=137 | protocol=17 | dir=in | app=system |
"{CB85EABF-4727-488C-8DA3-371F548F4AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBE31870-E69F-4DDB-AF50-5B63E0D3FC78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CE2B3187-219D-4B91-9962-195B6DE1FBF3}" = lport=56239 | protocol=17 | dir=in | name=pando media booster |
"{CFE0B770-24FA-4326-9D8B-09FC173AE7F4}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher |
"{D229929A-9A76-4920-96DA-BAD4B7E63376}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{D2F9E3A6-3AFB-4810-AA19-57F403FD59BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB2BCE3B-332D-4CB1-9B77-B8D18D10D943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB7E4DC1-B9BB-4112-8959-D40F33F0CC65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DE7BC26E-5B80-412F-AB6D-075DF6CCA598}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher |
"{DEAE600E-FBA3-4B2E-9701-00D223DC760D}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher |
"{DF266C9A-1AAC-421C-B4F1-47314DD41EEB}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{DFA810AB-04DA-437D-86CB-60E1C1A1A2B4}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{E0CBCA70-CC77-48AA-911B-D7D647EF1109}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher |
"{EA263BE0-285A-4D56-AA9A-80167E508F94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC1EE431-D9E2-404D-88D9-0BD9037C3113}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEFCD2BA-0D89-46EA-8C95-B0B23623BF0F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FF05DF33-FF09-4208-8896-4EDE63A7680A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00188318-3434-4561-AB62-8E4B257B686A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1079138B-F054-44B7-8B51-7EDCF4F0702D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10D70222-8747-4D25-AB3C-656B2F3819C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1A7958F4-96CA-4D22-B4A6-C70908352D3D}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe |
"{1D1DFF57-E8B7-4F79-990B-EB9CB90A33E6}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe |
"{1D5187BE-1470-45AB-A8D3-B219B68A1BBA}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe |
"{2339FE7C-7530-46B9-BE31-1867E2FC9BE6}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe |
"{25D75D12-F54A-4894-BD13-0AA208C66D63}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe |
"{2FAFA836-C346-4AAF-AFB8-67EB9FCEA65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{342D8C0D-397B-4BBE-90A1-268F2EFAF0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3678F865-7B44-4511-9AE9-B7440BADF9C8}" = protocol=6 | dir=in | app=e:\valve\steam.exe |
"{3C3DC46A-A6D2-4154-A088-85ED8B911491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42EAEBC4-FB70-4AF3-AA33-02097CB77BD8}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe |
"{4397F01D-62DE-4E25-876E-339646BB94B7}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe |
"{48EB54D3-24F1-40FE-9B6E-75D01D8A879E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4A9019EA-0EA2-4D43-8CBF-FC961589D46A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{51661261-393D-4D87-A5DB-000A4E47D3D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52A37D89-6E08-4B21-970A-E643ACB0823A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{543D2457-F83F-4559-B840-A1398DACBEC5}" = dir=in | app=d:\skype\phone\skype.exe |
"{586C605C-9C69-44D6-BA7D-7B7047142D4A}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe |
"{5D64EE52-65A8-4EB4-9388-DADE998B2EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5EE0D5D2-0F06-4829-B43C-F71AA4B34028}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{690194C0-23E0-40EA-BB54-C4E311719EFB}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"{6C73A531-C280-4782-BC43-0562AE17B971}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6DD0311F-47FB-454C-9E46-EDDF98405691}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{7104320D-59DE-4F8D-B59A-7692081DC74B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{755832E1-00DF-4518-8835-12984B2CA9C3}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{7817D259-95C2-47E7-90DE-F215337B8006}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe |
"{79228880-ECB4-45E7-A587-F77D72676861}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe |
"{7A737697-9819-4165-A350-C1F6BD5A129F}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{816D1808-EB8F-4B28-99C0-BB5CE05C5F7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81F7693D-9870-46F8-A36C-A0139783304F}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe |
"{823DE03C-FBDF-4FD4-96C3-E152FE1E4360}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe |
"{8947B655-0002-469F-8745-BADFD9C35B3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9034D00C-A69E-4319-95AB-8C5B425B9D2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91B953C5-AEAB-4C51-AD3A-1C6497929B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{982A40E9-6134-479A-8D09-069C3C5716AF}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe |
"{985BB86E-BFAA-424D-A773-31F7C9D4CA9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99955B47-9206-4815-94A7-F809FC0D0EE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AAD7561-0DAD-41B6-8713-58E83B4F5C3B}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"{9FD1B678-E526-4193-8DA2-F123EA9DA252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0F1F88A-C62D-462D-BC4F-BF806117EB88}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe |
"{A81F2578-EEAE-4959-B879-4411EB384A0F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A94B9C9F-936E-4244-AFC5-72174AB6A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAEF82C4-835F-4367-A516-DB91E81CE7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD85C7D2-AD4B-4AF6-978A-BFA095396C53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C7D2BCFE-CA0F-480D-B651-3E7822173AD4}" = protocol=17 | dir=in | app=e:\valve\steam.exe |
"{C867EAEA-383B-409F-BA1D-18DCE0F757F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF5E2B61-5895-43E3-9AEA-63E2E57C7799}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe |
"{D0AE6C02-42B3-46EA-9E17-1B6B35F71FC6}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{D9420C8C-8D8F-4500-8E0D-813452A43E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DCDD9190-C759-46DE-B576-97C007FE9861}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF27D0F3-2B1D-495F-B606-63BBC4672BD5}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{DFB6E3AE-F3AF-4704-B502-3D9E6802E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E29C5FF4-6A58-4F48-8E70-46FB2A58DBED}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{E4560C4C-E7B9-4BFB-BCC8-FE88E5458F96}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{EAAE6A74-1A56-49AD-BDDE-A8B6DBD12071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF59237D-E24A-4E15-959A-F9CE7E008808}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{F0708F61-4C61-4B6C-95C1-DDFA9695840A}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe |
"{F11C738C-4C11-4726-98FB-CD3D8A44297D}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe |
"{F5E5673B-566E-45DF-A886-CD14048260A3}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{F972F9D6-77FD-4120-A5F0-B245AEB41688}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FA1EAAAE-D883-40AD-B484-304263CB4415}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe |
"{FE5AD9D2-0D9F-446F-A309-051BAE358B54}" = protocol=6 | dir=out | app=system |
"{FE7916AA-5C5F-4856-AFE7-350B53FC6562}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{16FE1040-395B-44AE-975A-FAC82B4E1698}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{217898EF-70F7-4736-97F5-7EF03E3DA321}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{23C9C9CF-F915-4ED7-90CD-B235097CA957}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{2759EFEC-7BD4-4F1A-80C2-52CA77AA603A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{4C77765D-C99A-433E-BAF0-984DA0612844}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{6415E3DC-6443-4280-A51D-1B347986F6C0}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{901B7E10-51F9-474A-B615-CB41A350C170}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe |
"TCP Query User{9AB5B951-9C49-446E-8954-193F490879A6}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{ACD821E2-86BC-43A8-8192-46C3E24CD5C0}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{AFEC8B82-A948-43F8-B307-111619454E60}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{BFEBF612-9498-4990-A88B-F8FA1A4B43A3}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{CE903C5A-F256-420E-A4A0-E5D350F96E9D}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe |
"TCP Query User{D01BAA9B-81BD-4A4E-8292-F58680DB2D55}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{D993C068-0722-4F76-811E-4C1D1EE7B07B}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{E3A5C123-5C38-4600-A1E6-86B5599B19DC}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe |
"TCP Query User{E94D7D63-EBF2-414C-97DC-B2DB7B16C9F5}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{EE663DCF-3594-4C43-B1FE-5B0E456895DC}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{0845C00D-526B-42A3-A593-F0FC37AAC594}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{209320CC-16FF-44DC-A4DC-BB2A1BDA632D}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe |
"UDP Query User{51D38C14-7ED7-4138-8B29-152898EDA0A5}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{527BE6B7-44F9-4E23-B229-0F5E364A1EDF}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe |
"UDP Query User{5DDFDB42-FF21-4139-8605-E2B175D72104}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{72413AC5-D162-4B26-8D4A-2710A433E892}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{78548A1A-8C30-409B-B89E-98D599C1730D}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{7B7C621B-9BA1-497F-8D08-2992CD3EFE55}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe |
"UDP Query User{89F233B7-2996-47F3-904E-70BE187E781B}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{98A98762-422F-4C6F-9EE1-23E2BE49823D}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{AB7B1780-9C9B-4ECE-8B75-67D621EBB483}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{C1B6FDAD-D268-4D8F-9CE6-0E1F4387F20A}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{DB9DBCD3-9A43-4383-B9C9-475755D46823}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{E2F3AF79-C525-4D66-87B2-439E0BD2141D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{E75115C1-9754-468A-B0D3-F936FD97C9FD}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{F2CB6110-4F18-42BD-9DE8-43B6973BF2E8}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{F7F9992D-33D4-47C3-9686-A21031A8133B}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2012 01:11:36 | Computer Name = ma | Source = ESENT | ID = 455
Description = Windows (3040) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00442.log.
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 9000
Description =
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 7040
Description =
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 7042
Description =
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 9002
Description =
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 3029
Description =
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 3029
Description =
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 3028
Description =
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 3058
Description =
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 7010
Description =
[ System Events ]
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 30.06.2012 01:12:00 | Computer Name = ma | Source = DCOM | ID = 10005
Description =
Error - 30.06.2012 01:12:00 | Computer Name = ma | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 30.06.2012 01:12:00 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 30.06.2012 02:03:58 | Computer Name = ma | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 30.06.2012 02:04:59 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.06.2012 02:05:02 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.06.2012 02:20:31 | Computer Name = ma | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 30.06.2012 03:39:04 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.06.2012 03:39:09 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
also beim windowsstart kommt nicht mehr die fehlermeldung das jork_0_typ_col.exe fehlt. und sonst hab ich nicht mitbekommen das ich was schädliches oder nicht brauchbares in meine systemsteuerung drin hab. bin nicht so gut in otl lesen aber is das nicht noch was schlimmes? Code:
ATTFilter O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
3. zu Code:
ATTFilter C:\Users\maki\Desktop\ghjghkdghkd.m3u
4. und sorry aber ich konnte kaum was lesen was du mir geschrieben hast, ich glaub du bist nicht so gut in deutsch oder? ein paar anweisungen hab ich auch so mit nicht verstanden. ja mehr fällt mir gerade nicht ein hoffe ich hab nichts vergessen hier noch der anhang |
|
01.07.2012, 04:38
| #6 | ||||
| /// Helfer-Team | nach gema trojaner der den pc sperrt fehler beim systemstartZitat:
Zitat:
unter Software/Programme nicht installiert und selbst die Toolbar unnötig, hättest du beim Installieren von DaemonTools abwählen können zu Spybot - O1 HOSTS File: Überreste von Spybot. das Programm wurde installiert und wieder deinstalliert? Zitat:
► Hast du eine Original-Windwos? ► Wenn ja, frage an dich: wieso hast Du nicht schon dein System aufgrüstet?! Zitat:
das SP1 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen.
__________________ --> nach gema trojaner der den pc sperrt fehler beim systemstart Geändert von kira (01.07.2012 um 04:59 Uhr) |
|
01.07.2012, 12:24
| #7 | |
| | nach gema trojaner der den pc sperrt fehler beim systemstartZitat:
zu daemontools die toolbar hab ich entfernt ja die hatte ich nicht gesehen zu Spybot da hab ich keine ahnung wo der rest sein kann zu den Image-Dateien image-dateien kann man doch nur mit daemontools oder co. auf machen? und ja ich hab windows nur als image die frage die ich noch hab is den mein rechner jetzt sauber? Geändert von lalalula (01.07.2012 um 12:35 Uhr) |
|
02.07.2012, 08:10
| #8 | |||
| /// Helfer-Team | nach gema trojaner der den pc sperrt fehler beim systemstartZitat:
Andererseits hier bekommst Du und viele andere auch rund um die Uhr kostenlose Hilfe, bezahlst für diese Dienstleistung nicht, also sollte eigentlich kein Thema sein! Ich denke nur das zählt und damit das Thema ist vom Tisch! Zitat:
Zitat:
ohne Original-Windows, das dazugehörige Service Pack 1 und jegliche Patches/Sicherheitsupdates geht garnix!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.07.2012, 17:16
| #9 |
| | nach gema trojaner der den pc sperrt fehler beim systemstart hi zu ersten ja ich weiss das es kostenlos ist ich hatte ja gesagt es ist nicht so schlim ich find es gut das es ein kostenloseforum zu sowas gibt udn danke für die arbeit bisher. und ja ich hab window nur als image und ja ich hab jetzt sp1 drauf udn scheint so als wenn ich orginal windows hab den stell ich mal meine frage nochmal könnte den mein pc jetzt sauber sein ? ich mach mir da gedanken wegen Code:
ATTFilter O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
|
|
04.07.2012, 08:37
| #10 |
| /// Helfer-Team | nach gema trojaner der den pc sperrt fehler beim systemstart erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
05.07.2012, 20:50
| #11 |
| | nach gema trojaner der den pc sperrt fehler beim systemstart otl Code:
ATTFilter OTL logfile created on: 04.07.2012 16:36:45 - Run 5 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\maki\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 70,82% Memory free 15,99 Gb Paging File | 12,86 Gb Available in Paging File | 80,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,94 Gb Total Space | 5,30 Gb Free Space | 13,28% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS Computer Name: MA | User Name: maki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe PRC - [2012.06.17 16:16:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.06.13 13:43:32 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe ========== Modules (No Company Name) ========== MOD - [2012.06.17 16:16:11 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.13 13:43:32 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M] [2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions [2012.07.04 15:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions [2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.04 15:45:33 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI [2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15068 more lines... O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 15:32:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%Report% [2012.07.03 17:54:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.07.03 17:53:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.06.30 09:19:42 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.30 09:19:29 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.30 09:19:28 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.30 09:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.30 07:23:35 | 000,000,000 | ---D | C] -- C:\Users\maki\Desktop\d3 talente [2012.06.30 07:16:08 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\SUPERAntiSpyware.com [2012.06.30 07:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.06.30 07:01:45 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.30 07:01:45 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.30 06:52:14 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.29 06:41:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe [2012.06.29 06:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.06.29 06:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.06.29 06:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe [2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.06.19 16:11:33 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 16:11:33 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 16:11:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 16:11:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 16:11:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 16:11:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 16:10:51 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 16:10:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia [2012.06.13 03:00:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 03:00:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 03:00:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 03:00:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 03:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 03:00:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 03:00:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 03:00:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 03:00:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 03:00:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 03:00:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 03:00:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 03:00:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.12 22:43:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.12 22:43:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.12 22:43:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.12 22:43:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profprov.dll [2012.06.12 22:43:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.12 22:43:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.12 22:43:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.12 22:43:10 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.06.12 22:43:09 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.12 22:43:02 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.12 22:43:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider ========== Files - Modified Within 30 Days ========== [2012.07.04 15:40:10 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.04 15:40:10 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.04 15:40:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.04 15:40:10 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.04 15:40:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.04 15:38:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 15:38:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 15:33:21 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.04 15:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 15:32:49 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys [2012.07.03 18:49:33 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.03 18:49:33 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.03 18:49:08 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.03 18:00:32 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012.07.03 18:00:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012.06.30 10:56:23 | 000,028,517 | ---- | M] () -- C:\Users\maki\Desktop\logfiles3.rar [2012.06.30 09:19:15 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.30 09:19:15 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.30 09:19:15 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.30 09:19:15 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.30 09:19:15 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.30 07:15:25 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.30 07:09:30 | 001,393,418 | ---- | M] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg [2012.06.29 06:42:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe [2012.06.29 06:37:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe [2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable [2012.06.28 18:18:33 | 002,714,795 | ---- | M] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip [2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini [2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys [2012.06.13 13:43:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.13 13:43:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u ========== Files Created - No Company Name ========== [2012.06.30 10:56:23 | 000,028,517 | ---- | C] () -- C:\Users\maki\Desktop\logfiles3.rar [2012.06.30 07:15:25 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.30 07:09:22 | 001,393,418 | ---- | C] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg [2012.06.29 06:37:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable [2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf [2012.06.28 18:18:32 | 002,714,795 | ---- | C] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip [2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db [2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk [2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u [2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg [2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft [2012.06.30 07:04:12 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite [2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft [2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ [2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local [2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient [2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble [2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin [2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr [2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio [2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT < End of report > extras Code:
ATTFilter OTL Extras logfile created on: 04.07.2012 16:36:45 - Run 5
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\maki\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 70,82% Memory free
15,99 Gb Paging File | 12,86 Gb Available in Paging File | 80,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 5,30 Gb Free Space | 13,28% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B12A2D-C8FD-4594-8FC2-471F8B8CD29D}" = lport=56239 | protocol=17 | dir=in | name=pando media booster |
"{083EDC4A-F4C6-48F2-BF0B-8B52E537BAF1}" = lport=56239 | protocol=6 | dir=in | name=pando media booster |
"{0BA61008-E65B-4860-AF91-D770F5351168}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0C6597F9-5C2E-4A1C-B0EF-3C47B2BCCC86}" = rport=139 | protocol=6 | dir=out | app=system |
"{120D1015-9D15-49FA-949E-DFE83562119C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{15E25C59-FC41-4515-A405-DF3533F4EFBC}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{16E8224A-5A5D-4E4C-9BED-48114D4CFEF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20AFCAC8-E3D4-4930-AB67-6D0447544DDD}" = rport=137 | protocol=17 | dir=out | app=system |
"{220B76DC-D36B-400A-B71F-23D63A8FDD01}" = lport=56239 | protocol=6 | dir=in | name=pando media booster |
"{2F43D689-3C6A-49FA-AEAF-FC5A9487F35D}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{334D3E8D-FEA3-4806-B514-22BB352861FC}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{36551E85-BEE0-44E6-B97E-8FED5A28148E}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |
"{3922FE1B-ECCF-4C7D-A643-EDC0A2DBB747}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher |
"{3A8BF361-66F8-4C64-A440-562ED1703C66}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{44A30F58-3D9B-4CDB-8B32-3975E0C5DDAC}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher |
"{475893E4-6A19-4DAA-A214-843647129EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D6B2B78-6A13-4F4E-B51A-519F5590B5ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E391BCB-81A3-4138-9E22-927D520825E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50F892AD-D87E-4EB8-9A5E-1F49E405F95A}" = lport=445 | protocol=6 | dir=in | app=system |
"{54AFEC8B-34B9-4FDE-A364-542DF3ABBCE7}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A8F34B8-2DFC-494E-9B12-C488B78B57AD}" = lport=56943 | protocol=6 | dir=in | name=pando media booster |
"{5C8E93CF-82BE-46DD-B2F1-626FEAD64ED5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DCF2294-3975-456B-92DD-75EFBA3FD38D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6168711C-4B11-4EA9-8EF1-657B66C28D40}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{61F21FE5-CAC6-4A12-ACC1-7F250C465141}" = lport=2869 | protocol=6 | dir=in | app=system |
"{637F9A14-8175-4EDB-8B1F-2327DABC3C23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C6C16C9-AC75-4BA8-8294-65055B8AF122}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{6D4C8F5E-BA7B-47D3-88D7-0BFAB1426DDD}" = rport=138 | protocol=17 | dir=out | app=system |
"{70BE25A6-9F35-4E9B-A147-EF68BAEFDEE4}" = lport=56943 | protocol=6 | dir=in | name=pando media booster |
"{859271AA-1A71-4C8A-B9FA-1B90BD6C1DAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88674E82-8429-4E11-AB90-04533865A181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A969E20-9782-41BD-A965-E3874EF39FE7}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{9D41D45C-2389-4D71-B5A1-86D276CCDB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A055A39B-8C9A-4FE5-BF44-27B3E0B47290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A0F53810-E536-4D8B-8E0A-9E8D9E0BF10C}" = lport=56943 | protocol=17 | dir=in | name=pando media booster |
"{A1D68B97-E6F2-40E5-B561-95414BC457B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAC08E18-43F1-44AC-ADDA-7E552A848BEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACD11528-3788-4007-AB63-EFEC6F8626B6}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{B11927D1-1F72-4ED1-9455-D5277C877FC8}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher |
"{B4726FE4-067B-471E-A991-E982C54E35F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA270A0A-1BCF-4B72-B731-FCC242909FD9}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher |
"{BD923188-0C37-45D5-9C83-217641FCE076}" = lport=56943 | protocol=17 | dir=in | name=pando media booster |
"{C0E7FDCB-0EA2-4DEE-B564-6A7D2CE94DC7}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{C18963F2-514A-4558-BBD3-23F50DB1667A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C1ABE3BA-E479-4944-B5CD-6E1F581840A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{C464B320-8A9F-4BD8-A9EF-267B28C9356A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{C6141466-1FDB-47C2-9A44-782D54D3D3B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7CCF420-3921-41CC-898F-C9E64838055F}" = lport=137 | protocol=17 | dir=in | app=system |
"{CB85EABF-4727-488C-8DA3-371F548F4AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBE31870-E69F-4DDB-AF50-5B63E0D3FC78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CE2B3187-219D-4B91-9962-195B6DE1FBF3}" = lport=56239 | protocol=17 | dir=in | name=pando media booster |
"{CFE0B770-24FA-4326-9D8B-09FC173AE7F4}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher |
"{D229929A-9A76-4920-96DA-BAD4B7E63376}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{D2F9E3A6-3AFB-4810-AA19-57F403FD59BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB2BCE3B-332D-4CB1-9B77-B8D18D10D943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB7E4DC1-B9BB-4112-8959-D40F33F0CC65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DE7BC26E-5B80-412F-AB6D-075DF6CCA598}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher |
"{DEAE600E-FBA3-4B2E-9701-00D223DC760D}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher |
"{DF266C9A-1AAC-421C-B4F1-47314DD41EEB}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |
"{DFA810AB-04DA-437D-86CB-60E1C1A1A2B4}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{E0CBCA70-CC77-48AA-911B-D7D647EF1109}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher |
"{EA263BE0-285A-4D56-AA9A-80167E508F94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC1EE431-D9E2-404D-88D9-0BD9037C3113}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEFCD2BA-0D89-46EA-8C95-B0B23623BF0F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FF05DF33-FF09-4208-8896-4EDE63A7680A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00188318-3434-4561-AB62-8E4B257B686A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1079138B-F054-44B7-8B51-7EDCF4F0702D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10D70222-8747-4D25-AB3C-656B2F3819C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1A7958F4-96CA-4D22-B4A6-C70908352D3D}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe |
"{1D1DFF57-E8B7-4F79-990B-EB9CB90A33E6}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe |
"{1D5187BE-1470-45AB-A8D3-B219B68A1BBA}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe |
"{2339FE7C-7530-46B9-BE31-1867E2FC9BE6}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe |
"{25D75D12-F54A-4894-BD13-0AA208C66D63}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe |
"{2FAFA836-C346-4AAF-AFB8-67EB9FCEA65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{342D8C0D-397B-4BBE-90A1-268F2EFAF0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3678F865-7B44-4511-9AE9-B7440BADF9C8}" = protocol=6 | dir=in | app=e:\valve\steam.exe |
"{3C3DC46A-A6D2-4154-A088-85ED8B911491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{42EAEBC4-FB70-4AF3-AA33-02097CB77BD8}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe |
"{4397F01D-62DE-4E25-876E-339646BB94B7}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe |
"{48EB54D3-24F1-40FE-9B6E-75D01D8A879E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4A9019EA-0EA2-4D43-8CBF-FC961589D46A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{51661261-393D-4D87-A5DB-000A4E47D3D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52A37D89-6E08-4B21-970A-E643ACB0823A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{543D2457-F83F-4559-B840-A1398DACBEC5}" = dir=in | app=d:\skype\phone\skype.exe |
"{586C605C-9C69-44D6-BA7D-7B7047142D4A}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe |
"{5D64EE52-65A8-4EB4-9388-DADE998B2EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5EE0D5D2-0F06-4829-B43C-F71AA4B34028}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{690194C0-23E0-40EA-BB54-C4E311719EFB}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"{6C73A531-C280-4782-BC43-0562AE17B971}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6DD0311F-47FB-454C-9E46-EDDF98405691}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{7104320D-59DE-4F8D-B59A-7692081DC74B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{755832E1-00DF-4518-8835-12984B2CA9C3}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{7817D259-95C2-47E7-90DE-F215337B8006}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe |
"{79228880-ECB4-45E7-A587-F77D72676861}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe |
"{7A737697-9819-4165-A350-C1F6BD5A129F}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe |
"{816D1808-EB8F-4B28-99C0-BB5CE05C5F7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81F7693D-9870-46F8-A36C-A0139783304F}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe |
"{823DE03C-FBDF-4FD4-96C3-E152FE1E4360}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe |
"{8947B655-0002-469F-8745-BADFD9C35B3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9034D00C-A69E-4319-95AB-8C5B425B9D2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91B953C5-AEAB-4C51-AD3A-1C6497929B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{982A40E9-6134-479A-8D09-069C3C5716AF}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe |
"{985BB86E-BFAA-424D-A773-31F7C9D4CA9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99955B47-9206-4815-94A7-F809FC0D0EE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AAD7561-0DAD-41B6-8713-58E83B4F5C3B}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"{9FD1B678-E526-4193-8DA2-F123EA9DA252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0F1F88A-C62D-462D-BC4F-BF806117EB88}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe |
"{A81F2578-EEAE-4959-B879-4411EB384A0F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A94B9C9F-936E-4244-AFC5-72174AB6A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAEF82C4-835F-4367-A516-DB91E81CE7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD85C7D2-AD4B-4AF6-978A-BFA095396C53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C7D2BCFE-CA0F-480D-B651-3E7822173AD4}" = protocol=17 | dir=in | app=e:\valve\steam.exe |
"{C867EAEA-383B-409F-BA1D-18DCE0F757F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF5E2B61-5895-43E3-9AEA-63E2E57C7799}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe |
"{D0AE6C02-42B3-46EA-9E17-1B6B35F71FC6}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{D9420C8C-8D8F-4500-8E0D-813452A43E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DCDD9190-C759-46DE-B576-97C007FE9861}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF27D0F3-2B1D-495F-B606-63BBC4672BD5}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{DFB6E3AE-F3AF-4704-B502-3D9E6802E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E29C5FF4-6A58-4F48-8E70-46FB2A58DBED}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{E4560C4C-E7B9-4BFB-BCC8-FE88E5458F96}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{EAAE6A74-1A56-49AD-BDDE-A8B6DBD12071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF59237D-E24A-4E15-959A-F9CE7E008808}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{F0708F61-4C61-4B6C-95C1-DDFA9695840A}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe |
"{F11C738C-4C11-4726-98FB-CD3D8A44297D}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe |
"{F5E5673B-566E-45DF-A886-CD14048260A3}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{F972F9D6-77FD-4120-A5F0-B245AEB41688}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FA1EAAAE-D883-40AD-B484-304263CB4415}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe |
"{FE5AD9D2-0D9F-446F-A309-051BAE358B54}" = protocol=6 | dir=out | app=system |
"{FE7916AA-5C5F-4856-AFE7-350B53FC6562}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{16FE1040-395B-44AE-975A-FAC82B4E1698}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{217898EF-70F7-4736-97F5-7EF03E3DA321}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{23C9C9CF-F915-4ED7-90CD-B235097CA957}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{2759EFEC-7BD4-4F1A-80C2-52CA77AA603A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{4C77765D-C99A-433E-BAF0-984DA0612844}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{6415E3DC-6443-4280-A51D-1B347986F6C0}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{901B7E10-51F9-474A-B615-CB41A350C170}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe |
"TCP Query User{9AB5B951-9C49-446E-8954-193F490879A6}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{ACD821E2-86BC-43A8-8192-46C3E24CD5C0}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{AFEC8B82-A948-43F8-B307-111619454E60}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{BFEBF612-9498-4990-A88B-F8FA1A4B43A3}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{CE903C5A-F256-420E-A4A0-E5D350F96E9D}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe |
"TCP Query User{D01BAA9B-81BD-4A4E-8292-F58680DB2D55}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{D993C068-0722-4F76-811E-4C1D1EE7B07B}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{E3A5C123-5C38-4600-A1E6-86B5599B19DC}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe |
"TCP Query User{E94D7D63-EBF2-414C-97DC-B2DB7B16C9F5}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{EE663DCF-3594-4C43-B1FE-5B0E456895DC}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{0845C00D-526B-42A3-A593-F0FC37AAC594}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{209320CC-16FF-44DC-A4DC-BB2A1BDA632D}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe |
"UDP Query User{51D38C14-7ED7-4138-8B29-152898EDA0A5}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{527BE6B7-44F9-4E23-B229-0F5E364A1EDF}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe |
"UDP Query User{5DDFDB42-FF21-4139-8605-E2B175D72104}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{72413AC5-D162-4B26-8D4A-2710A433E892}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{78548A1A-8C30-409B-B89E-98D599C1730D}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{7B7C621B-9BA1-497F-8D08-2992CD3EFE55}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe |
"UDP Query User{89F233B7-2996-47F3-904E-70BE187E781B}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{98A98762-422F-4C6F-9EE1-23E2BE49823D}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{AB7B1780-9C9B-4ECE-8B75-67D621EBB483}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{C1B6FDAD-D268-4D8F-9CE6-0E1F4387F20A}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{DB9DBCD3-9A43-4383-B9C9-475755D46823}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{E2F3AF79-C525-4D66-87B2-439E0BD2141D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{E75115C1-9754-468A-B0D3-F936FD97C9FD}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{F2CB6110-4F18-42BD-9DE8-43B6973BF2E8}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{F7F9992D-33D4-47C3-9686-A21031A8133B}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.07.2012 12:10:32 | Computer Name = ma | Source = ESENT | ID = 215
Description = WinMail (2584) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 03.07.2012 12:11:24 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.07.2012 12:11:24 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.07.2012 12:15:06 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.07.2012 12:16:22 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.07.2012 17:14:18 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.07.2012 17:14:36 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.07.2012 17:18:12 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 03.07.2012 20:56:25 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x0016b4ac ID des fehlerhaften Prozesses: 0x4dc Startzeit der fehlerhaften Anwendung:
0x01cd5937449951f2 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
1403178f-c573-11e1-b4a2-20cf30958817
Error - 04.07.2012 09:31:44 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x63c Startzeit der fehlerhaften Anwendung: 0x01cd59e951bf1ffe
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
97ed9e76-c5dc-11e1-899a-20cf30958817
[ System Events ]
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 04.07.2012 09:31:23 | Computer Name = ma | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 03:57:13 unerwartet heruntergefahren.
Error - 04.07.2012 09:31:30 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 04.07.2012 09:31:44 | Computer Name = ma | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 04.07.2012 09:33:04 | Computer Name = ma | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 15:31:23 unerwartet heruntergefahren.
Error - 04.07.2012 09:33:11 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 04.07.2012 09:39:14 | Computer Name = ma | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
|
|
06.07.2012, 06:19
| #12 | |
| /// Helfer-Team | nach gema trojaner der den pc sperrt fehler beim systemstart - Von welchem Hersteller ist dein PC / Notebook? 1. -> So können Sie die Hostdatei auf die Standardeinstellung zurücksetzen. 2. Zitat:
Code:
ATTFilter :OTL
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
:Reg
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" =-
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" =-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
06.07.2012, 13:36
| #13 |
| | nach gema trojaner der den pc sperrt fehler beim systemstart hi mein pc hab ich selber zusammen gestellt. und danke ich denke jetzt geht alles bisher hab ich keine probleme klappt alles hostdateien sind auch weg danke ps: hast du vll eine ahung wo man ein gutes kostenlose virusprogramm her kriegt ? antivir ist ja nicht gut. |
|
06.07.2012, 23:39
| #14 | ||
| /// Helfer-Team | nach gema trojaner der den pc sperrt fehler beim systemstart "Perfekte" Programm gegen die Viren & Co gibt es sowieso nicht! sonst wärst Du und auch noch viele anderen betroffenen Mituser nicht hier  ► Ein Anti-Viren-Programm bzw. Spezial-Tool,kann nur vor jenen Viren schützen bzw. entfernen, die es auch kennt. Leider sehr oft Virenprogrammierer sind schneller auf dem Markt mit ihrem Produkt als Antivirenprogrammierer mit dem Gegenmittel. Es ist daher ganz natürlich, dass vom Zeitpunkt des Auftretens eines neuen Virus eine bestimmte Zeit vergeht,bis der Antivirenhersteller ein Gegenmittel in Form von Virendefinitionsfiles bereithält.  [/quote]** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu nach gema trojaner der den pc sperrt fehler beim systemstart |
| avp.exe, battle.net, bho, converter, curse, error, excel, fehler, firefox, firefox 13.0.1, flash player, helper, install.exe, kaspersky, langs, launch, league of legends, libusb0.sys, logfile, mozilla, mp3, object, pando media booster, plug-in, problem, realtek, recycle.bin, registry, richtlinie, scan, searchscopes, security, security scan, software, svchost.exe, system error, tastatur, teamspeak, trojaner, usb 3.0, vdeck.exe, zipdatei |
.
