| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Drive-By-Variante von BKA UKash ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2012, 14:13
| #1 |
 |  Drive-By-Variante von BKA UKash ? Hallo, blöder Anlass, um sich hier zu registrieren und seinen ersten Post zu machen. Ich hoffe jemand hat Lust mir seine wertvolle Zeit zu opfern. Ich war auf einer mir gut bekannten Seite unterwegs - moddb.com, auf der Modifikationen zu Spielen angeboten werden. Mein Firefox ist die Version 14.0.1 und mit NoScript 2.5 versehen. Auf unbekannten Seiten wird Alles geblockt. Nun ist moddb.com für mich aber seit geraumer Zeit kein Unbekannter und sowas wie Flash ist da nicht geblockt. Nun habe ich plötzlich so einen UKash-Dreck aufpoppen, siehe noch AntiVir Personal (aktuell) was blocken und das war's. Habe den Rechner sofort runtergefahren. Reflexartig und sinnlos Systemwiederherstellung angeworfen, bringt natürlich nix. Wieder UKash PopUp und AntiVir PopUp. Wieder ausgeschaltet, Netzwerkstecker raus. Also Altrechner angeschmissen, hier im Forum aufgeschlagen. Vorbereitungen : - Kapersky Rescue Disk 10 auf USB Disk gezogen (vorsichtshalber) - Defogger auf USB-Stick (den brauch ich aber wohl nicht) - Neue Malwarebytes Anti-Malware Definitionen auf USB-Stick gepackt - OTL-Originalseite steigt mit Fehler aus, Alternativlink auf dem gleichen Server ausgegraben, hoffentlich aktuell jetzt => USB-Stick - Das befallene System ist ein Windows 7 Home Premium SP1 - Befallenen Rechner im abgesicherten Modus hochgefahren - Malwarebytes Vollscan machen lassen, Ergebnis im Anhang - Danach habe ich ProcessExplorer und AutoRuns angeworfen - Während bei ProcessExplorer Alles normal aussah, zeigte AutoRuns die Einträge des Trojaners. Gleich deaktiviert. - In den Ordner des Trojaner gegangen und das Teil in ein Zip gepackt. Mit OTL warte ich mal, bis eine Antwort kommt. |
|
03.08.2012, 15:52
| #2 |
| |  Drive-By-Variante von BKA UKash ? Sorry, dass ich hier selbst nochmal poste, aber möchte klar stellen, dass ich OTL nicht runtergeladen bekomme, weil der Server mit Fehler 500 aussteigt.
__________________Ich warte auf ein OK, dass der auf dem gleichen Server gepostete Link hxxp://www.itxassociates.com/OT-Tools/OTL.exe als OK eingestuft wird. |
|
03.08.2012, 15:59
| #3 |
| /// Helfer-Team  | Drive-By-Variante von BKA UKash ? Die Addresse ist i.O. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
03.08.2012, 17:01
| #4 |
| | Drive-By-Variante von BKA UKash ? Hallo t'john, Danke für die schnelle Antwort. Die Logs sind angehängt. |
|
03.08.2012, 17:10
| #5 |
| /// Helfer-Team | Drive-By-Variante von BKA UKash ? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\..\SearchScopes\{5ABDBF3E-8688-4bb5-8237-3D2B07872135}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.update: false
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKU\S-1-5-21-2356675643-2569251998-186537470-1001..\Run: [ASRockIES] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.15 10:20:36 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{678a71a5-14b1-11e1-981b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{678a71a5-14b1-11e1-981b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2007.02.28 04:23:41 | 000,537,332 | R--- | M] (THQ )
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
:Files
C:\ProgramData\A800436926B07A\
C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
03.08.2012, 17:26
| #6 |
| | Drive-By-Variante von BKA UKash ? Hier das Ergebnis des Fixes : Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5ABDBF3E-8688-4bb5-8237-3D2B07872135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ABDBF3E-8688-4bb5-8237-3D2B07872135}\ not found.
HKU\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: false removed from browser.search.update
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockIES deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{678a71a5-14b1-11e1-981b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{678a71a5-14b1-11e1-981b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{678a71a5-14b1-11e1-981b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{678a71a5-14b1-11e1-981b-806e6f6e6963}\ not found.
File move failed. D:\setup.exe scheduled to be moved on reboot.
C:\Windows\SysWow64\tmp3C64.tmp deleted successfully.
C:\Windows\SysWow64\tmp3C65.tmp deleted successfully.
========== FILES ==========
Folder C:\ProgramData\A800436926B07A not found.
File\Folder C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Vosla\Desktop\cmd.bat deleted successfully.
C:\Users\Vosla\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Vosla
->Temp folder emptied: 192462745 bytes
->Temporary Internet Files folder emptied: 260063097 bytes
->Java cache emptied: 11728551 bytes
->FireFox cache emptied: 56180672 bytes
->Flash cache emptied: 56202 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 311294133 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 793,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Vosla
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 08032012_181525
Ich habe den Bösewicht noch in Form einer ZIP-Datei liegen. Lohnt sich das, den Burschen analysieren zu lassen? Bislang habe ich keine verschlüsselten Dateien gefunden. Sollte ich Glück gehabt haben ? |
|
03.08.2012, 17:32
| #7 |
| /// Helfer-Team | Drive-By-Variante von BKA UKash ? Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
03.08.2012, 17:54
| #8 |
| | Drive-By-Variante von BKA UKash ? Ich war bislang die ganze Zeit im abgesicherten Modus unterwegs. Jetzt mal normal gestartet und sieht OK aus. Unter ProcessExplorer fiel mir das hier ins Auge : Code:
ATTFilter "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-83f04efb-c016-47d0-a1f7-1ca775df0a7f -SystemEventPortName:HostProcess-a633fe23-4d61-4131-9ffd-3a4e4d7e2335 -IoCancelEventPortName:HostProcess-2a955536-9a95-4e1d-a1b7-ddc7581263a3 -NonStateChangingEventPortName:HostProcess-a6b2595c-d926-488e-9b29-79d608a8e3b5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:006e80d5-6cb8-4e37-b4ee-99c73e04ced5
Code:
ATTFilter \??\C:\Windows\system32\conhost.exe "2065635018-855371995324663614330752441294901043-1448008018-79274460-1617273886
Adwcleaner Log sieht clean aus : Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/03/2012 at 18:56:47
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Vosla - ZILLIS
# Running from : C:\Users\Vosla\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Vosla\AppData\Roaming\Mozilla\Firefox\Profiles\9zpfejn4.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [702 octets] - [03/08/2012 18:56:47]
########## EOF - C:\AdwCleaner[R1].txt - [829 octets] ##########
Und während MBAM läuft, hat AntiVir plötzlich was gefunden : Code:
ATTFilter c:\users\Vosla\AppData\Roaming\unlocker.dll
Geändert von Piglet (03.08.2012 um 18:36 Uhr) |
|
03.08.2012, 19:11
| #9 |
| | Drive-By-Variante von BKA UKash ? Im Anhang das neue Log von MBAM. Die unlocker.dll hat MBAM gar nicht erst zu sehen bekommen, weil Avira das Teil gelöscht hat. Bei der "C:\Windows\system32\WUDFHost.exe" hab ich geschlafen, das ist ja wegen dem USB-Stick gewesen. |
|
04.08.2012, 10:36
| #10 |
| | Drive-By-Variante von BKA UKash ? Mir ist heute Morgen aufgefallen, dass ich OTL als .COM runtergeladen hatte und deshalb nicht als Administrator ausgeführt habe. In der Hektik nicht bemerkt! Also Alles neu. MBAM neue Definitionen geladen, Vollscan. OTL umbenannt, als Admin ausgeführt. Ergebnisse im Anhang. Das Fixscript von gestern dürfte wohl nicht funktionieren, also leider muss ich nochmal um Hilfe bitten. :-/ |
|
04.08.2012, 15:01
| #11 |
| /// Helfer-Team | Drive-By-Variante von BKA UKash ? Wo sind die Logs mit den Funden?
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
05.08.2012, 01:25
| #12 |
| | Drive-By-Variante von BKA UKash ? Hallo t'john, wurde etwas spät bei mir heute... MBAM : Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Vosla :: ZILLIS [Administrator] 04.08.2012 10:10:53 mbam-log-2012-08-04 (10-10-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 408026 Laufzeit: 45 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 04.08.2012 11:21:58 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Vosla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,70 Gb Available Physical Memory | 83,76% Memory free
16,00 Gb Paging File | 14,87 Gb Available in Paging File | 92,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 10,51 Gb Free Space | 4,51% Space Free | Partition Type: NTFS
Drive D: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,89 Gb Total Space | 3,89 Gb Free Space | 99,81% Space Free | Partition Type: FAT32
Computer Name: ZILLIS | User Name: Vosla | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Vosla\Desktop\Ort.exe (OldTimer Tools)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 AF 56 2D F8 2E CD 01 [binary data]
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2356675643-2569251998-186537470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 17:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.23 19:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.11.21 22:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vosla\AppData\Roaming\mozilla\Extensions
[2012.08.03 21:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vosla\AppData\Roaming\mozilla\Firefox\Profiles\9zpfejn4.default\extensions
[2012.03.30 15:23:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Vosla\AppData\Roaming\mozilla\Firefox\Profiles\9zpfejn4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.04 04:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.23 14:45:10 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\VOSLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZPFEJN4.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
[2012.08.01 16:50:44 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\VOSLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ZPFEJN4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.07.19 17:38:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78B85F89-1FA0-4C06-AB1A-8299267AF0FF}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.15 10:20:36 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.03 22:55:52 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.08.03 22:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.08.03 22:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.08.03 18:15:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.03 17:20:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Vosla\Desktop\Ort.exe
[2012.08.03 12:08:19 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.28 23:57:03 | 000,000,000 | ---D | C] -- C:\Users\Vosla\Documents\Downloads
[2012.07.10 19:16:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.10 19:16:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.10 19:16:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.10 19:16:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.10 19:16:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.10 19:16:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.10 19:16:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.10 19:16:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.10 19:16:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.10 19:16:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.10 19:16:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.10 19:16:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.10 19:16:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.10 19:12:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 19:12:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 19:12:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.10 19:12:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.10 19:12:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.09 20:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Vosla\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Vosla\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Vosla\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Vosla\AppData\Local\bass.dll
========== Files - Modified Within 30 Days ==========
[2012.08.04 10:13:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 10:13:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 10:13:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 10:13:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 10:13:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 10:09:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 10:08:56 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 09:46:59 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 09:46:59 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 23:20:47 | 000,001,534 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.08.03 22:54:30 | 000,000,914 | ---- | M] () -- C:\Users\Vosla\Desktop\Sandboxed Web Browser.lnk
[2012.08.03 20:07:50 | 000,000,005 | ---- | M] () -- C:\Users\Vosla\AppData\Roaming\mbam.context.scan
[2012.08.03 18:56:26 | 000,614,903 | ---- | M] () -- C:\Users\Vosla\Desktop\adwcleaner.exe
[2012.08.03 14:34:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vosla\Desktop\Ort.exe
[2012.07.30 19:30:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 10:02:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 10:02:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.18 08:36:51 | 000,001,255 | ---- | M] () -- C:\Users\Vosla\Desktop\Nightly.lnk
[2012.07.10 19:29:04 | 000,299,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.09 20:15:44 | 000,001,473 | ---- | M] () -- C:\Users\Vosla\AppData\Local\RecConfig.xml
[2012.07.05 20:38:08 | 000,018,944 | ---- | M] () -- C:\Users\Vosla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2012.08.03 22:54:57 | 000,000,914 | ---- | C] () -- C:\Users\Vosla\Desktop\Sandboxed Web Browser.lnk
[2012.08.03 22:54:55 | 000,001,534 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.08.03 20:07:50 | 000,000,005 | ---- | C] () -- C:\Users\Vosla\AppData\Roaming\mbam.context.scan
[2012.08.03 18:56:21 | 000,614,903 | ---- | C] () -- C:\Users\Vosla\Desktop\adwcleaner.exe
[2012.07.18 08:36:51 | 000,001,255 | ---- | C] () -- C:\Users\Vosla\Desktop\Nightly.lnk
[2012.06.24 14:12:57 | 000,007,605 | ---- | C] () -- C:\Users\Vosla\AppData\Local\Resmon.ResmonCfg
[2012.03.23 21:13:47 | 000,001,473 | ---- | C] () -- C:\Users\Vosla\AppData\Local\RecConfig.xml
[2012.03.11 00:09:05 | 053,297,947 | ---- | C] () -- C:\Users\Vosla\patch.exe
[2012.03.04 16:32:32 | 000,000,320 | ---- | C] () -- C:\Windows\doom3.ini
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.20 04:41:52 | 000,000,268 | ---- | C] () -- C:\Users\Vosla\TS3 Casual Lamer.ini
[2012.01.18 22:24:31 | 000,018,944 | ---- | C] () -- C:\Users\Vosla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.16 03:01:51 | 000,005,120 | ---- | C] () -- C:\Windows\EyeCand3.INI
[2011.12.31 15:59:40 | 001,593,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.23 20:24:24 | 000,000,000 | ---- | C] () -- C:\Users\Vosla\.gtk-bookmarks
[2011.12.23 20:23:31 | 000,615,235 | ---- | C] () -- C:\Users\Vosla\.fonts.cache-1
[2011.11.25 23:29:08 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2011.11.21 22:17:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.21 21:57:12 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011.11.21 21:57:12 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011.11.21 21:57:12 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011.11.21 21:56:58 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.11.21 21:56:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.12.29 09:56:21 | 001,755,306 | ---- | C] () -- C:\Users\Vosla\M3N78D.pdf
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Vosla\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Vosla\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Vosla\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Vosla\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Vosla\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Vosla\AppData\Local\no23xwrapper.dll
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 04.08.2012 11:21:58 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Vosla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,70 Gb Available Physical Memory | 83,76% Memory free
16,00 Gb Paging File | 14,87 Gb Available in Paging File | 92,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 10,51 Gb Free Space | 4,51% Space Free | Partition Type: NTFS
Drive D: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,89 Gb Total Space | 3,89 Gb Free Space | 99,81% Space Free | Partition Type: FAT32
Computer Name: ZILLIS | User Name: Vosla | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1E376-BBA3-4986-8BC9-2AEF03142138}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E2A029E-F745-4ED8-BA5D-C7AA0B506604}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0E5FD465-01C7-4AD4-8425-EECF45F51099}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16363753-8773-4D18-9E7E-8B0991C44300}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1FD31F19-8511-4B77-A6A8-7134563714AF}" = lport=138 | protocol=17 | dir=in | app=system |
"{36B2AD37-B8A7-4586-8308-C0B09D3175B0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{43B3A86E-081F-46DD-BE8D-539E6761ED2C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4585BB49-C503-4AA8-9CB3-429EDF23D93E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{51807221-D338-4E8D-A1C2-CCD138796171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A957006-7931-4064-AAEF-17D67AB24E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{607CD2B9-4890-4EE0-8800-0465C02AAB23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62DE67EF-05F6-4AFC-A7C7-2CBA988AC305}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{633CBBC8-AE90-4088-B04E-D566967D9260}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BC6F084-41C4-4FA0-ADE2-ED97DC573B15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72B949C3-187E-4C34-B0F5-6C4C40F86CAF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C3F2EFA-05C6-47D8-A408-DFF91877DF88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A07C98F-6A82-4A02-8C18-700838BE9987}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B89164F-B832-421A-B551-D12D32C77DA2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8C680522-B47F-40A9-9F08-588853D9C471}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E5107FB-0C54-4873-9F6B-5358F4B26984}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8F22751C-E94D-41D9-BE54-CBD42FCD552F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{92DB97F2-2B37-442C-8D07-CBBBF8E02D38}" = rport=139 | protocol=6 | dir=out | app=system |
"{93944122-6257-4C88-BA6E-26AE23B1301B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFD5145C-5923-49B2-A70E-F6618F76711F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB5DFF85-5F33-40BA-B8D8-8D48CDE7651F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CC86BB60-4BD0-4400-B3F5-2FA446A1A287}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CE9353C3-21D9-4881-B0C4-9B0F9DB65742}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D028E448-57B4-49FC-836F-B298FB4C8F8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{D724B0F5-06B5-45D0-BA80-2FEC30938549}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7B4B1FB-103E-4DC8-B32B-FF67E2EC19E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA23E6AA-DD8D-4C90-BFCF-F703A79FE8B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDDA41DF-A0F3-4854-9FEA-7E8206649124}" = rport=137 | protocol=17 | dir=out | app=system |
"{F08AB117-D558-4F64-A97C-708118574DBF}" = lport=445 | protocol=6 | dir=in | app=system |
"{F4C36239-88A4-4763-9574-BE98A23D8525}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4FAE338-8E90-4F8F-B145-DEC77AEF3783}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F6F570-0F88-4CB3-A5C7-B55636CB7B2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{015BB184-8A07-4ED9-AD76-B54B1E4A7C6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
"{02B41E3E-AF14-4482-BA41-5768586E2EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hackslashloot\hackslashloot.exe |
"{04638BEF-664A-4160-9A47-9DDD65FE2288}" = protocol=17 | dir=in | app=c:\games\stalker-soc\bin\dedicated\xr_3da.exe |
"{050E438C-3A2F-4C20-8752-856CB8B33684}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0516D608-ECAA-4E14-BB47-2DEB5BFE840F}" = protocol=6 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"{064E162D-A2EF-4227-B19F-3A6E045B5AB8}" = protocol=6 | dir=in | app=c:\games\crysis\bin64\crysisdedicatedserver.exe |
"{065489D2-D368-43C0-97E8-6EE92567388A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{0A862B44-F572-4F55-AF8D-D47E560E2CF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1798595D-B5B1-4388-ADAF-CFF267A45EBD}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{1B0AFA4E-AF27-4EC5-9203-F96E8B1697AD}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{1C53DA84-18ED-4665-9F66-2FE4B7966A20}" = protocol=6 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{1CD111EC-1351-420B-ABF5-C2EA983FB736}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{1E538DB9-4DE6-4D93-B594-C97A93ECE82B}" = protocol=17 | dir=in | app=c:\games\brothersinarmseib\system\eib.exe |
"{24446D1F-9D78-4E85-B249-1E9DC57A0CF1}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{26A169F5-4603-43BE-BE09-0EFE6E97AD23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C6AF7D4-0F54-42A6-82CD-35CB7B8E7720}" = protocol=6 | dir=in | app=c:\games\cop\bin\xrengine.exe |
"{301BCC97-0194-4495-AB9D-1613F981800D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{30AA1BC8-6F22-416C-8734-EFB4DF5D8FED}" = protocol=17 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{320E654E-8B1D-466F-BE24-087DD2268B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{341F43DA-CA83-4F64-9D41-86E730512E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\options.exe |
"{3807E018-C69D-4A86-ADDB-84C487488CCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3909D652-EFCE-4573-8FAF-1C7063089C62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\greed.exe |
"{3C6E201C-D623-46CB-A809-FA6D496361C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C799992-A819-494D-9C9E-220A274A57EF}" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"{3D02B416-3206-4FD6-9A0F-0E5A54B2DBD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{400DF9CE-2CF1-485E-8347-664B72F2F2A4}" = protocol=17 | dir=in | app=c:\games\crysis\bin64\crysisdedicatedserver.exe |
"{4112740C-D163-40FF-AF48-C160C589C4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{433DF2E0-4CF1-4D5F-8EEC-ED09260C6824}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43DBDCA9-EB02-4B97-B676-69B7E4574A67}" = protocol=17 | dir=in | app=c:\games\crysis\bin32\crysisdedicatedserver.exe |
"{44FB68DD-9400-4DA4-8993-80C3DF0B8859}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{4553D31E-225A-42C2-819E-F4425C198F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{4BA6FEDB-687D-4885-B5B6-5487535C0A13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hackslashloot\hackslashloot.exe |
"{51249E20-8A13-492C-A738-EEE3F8185C77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe |
"{52B63A9E-C206-440E-9055-E1DB3739C71B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55861534-A5E4-4BBF-B962-CEF5AA309DE9}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{57393596-C603-4CF7-8883-BEA8D053936F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5774E115-EDE1-464D-B139-1A5C75E1B355}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5A35FC79-4B98-4179-A7AD-7DE5B7AB08DB}" = protocol=17 | dir=in | app=c:\games\stalker-soc\bin\xr_3da.exe |
"{5B6155C7-0FEC-4BCF-A5E1-8D963A1C520D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C00CCF1-3028-4E33-8D14-FDEDDBDBAC55}" = protocol=6 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"{5E80D003-E5ED-4EB5-BFAB-44895A408717}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{5F9EE83B-0167-48FA-83B2-E57688F5BB54}" = protocol=6 | dir=in | app=c:\games\cop\bin\dedicated\xrengine.exe |
"{633A9392-249F-44CF-A4D2-D78896D87D60}" = protocol=17 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"{66EFF95E-839F-4D3E-A7B0-271B5373A367}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\options.exe |
"{707FB549-C828-4F73-8D70-5A90559331F7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{73A10E3F-2048-4A2C-BEA6-9E360941CDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\half-life\hl.exe |
"{73F5D190-41C7-4210-B6D8-40ED7F6A32DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{7499EEAE-F0D1-4615-970E-03C81A213541}" = protocol=17 | dir=in | app=c:\games\stalker- cs\bin\dedicated\xrengine.exe |
"{79F3B6A1-1071-4DF2-BA6F-94E4421667F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{8173FCC8-A71B-4DEB-A93A-FDDF776E004D}" = protocol=6 | dir=in | app=c:\games\stalker- cs\bin\xrengine.exe |
"{8B663213-A3AE-486E-910D-2D30AC6D250D}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{8BEF6E4D-814D-417C-9BCB-940C56F1E865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8CB7C2B2-EBB2-4F82-AB23-94377CEB9181}" = protocol=6 | dir=in | app=c:\games\stalker-soc\bin\dedicated\xr_3da.exe |
"{8CF49EFD-D62D-4448-A6D7-CBD9DB5D7343}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{8DD7D3F5-CA73-4A4D-AA5A-66E72C837A5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95D3D7FC-3E32-492F-B560-D0A5188BAC41}" = protocol=17 | dir=in | app=c:\games\stalker- cs\bin\xrengine.exe |
"{966FA5F0-D139-4D82-8034-5581B97914CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96773771-991D-4929-9207-97EDE465F01D}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{969769D9-0F39-4FD7-AEFD-73F7D964AD85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chronicles of riddick - assault on dark athena\system\win32_x86\darkathena.exe |
"{99018260-D34F-4F77-A3A8-237652E78E04}" = protocol=17 | dir=in | app=c:\games\red faction guerrilla\rfg.exe |
"{99E5FD42-5054-43F3-925E-F083DD04B15C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9A8594E7-D791-451F-A5C3-B6F041D52544}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9F82DAAC-E13A-4401-9DB5-FF51931249E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A11D20CC-D5B1-455E-B1E9-AE51BED5957D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\day of defeat source\hl2.exe |
"{A670E8E8-0DCA-49BB-B629-66A20047E360}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{A9239954-6D94-497E-80B7-63E7A0373798}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{AB429E83-D124-4AD4-BBF9-7C7070C1A187}" = protocol=6 | dir=in | app=c:\games\stalker-soc\bin\xr_3da.exe |
"{AECA0A34-C357-4AEE-99F7-57E0D32E61A9}" = protocol=17 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"{B30308F9-EE1D-4FDF-8BAD-824990F13A44}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B8DEE083-0DDB-42ED-A40E-E1587EC3CF4D}" = protocol=17 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{B9A7EAC6-B551-4E13-BEB7-E07E31B97275}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{BB1F018F-E1DA-4C5C-848E-5D682C02C1CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\greed black border\greed.exe |
"{BE9434B3-4F4C-457E-BA77-C6FC24E9997C}" = protocol=17 | dir=in | app=c:\games\cop\bin\xrengine.exe |
"{C40912EC-35F1-4B97-8EE6-A8060A85BE9E}" = protocol=6 | dir=in | app=c:\games\red faction guerrilla\rfg.exe |
"{C433A0D2-4561-425B-AB08-4A0BAAD6F4DF}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{CA1D99D5-83E9-4CC7-B56F-F41B15FB09E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDEAC137-9A53-4071-A646-1F5DCCEB687F}" = protocol=6 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"{D0B1CD4B-72EC-4DBA-8BC4-FC685A899879}" = protocol=6 | dir=in | app=c:\users\vosla\appdata\roaming\dropbox\bin\dropbox.exe |
"{D1E44CD6-A2F0-4757-81CE-EE34F092E7DC}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{D3CD69C9-5947-497B-81C3-BAFC6BE8C37B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
"{D404A359-2BBB-4FDB-91DC-1BAC657D8C0F}" = protocol=6 | dir=in | app=c:\games\stalker- cs\bin\dedicated\xrengine.exe |
"{D54FBCAF-376F-4565-ABA1-71476BF09625}" = protocol=17 | dir=in | app=c:\games\cop\bin\dedicated\xrengine.exe |
"{D62D3F1C-E636-4D23-9FED-2FF4EC8FFDDD}" = protocol=6 | dir=in | app=c:\games\brothersinarmseib\system\eib.exe |
"{D78A545E-C30A-4678-A312-F680FFD3C82B}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe |
"{DC425C17-638E-4D0A-A105-A29F7CDDBBFE}" = protocol=6 | dir=in | app=c:\games\crysis\bin64\crysis.exe |
"{E191122A-4860-4092-9C80-9D90DB01812A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E27469E2-81F9-47C1-B860-86293A104D69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4769ABA-D066-4858-BFFB-EDC5BA153631}" = protocol=6 | dir=out | app=system |
"{E5B3667D-D6A6-4011-B44E-D1027D0EBFE8}" = protocol=6 | dir=in | app=c:\games\crysis\bin32\crysis.exe |
"{E5DE705B-E9EB-4B6C-BB6B-3668B23E09A7}" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"{E69D7B71-85C5-48C1-8ADB-E3BD3F8B1FCE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{ECFD12F5-6FCA-4843-B879-AF65CE958CDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF4BAD07-BB0B-42C5-AEA2-3CBBCDDADCE1}" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"{F0B2BFC7-825B-40D0-965D-B161A4640633}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F1166466-1255-4299-B84F-913E856575DA}" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"{F1A4586A-BFD0-4659-ADAC-F690647AEE0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F2516131-E326-4B00-ABB4-0F38053BEA86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\vosla\half-life\hl.exe |
"{F2CF0B4E-71E0-45FB-BE94-73B8488B9943}" = protocol=6 | dir=in | app=c:\games\crysis\bin32\crysisdedicatedserver.exe |
"{F44CE600-FF70-4F6D-9DAA-628727655619}" = protocol=17 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"{F7223D20-187A-41A3-BB88-B5873D98DA8F}" = protocol=17 | dir=in | app=c:\games\crysis\bin32\crysis.exe |
"{F7E2DA3E-32DC-4A40-955A-66D5AC6C3126}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FAED41B5-EFAB-4EA3-AAB4-69CB2DA6B6FD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FF7CB367-D8DC-434E-9C25-5CFECB94555F}" = protocol=17 | dir=in | app=c:\games\crysis\bin64\crysis.exe |
"TCP Query User{090B242F-A860-419F-92F0-8B27A67BE673}C:\program files (x86)\manic digger\manicdiggerserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\manic digger\manicdiggerserver.exe |
"TCP Query User{23C40498-06A3-4438-A0BE-68E224F056E4}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"TCP Query User{2CC0D533-54C1-444A-9E29-D49F2D9D33BD}C:\games\halflife\hl.exe" = protocol=6 | dir=in | app=c:\games\halflife\hl.exe |
"TCP Query User{7350CCCB-28A3-4672-8DAA-5B8F538092C4}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"TCP Query User{7F0162B7-A11A-45AF-B3C9-33A6C7852384}C:\games\manic digger\manicdiggerserver.exe" = protocol=6 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"TCP Query User{C44C16DF-6D05-4626-BF90-5F9141082DF7}C:\games\timeshift\bin\timeshift.exe" = protocol=6 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"TCP Query User{D0CF751A-161A-43AB-BF4F-A3E43EA6012F}C:\q3ademo\quake3.exe" = protocol=6 | dir=in | app=c:\q3ademo\quake3.exe |
"TCP Query User{E20FE11C-8080-4928-A410-9EAB98BCD4B7}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{EA70EDD4-6E54-44CD-B06F-BBCD6654EFDB}C:\games\postal2mp\system\postal2mp.exe" = protocol=6 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"UDP Query User{06FE5101-DA52-4EB9-B737-9BF3F11A4986}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |
"UDP Query User{40F12417-1C30-4DCB-B17D-A56C81CB4F8D}C:\games\halflife\hl.exe" = protocol=17 | dir=in | app=c:\games\halflife\hl.exe |
"UDP Query User{48DFF5A5-547E-416A-99DB-AADF141CCE23}C:\games\manic digger\manicdiggerserver.exe" = protocol=17 | dir=in | app=c:\games\manic digger\manicdiggerserver.exe |
"UDP Query User{546DC04C-3417-41D7-A38B-0AC195D7CDB6}C:\games\postal2mp\system\postal2mp.exe" = protocol=17 | dir=in | app=c:\games\postal2mp\system\postal2mp.exe |
"UDP Query User{6CB3F06A-4E1F-41A6-8DF9-60D8E185E0EE}C:\games\timeshift\bin\timeshift.exe" = protocol=17 | dir=in | app=c:\games\timeshift\bin\timeshift.exe |
"UDP Query User{8C342C72-7E59-44DB-883B-1BD02FF9FCF2}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{D18A15B8-4D06-40DA-975B-39E92D31A45F}C:\program files (x86)\manic digger\manicdiggerserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\manic digger\manicdiggerserver.exe |
"UDP Query User{DE3BECFF-DA5A-4CC5-8EA3-18942FD90791}C:\q3ademo\quake3.exe" = protocol=17 | dir=in | app=c:\q3ademo\quake3.exe |
"UDP Query User{F6B00BC6-1B72-4321-8CAB-69A14E506FC8}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"161F799A53ADBF2659BD104311FE0738EB552B14" = Windows Driver Package - Hamrick Software Image (1/9/1999 1.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.72 (64-bit)
"Ultravnc2_is1" = UltraVnc
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1" = Manic Digger
"{17A7779A-D23F-11D3-8753-0050BABE1202}" = Microtek ScanWizard
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206BA68B-DF92-45C6-B61D-228F188FD9FC}" = ACDSee 5.0 Standard
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54510837-257F-4E9A-B359-731000038301}" = Red Faction: Guerrilla
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.84
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crusader No Remorse_is1" = Crusader No Remorse
"Cube" = Cube
"diew" = DIEW - Dokumentenmanagement
"Fallout 2" = Fallout 2
"Fallout Tactics" = Fallout Tactics
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GIF Animator" = Microsoft GIF Animator
"Half-Life Decay PC_is1" = Half-Life Decay PC 1.0
"Half-Life Model Viewer 1.25" = Half-Life Model Viewer 1.25
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Matto4" = Matto4
"Matto4 Patch 1.1" = Matto4 Patch 1.1
"ModPlug Player v1.46_is1" = ModPlug Player
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"One Unit Whole Blood_is1" = One Unit Whole Blood
"OnlineControl_is1" = OnlineControl 1.2
"OpenAL" = OpenAL
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"RADVideo" = RAD Video Tools
"Redneck Rampage Collection_is1" = Redneck Rampage Collection
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Sauerbraten" = Sauerbraten
"Steam App 1500" = Darwinia
"Steam App 207170" = Legend of Grimrock
"Steam App 207430" = Hack, Slash, Loot
"Steam App 300" = Day of Defeat: Source
"Steam App 46400" = Greed: Black Border
"Steam App 620" = Portal 2
"Steam App 9200" = RAGE
"Steam App 98800" = Dungeons of Dredmor
"Stonekeep_is1" = Stonekeep
"TeamViewer 7" = TeamViewer 7
"Tyrian 2000_is1" = Tyrian 2000
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp (nur entfernen)
"WinMend File Copy_is1" = WinMend File Copy 1.3.7.1
"X3TerranConflict_is1" = X-Tension v2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2356675643-2569251998-186537470-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.2.7.1
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.08.2012 07:11:53 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 12:18:44 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 12:41:38 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 14:24:23 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 14:35:12 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 15:32:34 | Computer Name = Zillis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0xe88 Startzeit der fehlerhaften Anwendung: 0x01cd71aeb90b02d3
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Berichtskennung:
f8c41405-dda1-11e1-a248-002522c0a611
Error - 03.08.2012 15:32:59 | Computer Name = Zillis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x98c Startzeit der fehlerhaften Anwendung: 0x01cd71aeca1c2e36
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Berichtskennung:
07d4a5d2-dda2-11e1-a248-002522c0a611
Error - 03.08.2012 15:33:32 | Computer Name = Zillis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x210 Startzeit der fehlerhaften Anwendung: 0x01cd71aede168e9b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\SysinternalsSuite\RootkitRevealer.exe
Berichtskennung:
1bcca3dd-dda2-11e1-a248-002522c0a611
Error - 04.08.2012 03:41:03 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2012 04:10:48 | Computer Name = Zillis | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.03.2012 13:53:37 | Computer Name = Zillis | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 15.03.2012 13:53:37 | Computer Name = Zillis | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Emsisoft : Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 05.08.2012 00:33:53
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 05.08.2012 00:34:11
c:\program files (x86)\gamespy arcade gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\install.log gefunden: Trace.File.gamespy arcade!E1
Key: hkey_classes_root\.vnc gefunden: Trace.Registry.vnc.commoncomponents!E1
C:\_MEDIA\_LIBRARY\_WEB\STALKER-Pedia\stalkerpedia.net\deutsch\_media\trainer_6_v.1.zip -> STALKER-Trainer-V1.exe gefunden: Win32.SuspectCrc!E2
C:\_MEDIA\_LIBRARY\_WEB\STALKER-Pedia\stalkerpedia.net\deutsch\_media\trainer_7.zip -> STALKER-Trainer-V3.exe gefunden: Win32.SuspectCrc!E2
C:\_MEDIA\_CALIBRE\_GAMES\Unbekannt\Barbarian Returns (92)\Barbarian Returns - Unbekannt.rar -> Barbarian.exe gefunden: Trojan.Win32.FakeAV!E2
Gescannt 671904
Gefunden 6
Scan Ende: 05.08.2012 01:51:46
Scan Zeit: 1:17:35
Zwischendurch lief auch die Kapersky Rescue Disk durch : Code:
ATTFilter Objects Scan: completed 2 hours ago (events: 2, objects: 1334, time: 00:01:22)
8/4/12 3:17 PM Task completed
8/4/12 3:16 PM Task started
Objects Scan: completed 2 hours ago (events: 2, objects: 3168, time: 00:00:31)
8/4/12 3:18 PM Task completed
8/4/12 3:17 PM Task started
Objects Scan: completed <1 minute ago (events: 9, objects: 1199662, time: 02:15:58)
8/4/12 5:34 PM Task completed
8/4/12 4:57 PM Processing error C:/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe Read error
8/4/12 4:57 PM Processing error C:/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/icaros-pc-i386.iso Read error
8/4/12 4:19 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe Read error
8/4/12 4:19 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/icaros-pc-i386.iso Read error
8/4/12 3:33 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe Read error
8/4/12 3:33 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/Emulator/fmod.dll Read error
8/4/12 3:33 PM Processing error /mnt/MountedDevices/PD-C953C953-0000000006500000/Users/Vosla/Downloads/IcarosLive_1_4_0.7z.exe/Live/icaros-pc-i386.iso Read error
8/4/12 3:18 PM Task started
Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/05/2012 at 00:02:04
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Vosla - ZILLIS
# Running from : C:\Users\Vosla\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Vosla\AppData\Roaming\Mozilla\Firefox\Profiles\9zpfejn4.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [829 octets] - [03/08/2012 18:56:47]
AdwCleaner[R2].txt - [888 octets] - [05/08/2012 00:01:09]
AdwCleaner[R3].txt - [947 octets] - [05/08/2012 00:01:26]
AdwCleaner[S1].txt - [879 octets] - [05/08/2012 00:02:04]
########## EOF - C:\AdwCleaner[S1].txt - [1006 octets] ##########
Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 3. August 2012 19:30
Es wird nach 4057493 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ZILLIS
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 18:24:50
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 18:24:50
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 18:24:50
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 18:24:50
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 18:22:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:51:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 21:08:55
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:24:36
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 21:19:47
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 21:19:47
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 21:19:47
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 21:19:47
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 21:19:48
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 21:19:48
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 21:19:48
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 21:19:48
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 21:19:48
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 21:20:14
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 21:19:59
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 21:19:57
VBASE017.VDF : 7.11.38.144 2048 Bytes 02.08.2012 21:19:57
VBASE018.VDF : 7.11.38.145 2048 Bytes 02.08.2012 21:19:57
VBASE019.VDF : 7.11.38.146 2048 Bytes 02.08.2012 21:19:57
VBASE020.VDF : 7.11.38.147 2048 Bytes 02.08.2012 21:19:57
VBASE021.VDF : 7.11.38.148 2048 Bytes 02.08.2012 21:19:57
VBASE022.VDF : 7.11.38.149 2048 Bytes 02.08.2012 21:19:57
VBASE023.VDF : 7.11.38.150 2048 Bytes 02.08.2012 21:19:57
VBASE024.VDF : 7.11.38.151 2048 Bytes 02.08.2012 21:19:57
VBASE025.VDF : 7.11.38.152 2048 Bytes 02.08.2012 21:19:58
VBASE026.VDF : 7.11.38.153 2048 Bytes 02.08.2012 21:19:58
VBASE027.VDF : 7.11.38.154 2048 Bytes 02.08.2012 21:19:58
VBASE028.VDF : 7.11.38.155 2048 Bytes 02.08.2012 21:19:58
VBASE029.VDF : 7.11.38.156 2048 Bytes 02.08.2012 21:19:58
VBASE030.VDF : 7.11.38.157 2048 Bytes 02.08.2012 21:19:58
VBASE031.VDF : 7.11.38.192 96256 Bytes 03.08.2012 17:29:42
Engineversion : 8.2.10.126
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 21:19:37
AESCRIPT.DLL : 8.1.4.38 455033 Bytes 03.08.2012 17:30:02
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 21:08:54
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 21:19:51
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.18 807287 Bytes 27.07.2012 21:20:14
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19.07.2012 21:19:56
AEHEUR.DLL : 8.1.4.84 5112182 Bytes 03.08.2012 17:30:00
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 21:19:20
AEGEN.DLL : 8.1.5.34 434548 Bytes 19.07.2012 21:19:38
AEEXP.DLL : 8.1.0.74 86387 Bytes 03.08.2012 17:30:02
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 21:19:33
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 21:19:32
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 18:24:50
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 18:24:50
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 18:24:50
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 18:24:50
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 18:24:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 18:24:50
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 18:24:50
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 18:24:50
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 18:24:50
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 18:24:50
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_501bfeda\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +PFS,
Beginn des Suchlaufs: Freitag, 3. August 2012 19:30
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avwsc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'updrgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'procexp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ocontrol.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Vosla\AppData\Roaming\unlocker.dll'
C:\Users\Vosla\AppData\Roaming\unlocker.dll
[FUND] Ist das Trojanische Pferd TR/Agent.ewu.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '540da4cd.qua' verschoben!
Ende des Suchlaufs: Freitag, 3. August 2012 19:32
Benötigte Zeit: 01:56 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
14 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
13 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
|
|
05.08.2012, 01:31
| #13 |
| /// Helfer-Team | Drive-By-Variante von BKA UKash ? Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
05.08.2012, 08:32
| #14 |
| | Drive-By-Variante von BKA UKash ? Guten Morgen, hier das Eset Log : Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=81a14f56f74726439df2fafb0e3718f1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-05 02:36:31
# local_time=2012-08-05 04:36:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22224767 22224767 0 0
# compatibility_mode=5893 16776574 100 94 111279 95759227 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=230917
# found=0
# cleaned=0
# scan_time=4815
Piglet Geändert von Piglet (05.08.2012 um 08:55 Uhr) |
|
05.08.2012, 09:09
| #15 |
| /// Helfer-Team | Drive-By-Variante von BKA UKash ? Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
| Themen zu Drive-By-Variante von BKA UKash ? |
| anti-malware, antivir, autoruns, blocken, ergebnis, fehler, firefox, forum, home, malwarebytes, netzwerkstecker, neue, ordner, personal, plötzlich, popup, rechner, seite, seiten, server, spiele, spielen, systemwiederherstellung, trojan.agent.rn sgen, trojaner, ukash, usb, version, windows, windows 7 |
Linear-Darstellung
