| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mit GVU Trojaner infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.01.2013, 01:57
| #1 |
 |  Mit GVU Trojaner infiziert Hallo, ich habe mir leider einen GVU Trojaner eingefangen und bin beim googeln (im abgesicherten Modus) auf dieser nette Forum hier gestossen. Ich versuche mein Problem nun mal mit Hilfe euer Checkliste zu erläutern. 1. defogger konnte ohne Probleme ausgeführt werden. 2. Inhalt der OTL.txt: Code:
ATTFilter OTL logfile created on: 11.01.2013 00:59:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Severin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free 8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.07.04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.23 12:42:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.12.09 13:07:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.01.04 21:28:36 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.01.06 08:27:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.01.06 08:25:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.09.22 16:34:32 | 000,457,944 | R--- | M] (cFos Software GmbH) [Auto | Stopped] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2010.05.06 10:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.04.09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.11.21 07:53:12 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.08.22 14:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2011.08.22 14:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2011.08.22 14:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2011.08.22 14:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2011.08.22 14:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2011.08.22 14:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2011.08.22 14:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.03 21:13:50 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.09.22 16:34:40 | 001,501,912 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2010.03.18 10:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.03.18 10:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.03.18 10:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 5B D7 FF 82 EF CD 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledAddons: %7B6005d9b1-d115-485a-a92a-3f6453ca3fe2%7D:2.4 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {6005d9b1-d115-485a-a92a-3f6453ca3fe2}:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.03 10:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 13:07:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 09:19:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.17 23:35:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E93ED55EEC68961619079B24652DD030B FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions [2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.08 13:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions [2010.11.02 23:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.01.08 13:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\trash [2012.10.06 09:49:12 | 000,260,260 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2013.01.08 13:41:01 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.11.25 22:03:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.12 22:20:40 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.08.30 22:35:53 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2009.06.15 19:28:18 | 000,002,164 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\bing.xml [2011.07.20 20:14:43 | 000,001,644 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\minecraft.xml [2010.07.21 20:27:32 | 000,002,630 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\wiki-aventurica-de.xml [2012.12.09 13:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.09 13:07:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.09 09:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 09:15:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.09 09:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.09 09:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.09 09:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.09 09:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [HotSwap! Applet] C:\Users\Severin\Desktop\HotSwap!.EXE (KaaKoon) O4 - HKCU..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Severin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Severin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm () O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm () O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm () O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8 - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8 - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm () O8 - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm () O8 - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C52EDB-5B0F-46A5-A92F-493E65AA4BB9}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 00:18:11 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Roaming\Malwarebytes [2013.01.11 00:18:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.11 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.11 00:17:51 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Local\Programs [2013.01.11 00:09:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe [2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2012.12.20 19:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.12.20 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.12.12 23:23:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration ========== Files - Modified Within 30 Days ========== [2013.01.11 00:55:22 | 000,000,188 | ---- | M] () -- C:\Users\Severin\defogger_reenable [2013.01.11 00:54:08 | 000,050,477 | ---- | M] () -- C:\Users\Severin\Desktop\Defogger.exe [2013.01.11 00:18:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe [2013.01.11 00:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.11 00:02:34 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys [2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx [2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx [2013.01.10 23:37:10 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx [2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 23:35:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.10 23:33:05 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.10 23:32:15 | 000,001,950 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 6510 series (Netzwerk).lnk [2013.01.10 23:31:17 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.10 23:31:00 | 000,301,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 23:28:08 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.10 23:28:08 | 000,001,049 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.10 23:28:08 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.10 23:28:08 | 000,000,068 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.10 23:28:04 | 000,265,728 | ---- | M] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe [2013.01.10 23:24:04 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Data Migration.lnk [2013.01.10 23:01:03 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013.01.09 10:16:09 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.09 10:16:09 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 10:16:09 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 10:16:09 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 10:16:09 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 10:16:00 | 001,594,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.23 22:51:59 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.12.23 22:11:33 | 000,224,001 | ---- | M] () -- C:\Users\Severin\Documents\Scan0005.jpg [2012.12.23 12:46:17 | 000,001,053 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.23 12:45:53 | 000,001,025 | ---- | M] () -- C:\Users\Severin\Desktop\Dropbox.lnk [2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.20 20:44:38 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 22:05:06 | 000,325,451 | ---- | M] () -- C:\Users\Severin\Documents\Scan0004.jpg [2012.12.13 22:05:06 | 000,001,463 | ---- | M] () -- C:\Users\Severin\.recently-used.xbel [2012.12.13 22:04:31 | 000,269,808 | ---- | M] () -- C:\Users\Severin\Documents\Scan0003.jpg ========== Files Created - No Company Name ========== [2013.01.11 00:55:22 | 000,000,188 | ---- | C] () -- C:\Users\Severin\defogger_reenable [2013.01.11 00:53:54 | 000,050,477 | ---- | C] () -- C:\Users\Severin\Desktop\Defogger.exe [2013.01.11 00:18:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 23:28:08 | 000,002,940 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.10 23:28:08 | 000,001,049 | ---- | C] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.10 23:28:08 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.10 23:28:08 | 000,000,068 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.10 23:28:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.10 23:28:04 | 000,265,728 | ---- | C] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe [2013.01.10 23:24:04 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Data Migration.lnk [2013.01.10 21:10:02 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012.12.23 22:11:33 | 000,224,001 | ---- | C] () -- C:\Users\Severin\Documents\Scan0005.jpg [2012.12.13 22:05:06 | 000,001,463 | ---- | C] () -- C:\Users\Severin\.recently-used.xbel [2012.12.13 22:02:19 | 000,325,451 | ---- | C] () -- C:\Users\Severin\Documents\Scan0004.jpg [2012.12.13 22:02:19 | 000,269,808 | ---- | C] () -- C:\Users\Severin\Documents\Scan0003.jpg [2012.12.12 22:00:03 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2012.12.12 22:00:02 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2012.12.12 21:59:58 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2012.12.12 21:59:54 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof [2012.12.12 21:59:46 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2012.12.12 21:59:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.12 21:51:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.25 23:07:35 | 000,000,118 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012.07.27 22:50:53 | 000,010,495 | ---- | C] () -- C:\Users\Severin\Severin_elster_2048.pfx [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.23 17:35:31 | 000,008,203 | ---- | C] () -- C:\Users\Severin\.heldEinstellungen4_1.xml [2012.02.23 17:35:30 | 000,000,260 | ---- | C] () -- C:\Users\Severin\.dsa4.properties [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.22 10:51:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.22 13:37:48 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2011.08.22 12:59:58 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2011.08.22 12:57:32 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2011.08.22 12:47:18 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2011.08.22 12:47:18 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2011.08.22 12:39:28 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2011.08.22 12:39:24 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2011.05.21 10:19:19 | 000,000,862 | ---- | C] () -- C:\Windows\wiso.ini [2011.05.13 11:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Severin\AppData\Local\{E29A6443-6C23-49EF-A7F8-F9FF89C7FCD1} [2010.11.20 09:20:03 | 000,036,864 | ---- | C] () -- C:\Users\Severin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.05 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\.minecraft [2011.10.17 07:19:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Amazon [2012.01.05 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BF3CC [2011.07.21 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BFBC2CC [2012.02.09 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BID [2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Blender Foundation [2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service GmbH [2012.05.01 01:32:22 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\calibre [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Canneverbe Limited [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DAEMON Tools Lite [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DataDesign [2013.01.10 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Dropbox [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\FaceGen [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\fotobuch.de AG [2012.11.01 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\gtk-2.0 [2011.03.30 06:50:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\IrfanView [2010.11.04 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Leadertech [2011.02.13 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LEGO Company [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LetsTrade [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\My Games [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\MyHeritage [2012.02.17 23:37:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia [2011.07.16 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia Ovi Suite [2011.05.16 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OfficeRecovery [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OpenOffice.org [2012.12.04 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Origin [2011.07.16 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\PC Suite [2011.12.18 23:57:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\pdfforge [2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Poser [2013.01.09 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Spotify [2013.01.10 21:10:40 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TeamViewer [2010.09.24 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\The Complete Genealogy Reporter - FTB [2010.11.02 23:30:04 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Thunderbird [2011.11.22 07:57:02 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TrueCrypt [2013.01.10 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TS3Client [2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\uTorrent [2011.07.09 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2013 00:59:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Severin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free
8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A4DBFF-F734-4594-8060-6EE2A42E0DB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{0942A38A-3AD1-4B72-99AA-611257CDFF54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A41AC16-15F8-4449-9C88-6A31CABA2DB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2239F232-7E0A-4357-8424-5AC4EEDC1C89}" = lport=10243 | protocol=6 | dir=in | app=system |
"{224C43CD-6187-42FC-AC0C-B4418BF22EFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27D8A6AF-C79E-48C8-B10B-DBADCF09EFEF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2E04EB29-5FA1-406E-BD92-CBE08A2AAA76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{396451FC-F3CF-4DE7-81FA-1365D5CA0E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EB0967B-3B8C-4346-857E-DDFFA63A26DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{672BF6B7-DE62-4572-89AB-D60C3F7C0712}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68AEB13D-EB02-442C-8F48-EB2EED3EA3B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{7028702C-7716-45CB-A7EE-31EB7A7120D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{731FBDFC-6298-4714-A019-EB8E06546CE9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74A97FF9-0ADC-4934-81E4-8B9DECDD6CC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{77A8704C-C065-4F59-B877-3E95E69ADD93}" = lport=137 | protocol=17 | dir=in | app=system |
"{847FEC26-29CD-423D-AAE5-87063C96F4BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{897C4D1E-A1AD-40A5-9C17-9369B7A77948}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D61ACB5-98D7-4D4A-A293-6C945EE88F4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADA53EC7-9374-440C-AF82-37FF2C058D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCC29598-60FD-411F-968A-90C23D82D97E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF75E53F-6FDB-4C28-88DB-EDAD84D002A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{C50B013B-4F68-49BD-867A-A678238D9B1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E152A1EA-B070-4EBC-B5F6-36CEF2A5E091}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE41E141-EA8B-48C0-8F71-090E13C4204B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C54188E-93B5-4265-9681-7C0BDDC007FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{0EB304A5-8AF2-4D44-ADBA-0B1EAE401EFE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1170758C-4F1A-44CB-994A-4A7DF308AC4B}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{11F197F0-4098-412C-82F8-6C1DFFB43B03}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{17D54610-493E-45B0-A366-48ED92AF5CE6}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe |
"{1BABBBBB-4FD6-452D-8958-A8EB04A63F26}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{23534EAE-FDEC-4F6A-AA89-F94AE13B5620}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{241EC5D9-1133-4ADC-84A7-E6D835B28AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{298D8EDF-2CF3-4EFE-9513-E68742571B5F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2B6F0405-D037-4B46-B6F0-2337AE7949DC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{31188CF3-83F0-42A8-950C-863417E8F1C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{31F0DB85-5FEA-4DE1-964D-9894AB4CCE05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36282200-282B-437C-891B-29F9179F1777}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe |
"{36B093B3-9FE4-4793-9023-3C6E8BE92230}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{39BE6F2F-973C-4B8F-B401-79E4D2103101}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3D815138-DB76-4945-8706-F6B69DA56B4C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{4490C835-9707-43A2-9106-459E54BF4D6F}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{46F50D4B-5BF1-474B-BF67-AEC46DEA3ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{4C8BF11C-0FF6-4E2E-B2D1-E547A5B6F9AA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4D965DFD-1ED8-49FB-8D53-BA69D68FB25E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50C85BE4-AC08-4F5D-AB08-8B45E85D06C5}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe |
"{55E213B1-2721-4C6E-AF9E-41180B396B86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5C429030-AD5B-487E-8D24-386272768014}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{628B96F7-2B9B-4366-8C8E-00DFA7F77CEF}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe |
"{67E13C61-FAA0-4FE4-A221-5EF04A9E08A3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6A90A517-9866-4D15-812D-C7132A2B4383}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{71963F58-575A-4C00-B95A-F8F71EFA321B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{762CC2DF-0366-4D9B-BC6F-408078CFEB71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7E58FA76-B3D9-400C-9D09-C3990000F793}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{800043D4-6596-4FB8-8B86-F6BCD2ED7D6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{86750DEE-DB9C-49B4-889C-11D9FE47AF19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe |
"{88C2DE66-BF1E-4412-B3EA-0ECAC5925E5B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe |
"{919B59C0-E759-4929-B327-3CFA44D51BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{92F62159-C494-40DD-91A5-CD6CA1F3CEE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95ACFD2C-6D10-4C89-949F-796607431469}" = protocol=6 | dir=out | app=system |
"{97A3CB01-225C-45E1-8609-DD0C7350857D}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{9C4BF8B0-F419-4499-98B6-CA4225A1933C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A2208F1B-F5FE-47DA-A9CE-971ABECF43C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A28961D4-3463-4A2E-9953-B5B8349220D2}" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"{A2C88CE6-B2F9-4871-8EB3-4DB0C5B1E27F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A5BB51F4-FB5C-418E-895B-23C09BA32912}" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"{A5F8A325-FAAE-4FF9-BE1F-BAEB7686E1CE}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe |
"{AA670F91-DE53-46DA-9EFC-FE1B0316EA05}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{AB6EC94F-5FEB-4F48-ABF5-6BD50F389E98}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe |
"{ACDDF320-93DB-4CEF-BAAC-47A619E34138}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{AE30BF6E-B417-41E9-BAE9-EFC8F0DC90D9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{AF672B31-13E1-4470-B68B-4D5332566C79}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe |
"{B15978B9-AC94-48BD-B68F-8FD2A2D18E08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B656A016-E7F6-435F-B4AE-921303B22461}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B73E5361-C73F-4F3F-B97D-11706EA14809}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BC96C20A-DE65-460E-9670-56D66FE97133}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{BF488F68-109A-45C9-A815-F987B0A3C1CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFF62C7B-598B-4C98-8342-54BD77F176A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C48682D9-C343-452D-ABEC-8DEF6015AFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C669DA02-E8D0-4DB9-BF94-4B0D7C7E30BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C98F5C19-3818-4AD5-8E0A-C9FBF0A7BE66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB6E6434-BE35-48D7-8E6E-6FAF7725840B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{CB9B6A9F-2859-4492-997F-691957239353}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEE2CEBE-AE74-4CF6-B858-D4A351D65966}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{CF5E8A18-B3BE-44DE-A0DF-8CCC8A7BD596}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CFFCC50E-D707-4FB4-9ADD-7951C3964EA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D016CBDC-5607-4CE2-80A9-32C065BB6F29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D2FB00F0-6F41-4F9E-BEC7-A18A5E3CDE70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D90DA6D8-5EE7-49AD-AED3-939B11D03130}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
"{D989C2AD-26DC-466A-A91D-24C209101694}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{DAE8B786-458A-4623-921A-0FC639FE9EB7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{DBEF0E6D-0B57-49FB-B58F-B6FDC9842D22}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E7AF22DA-FFCE-4809-B6C7-C9691544B8D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{E810411B-BDBC-48E2-8CB8-03415511A328}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe |
"{EA2BBCBF-EE4F-4919-BCE5-8E36611BA5CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{EB753A6F-8E54-49ED-ADE9-0F19B0FFD343}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFB0E045-80C0-4E9E-8D13-FEAB29498C87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFBB651D-791F-4F79-882F-FB4F4CF7F171}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe |
"{F1CFA8C5-031D-4BC5-8B8C-AC79CE4D6ECF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3B76E34-11FC-4806-A1DB-7A2C1D65FCC6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{F621C7C4-4B3C-40EE-B1E7-41F703AD2CE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F6FCDFE5-B73A-4E6D-8C9C-04B6B999DC9E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{F75C9497-6674-4521-8F8E-3A2B1837CA9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB691E44-72A7-406C-9B1B-F6A8623521E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FE8E7C92-0ADD-40A2-B9B8-F9038B7FF8C7}" = protocol=58 | dir=in | app=system |
"TCP Query User{4C9BA945-5013-40E5-BA84-9A6BF3556C7D}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4DDC0131-5D1E-4EF8-AD81-F638C213D097}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{51247B46-7E21-4C06-8A45-E4EC6B9A9BDE}D:\program files (x86)\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe |
"TCP Query User{56ED6C79-2707-4C5E-A365-34DC808E83D4}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{5D22BF51-4861-4CCC-AC3F-DAB3A1E9D054}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{B66A883C-A554-4B4A-A2C3-62B4A962ED39}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{BDBD4314-63B1-4E30-B2B0-4FFC4767CD24}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{BE8ADDEE-DC51-432A-ACB8-96CD7F1F7986}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{C19611A0-284E-4C2B-9F22-78B4580DEF66}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C5B5AD25-D756-4ED4-B344-D742F79438D0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{CE97DEB7-B5E5-4C3A-86C5-8D8E1993A730}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{DD226E22-7234-426D-BE7C-AF393A1F4F40}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{02DC44F8-C2E8-40FB-8701-976BF9D59CED}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{08FD3548-7667-4594-AA94-08D025BCAD62}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2B5EEABA-4EF2-4DEE-8ECE-BABF8449542B}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{5B3DB361-B659-41E5-A31D-7430F5974E74}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{6431705D-1AF2-44B7-B44C-0ACA9254C508}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{665605D3-8578-4A5A-8E06-9F7D60017FA3}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8CE9B30B-EE61-4F11-8A87-C8EB3B9DB9AC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{983585E4-B2F4-4371-8972-9657AD067BCF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9F76C71B-1927-4716-AB96-42081C52DAC7}D:\program files (x86)\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe |
"UDP Query User{BDF0C3CB-D116-4E3F-B6DF-BB6401E1B7B9}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E26F545E-D569-42E4-B378-F81FBF9A56EC}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{FF0D7133-65E4-4C76-87C6-1D16A3F20DBC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F3B17-AF23-809D-3807-25A16563416C}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1A2B11DC-654B-0C80-14AA-B980D07257A7}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2B8577D-EECF-4062-BEB7-A8BE3FD679ED}" = HP Photosmart 6510 series - Grundlegende Software für das Gerät
"{B6D7EF7F-DE25-4E27-A88F-F43C7D728367}" = Project+ 2.5.1
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{D9710515-1C8F-4AF9-A61D-2E0287915B73}" = Studie zur Verbesserung von HP Photosmart 6510 series Produkten
"{E391E2FF-927F-46A6-8466-C688A2FAF1FB}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"4144-4862-0472-7103" = WorldPainter 0.6.12
"cFosSpeed" = cFosSpeed v6.02
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch
"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek
"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = Catalyst Control Center
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 2.8.0
"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish
"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{778AA318-7343-B50A-09FE-96BD3FF18501}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Hilfe
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English
"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish
"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish
"{C1AC5BDC-5441-4671-894D-70B542022652}" = calibre
"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French
"{C9912275-67A2-4624-A212-83E53AF7ADC8}" = Minutor
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4DE3DB4-7734-47E5-8D92-B80146311406}" = Samsung Data Migration
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Bulk Image Downloader_is1" = Bulk Image Downloader v4.35.0.0
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"HP Photo Creations" = HP Photo Creations
"InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"Nokia Suite" = Nokia Suite
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"SFBM" = SoundFont-Bank-Manager
"Steam App 203830" = The Dark Eye: Chains of Satinav
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 3.5.1.131
"Winload Toolbar" = Winload Toolbar
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"XMedia Recode" = XMedia Recode 3.0.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7d0ab3f03a657c8f" = BC2CC
"af8063ee51cc0619" = BF3CC
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.12.2012 17:57:20 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5891
Error - 30.12.2012 04:46:11 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.01.2013 18:20:13 | Computer Name = Severin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cfosspeed.exe, Version: 6.2.1722.0,
Zeitstempel: 0x4c9a0acf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4b4
ID
des fehlerhaften Prozesses: 0xdc4 Startzeit der fehlerhaften Anwendung: 0x01cde4944be75e8f
Pfad
der fehlerhaften Anwendung: C:\Program Files\cFosSpeed\cfosspeed.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: be1b0f63-55f3-11e2-b23d-002185345dc5
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2078
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2078
Error - 04.01.2013 17:30:18 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
Error - 08.01.2013 09:43:10 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 10.01.2013 19:52:40 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-11 01:49:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD6400AAKS-65A7B0 rev.01.03B01 596,17GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Severin\AppData\Local\Temp\kxdirfow.sys
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\svchost.exe [1788:1912] 000007fef8b89688
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1628] 000000006ffefee5
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:772] 0000000077b62e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1840] 000000006ffe8f6c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1936] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1272] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1132] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:208] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1980] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1216] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1020] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1432] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1504] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1184] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1488] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2028] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1484] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1796] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2000] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1292] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1608] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:552] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1224] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1792] 0000000074f827c1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:316] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:252] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1144] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1968] 0000000077b63e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:784] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:284] 0000000073f562ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1660] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1516] 0000000077b63e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:892] 0000000070f632fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1376] 00000000763ad864
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1492] 0000000077b63e45
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1788] 000007fefe3d0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x35 0xA2 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0xAB 0xD4 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFD 0xCB 0x2A 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x35 0xA2 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0xAB 0xD4 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFD 0xCB 0x2A 0x2A ...
---- EOF - GMER 2.0 ----
MfG Severin |
| Themen zu Mit GVU Trojaner infiziert |
| 7-zip, antivirus, bingbar, bonjour, checkliste, downloader, exploit.drop.gs, exploit.drop.gsa, extension.mismatch, fehler, firefox, flash player, home, hotspot, install.exe, jdownloader, launch, logfile, mozilla, netzwerk, ntdll.dll, plug-in, problem, pup.netcat, realtek, recuva, registry, richtlinie, security, sketchup, software, spotify web helper, svchost.exe, teamspeak, trojan.agent.cn, trojan.ransom.sugen, trojaner, windows, winload toolbar |
Baum-Darstellung