| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Schon wieder GVU VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2013, 21:07
| #16 |
 |  Schon wieder GVU Virus Was empfiehlst Du mir in Zukunft eigentlich für einen Virenschutz? |
|
28.05.2013, 09:22
| #17 |
| /// Malware-holic   | Schon wieder GVU Virus Hi,
__________________malwarebytes: Downloade Dir bitte Malwarebytes
__________________ |
|
28.05.2013, 19:47
| #18 |
| | Schon wieder GVU Virus erledigt:
__________________Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Sentencer :: BULLSHIT [Administrator] Schutz: Aktiviert 28.05.2013 16:23:14 mbam-log-2013-05-28 (16-23-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 617979 Laufzeit: 1 Stunde(n), 36 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|41975 (Trojan.Agent) -> Daten: C:\PROGRA~3\LOCALS~1\Temp\msuouoxqc.pif -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Qoobox\Quarantine\C\Users\Sentencer\4642959.exe.vir (Trojan.Zbot.FV) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles.zip (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\05252013_204233\I_Users\Sentencer\Documents\4848370d.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sentencer\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
28.05.2013, 20:13
| #19 |
| /// Malware-holic | Schon wieder GVU Virus Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 21:59
| #20 |
| | Schon wieder GVU Virus hier bitte: Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.05.2013 6,00MB 11.7.700.202 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.05.2013 6,00MB 11.7.700.202 notwendig Adobe Reader 9.4.4 - Deutsch Adobe Systems Incorporated 30.05.2011 168MB 9.4.4 notwendig ANNO 1404 Ubisoft 10.12.2009 1.00.0000 notwendig Apple Application Support Apple Inc. 26.12.2011 61,1MB 2.1.6 notwendig Apple Mobile Device Support Apple Inc. 26.12.2011 24,4MB 4.0.0.97 notwendig Apple Software Update Apple Inc. 02.07.2011 2,25MB 2.1.3.127 notwendig AVG 2013 AVG Technologies 29.03.2013 2013.0.2904 notwendig Battlefield 3™ Electronic Arts 12.10.2012 1.4.0.0 notwendig Battlefield: Bad Company™ 2 Electronic Arts 08.04.2010 5,73GB 1.0.0.0 notwendig Battlelog Web Plugins EA Digital Illusions CE AB 12.10.2012 1.138.0 notwendig Biet-O-Matic v2.12.6 BOM Development Team 15.01.2010 Biet-O-Matic v2.12.6 notwendig Bonjour Apple Inc. 26.12.2011 2,00MB 3.0.0.10 notwendig Call of Duty(R) - World at War(TM) Activision 31.07.2010 6,61GB 1.0 notwendig Call of Duty(R) 4 - Modern Warfare(TM) Activision 28.12.2009 6,22GB 1.00.0000 notwendig Call of Duty: Black Ops Treyarch 26.11.2010 notwendig Call of Duty: Black Ops - Multiplayer Treyarch 26.11.2010 notwendig Call of Duty: Modern Warfare 2 Infinity Ward 10.12.2009 notwendig Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 10.12.2009 notwendig Call of Duty: Modern Warfare 3 Infinity Ward - Sledgehammer Games 30.12.2011 notwendig Call of Duty: Modern Warfare 3 - Dedicated Server Infinity Ward - Sledgehammer Games 30.12.2011 notwendig Call of Duty: Modern Warfare 3 - Multiplayer Infinity Ward - Sledgehammer Games 30.12.2011 notwendig CCleaner Piriform 24.05.2013 4.02 notwendig Click to Call with Skype Skype Technologies S.A. 24.08.2011 11,9MB 5.5.8013 notwendig Combat Arms 31.03.2010 unnötig Command & Conquer 3 Ihr Firmenname 23.12.2010 13,1GB 1.00.0000 unnötig Compatibility Pack für 2007 Office System Microsoft Corporation 10.01.2013 381MB 12.0.6612.1000 unbekannt Crysis(R) Electronic Arts 10.01.2010 6,40GB 1.00.0000 unnötig CyberLink DVD Suite Deluxe CyberLink Corp. 22.09.2009 16,4MB 6.0.3101 unnötig dm Digi Foto Imaxel Lab S.L 06.08.2011 2.3.0.93 notwendig dm Fotowelt 30.12.2009 notwendig dm-Fotowelt 03.05.2010 notwendig DVDVideoSoftTB DE Toolbar DVDVideoSoftTB DE 03.08.2012 6.9.0.16 unnötig EAX4 Unified Redist Creative Labs 30.12.2009 168KB 4.001 unbekannt ESN Sonar ESN Social Software AB 03.04.2012 0.70.4 unbekannt Free M4a to MP3 Converter 7.0 ManiacTools.com 14.07.2012 3,95MB notwendig Free YouTube to MP3 Converter version 3.11.33.1005 DVDVideoSoft Ltd. 12.10.2012 60,8MB 3.11.33.1005 notwendig GameSpy Comrade GameSpy 10.01.2010 19,0MB 1.5.0.156 notwendig GoGear Spark Device Manager Philips 21.02.2010 0.1 unbekannt Google Chrome Google Inc. 01.04.2013 27.0.1453.94 unnötig Hardwarediagnosetools PC-Doctor, Inc. 22.09.2009 6.0.5205.31 unnötig HP Customer Experience Enhancements Hewlett-Packard 22.09.2009 5.7.0.3036 notwendig HP MAINSTREAM KEYBOARD Hewlett-Packard 22.09.2009 1.4.3.0 alles HP unbekannt aber wohl nötig HP MediaSmart DVD Hewlett-Packard 22.09.2009 101MB 3.0.3123 HP MediaSmart Movie Themes Hewlett-Packard 22.09.2009 399MB 3.0.3102 HP MediaSmart Music/Photo/Video Hewlett-Packard 22.09.2009 401MB 3.0.3205 HP MediaSmart SmartMenu Hewlett-Packard 22.09.2009 1,85MB 3.0.28.2 HP Odometer Hewlett-Packard 22.09.2009 48,0KB 2.10.0000 HP Remote Solution TopSeed 22.09.2009 1.1.9.0 HP Setup Hewlett-Packard 22.09.2009 1.2.3220.3079 HP Support Information Hewlett-Packard 22.09.2009 160KB 10.1.0002 HP Update Hewlett-Packard 22.09.2009 2,96MB 5.001.000.014 Intel® Matrix Storage Manager Intel Corporation 13.11.2009 iTunes Apple Inc. 26.12.2011 170MB 10.5.2.11 Java(TM) 6 Update 25 Oracle 31.12.2010 94,9MB 6.0.250 LabelPrint CyberLink Corp. 22.09.2009 230MB 2.5.1901 Left 4 Dead 2 Valve 17.10.2010 unnötig LightScribe System Software LightScribe 22.09.2009 22,4MB 1.18.5.1 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 28.05.2013 19,2MB 1.75.0.1300 notwendig Medal of Honor (TM) Electronic Arts 03.11.2010 7,37GB 1.0.0.0 notwendig Medal of Honor™ MP Open Beta Electronic Arts 07.10.2010 1,64GB 1.0.0.0 notwendig Microsoft .NET Framework 1.1 Microsoft 10.01.2010 34,8MB 1.1.4322 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 16.12.2011 51,9MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 06.10.2011 7,95MB 14.0.5130.5003 Microsoft Office Live Add-in 1.5 Microsoft Corporation 25.10.2012 508KB 2.0.4024.1 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 10.01.2013 125MB 12.0.6612.1000 Microsoft Office Professional Edition 2003 Microsoft Corporation 27.05.2013 1,38GB 11.0.8173.0 Microsoft Security Essentials Microsoft Corporation 17.02.2013 4.2.223.1 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 28.01.2010 260KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 22.09.2009 708KB 8.0.61000 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 28.01.2010 212KB 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.01.2010 200KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 22.09.2009 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 03.01.2012 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 03.11.2010 598KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.09.2009 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 28.11.2011 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28.11.2011 12,2MB 10.0.40219 Microsoft Works Microsoft Corporation 11.10.2012 833MB 9.7.0621 Mozilla Firefox (3.5.6) Mozilla 25.12.2009 3.5.6 (de) notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.12.2009 1,27MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 02.12.2009 1,33MB 4.20.9876.0 notwendig NVIDIA 3D Vision Controller-Treiber 285.62 NVIDIA Corporation 27.11.2011 285.62 notwendig NVIDIA 3D Vision Treiber 311.06 NVIDIA Corporation 15.04.2013 311.06 notwendig NVIDIA Grafiktreiber 311.06 NVIDIA Corporation 15.04.2013 311.06 notwendig NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 27.11.2011 9.11.0621 notwendig NVIDIA Update 1.11.3 NVIDIA Corporation 15.04.2013 1.11.3 notwendig Opera 12.12 Opera Software ASA 17.01.2013 12.12.1707 notwendig Origin Electronic Arts, Inc. 03.03.2012 8.5.0.4550 notwendig Pando Media Booster Pando Networks Inc. 31.03.2010 5,46MB 2.3.3.6 unbekannt PDFCreator Frank Heindörfer, Philip Chinery 17.01.2011 1.1.0 notwendig pdfforge Toolbar v7.0 Spigot, Inc. 12.03.2013 24,9MB 7.0 unnötig Power2Go CyberLink Corp. 22.09.2009 169MB 6.0.3101 unbekannt PowerDirector CyberLink Corp. 22.09.2009 521MB 7.0.3101 unbekannt PunkBuster Services Even Balance, Inc. 26.11.2011 0.991 notwendig QuickTime Apple Inc. 26.12.2011 73,2MB 7.71.80.42 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.09.2009 6.0.1.5882 notwendig Samsung Kies Samsung Electronics Co., Ltd. 26.06.2011 184MB 2.0.1.11053_66 unnötig Samsung Mobile phone USB driver Drive Software 17.02.2010 unnötig Samsung PC Studio 3 USB Driver Installer Samsung Electronics Co., Ltd. 17.02.2010 3.2.0.70701 unnötig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 26.06.2011 41,3MB 1.3.2300.0 unnötig Skype™ 5.10 Skype Technologies S.A. 13.09.2012 19,4MB 5.10.116 notwendig Star Wars: The Force Unleashed Activision 16.01.2010 1.0 unnötig StarCraft II Blizzard Entertainment 14.01.2011 1.2.0.17326 unnötig Steam Valve Corporation 01.12.2009 42,2MB 1.0.0.0 notwendig Stronghold 3 Firefly Studios 16.12.2011 unnötig Stronghold Kingdoms Firefly Studios 03.01.2012 125MB unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 19.09.2010 notwendig Tom Clancy's Splinter Cell Double Agent Ubisoft 30.12.2009 1.00.0000 unnötig Torchlight 2 28.10.2012 1.1.1.1 unnötig TuneUp Utilities 2012 TuneUp Software 21.08.2012 12.0.3600.73 notwendig Visual Studio 2010 x64 Redistributables AVG Technologies 29.03.2013 12,4MB 13.0.0.1 notwendig VLC media player 1.1.6 VideoLAN 31.01.2011 1.1.6 notwendig WinRAR 26.12.2009 notwendig |
|
28.05.2013, 22:05
| #21 |
| /// Malware-holic | Schon wieder GVU Virus deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Combat Command Crysis CyberLink DVDVideoSoftTB Google Chrome Hardwarediagnosetools Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Left 4 LightScribe Mozilla Firefox Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar neueste instalieren. Deinstaliere: pdfforge Power2Go PowerDirector Samsung : alle Star Wars: StarCraft Stronghold : beide Tom Torchlight TuneUp : verzichte bitte auf solchen Unsinn, viele Funktionen können dem PC schaden, oder bringen nichts. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ --> Schon wieder GVU Virus |
|
31.05.2013, 06:13
| #22 |
| | Schon wieder GVU Virus Ganz schöner Batzen zu tun diesmal  Also ich hab alles deinstalliert aber beim Link zum Flashplayer hat der mir gleich wieder Google Chrome aufs Auge gedrückt  Nochmal deinstallieren? AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 31/05/2013 um 07:09:03 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Sentencer - BULLSHIT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sentencer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRABRNWJ\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\searchplugins\daemon-search.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Users\Sentencer\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Sentencer\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Sentencer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sentencer\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Sentencer\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\extensions\{238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9}
Ordner Gelöscht : C:\Users\Sentencer\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\incredibar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3158970
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\prefs.js
C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Gelöscht : user_pref("CT3158970.autoDisableScopes", 10);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://de.ask.com/?l=dis&o=");
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\Sentencer\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [5777 octets] - [31/05/2013 07:09:03]
########## EOF - C:\AdwCleaner[S1].txt - [5837 octets] ##########
|
|
31.05.2013, 10:25
| #23 |
| /// Malware-holic | Schon wieder GVU Virus kannst du, obwohl ich dir raten würde von Firefox auf chrome umzusteigen, da sicherer und meist auch schneller. Hitmanpro laden: HitmanPro - Download - Filepony Nichts löschen. Auf weiter, Log speichern unter, bzw als xml exportieren, dann posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 19:15
| #24 |
| | Schon wieder GVU Virus bitte schön: Code:
ATTFilter HitmanPro 3.7.5.199
www.hitmanpro.com
Computer name . . . . : BULLSHIT
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Bullshit\Sentencer
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-05-31 19:47:26
Scan mode . . . . . . : Normal
Scan duration . . . . : 11m 22s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 265
Objects scanned . . . : 1.770.902
Files scanned . . . . : 26.231
Remnants scanned . . : 704.905 files / 1.039.766 keys
Suspicious files ____________________________________________________________
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\dll\wc002220.dll
Size . . . . . . . : 899.576 bytes
Age . . . . . . . : 1128.9 days (2010-04-28 21:30:31)
Entropy . . . . . : 7.6
SHA-256 . . . . . : FC8930F99A9D1B394B5A55BD7D95306E4A6BD27F67A8A4768A875C48A1DCAD1E
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\dll\wc002261.dll
Size . . . . . . . : 951.318 bytes
Age . . . . . . . : 889.9 days (2010-12-23 21:59:22)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\dll\wc002263.dll
Size . . . . . . . : 944.298 bytes
Age . . . . . . . : 812.9 days (2011-03-10 21:28:41)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E570C42135F4E074FEA64029B4F9923775EBB7BBB3276A02F212621D7660A506
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\dll\wc002267.dll
Size . . . . . . . : 942.669 bytes
Age . . . . . . . : 766.0 days (2011-04-26 19:48:16)
Entropy . . . . . : 7.6
SHA-256 . . . . . : B7EC3BEE9879391E80F191AC1D91CB71FB681798E4A5AE1BA122F4DCDAC7B114
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\dll\wc002269.dll
Size . . . . . . . : 952.683 bytes
Age . . . . . . . : 763.9 days (2011-04-28 21:05:29)
Entropy . . . . . : 7.6
SHA-256 . . . . . : A23DC409633A449EA2C5D0A79B9D0A01270F50000234FB540B20C5547E26AB5D
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\dll\wc002272.dll
Size . . . . . . . : 953.145 bytes
Age . . . . . . . : 755.9 days (2011-05-06 22:24:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E1C07F31EC35315E00F8AB0BE5C4F80DD9AAEBEE7E760BBF9AFCC02D35BEBF2F
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\dll\wc002277.dll
Size . . . . . . . : 960.138 bytes
Age . . . . . . . : 643.9 days (2011-08-26 22:25:23)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
Size . . . . . . . : 960.138 bytes
Age . . . . . . . : 566.0 days (2011-11-12 18:40:24)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BC2\pb\pbclold.dll
Size . . . . . . . : 960.138 bytes
Age . . . . . . . : 1149.0 days (2010-04-08 20:28:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
Size . . . . . . . : 948.118 bytes
Age . . . . . . . : 453.8 days (2012-03-03 23:39:46)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
Size . . . . . . . : 956.681 bytes
Age . . . . . . . : 420.3 days (2012-04-06 13:26:28)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
Size . . . . . . . : 949.613 bytes
Age . . . . . . . : 230.9 days (2012-10-12 21:27:44)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-0.2s C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\htm\wc002317.htm
-0.2s C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\htm\wc002317.htm
0.0s C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
Size . . . . . . . : 949.613 bytes
Age . . . . . . . : 217.0 days (2012-10-26 20:09:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
Size . . . . . . . : 949.613 bytes
Age . . . . . . . : 552.0 days (2011-11-26 20:27:08)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Size . . . . . . . : 139.328 bytes
Age . . . . . . . : 552.0 days (2011-11-26 20:27:35)
Entropy . . . . . : 7.8
SHA-256 . . . . . : F6552C37C04FD92554BD715F9E98B41E3D711C8AC37C757FBCFDDD69738FBE5E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Sentencer\AppData\Local\PunkBuster\MOH\pb\dll\wc002246.dll
Size . . . . . . . : 909.302 bytes
Age . . . . . . . : 920.1 days (2010-11-23 18:26:45)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 7D00D6C826ECB0EEA17D542E28D38593FEE279ED8AA801F08D0A58FEBE0F1F18
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\MOH\pb\dll\wc002262.dll
Size . . . . . . . : 942.784 bytes
Age . . . . . . . : 823.9 days (2011-02-27 21:01:46)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 316C5751F0AB84A097C72C0A2F9E79730A68285FD4075EFE8F47945648E0D24A
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\MOH\pb\pbcl.dll
Size . . . . . . . : 942.784 bytes
Age . . . . . . . : 756.0 days (2011-05-06 19:43:08)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 316C5751F0AB84A097C72C0A2F9E79730A68285FD4075EFE8F47945648E0D24A
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\MOH\pb\pbclold.dll
Size . . . . . . . : 942.784 bytes
Age . . . . . . . : 966.9 days (2010-10-07 21:29:11)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 316C5751F0AB84A097C72C0A2F9E79730A68285FD4075EFE8F47945648E0D24A
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\MOH\pb\pbcls.dll
Size . . . . . . . : 895.844 bytes
Age . . . . . . . : 934.8 days (2010-11-08 23:31:29)
Entropy . . . . . : 7.6
SHA-256 . . . . . : FC3B4CA8E757E4C9EE740E84419DDB76AE60D20711C49C993B74FCCFFB58F2F9
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Sentencer\AppData\Local\PunkBuster\MOH\pb\PnkBstrK.sys
Size . . . . . . . : 138.440 bytes
Age . . . . . . . : 966.9 days (2010-10-07 21:29:23)
Entropy . . . . . : 7.8
SHA-256 . . . . . : D7DB2348D00FEF21B1064615ED21B4CEB8E3EB983460684ACD4AB0EBB9B98D7D
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\Sentencer\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
Size . . . . . . . : 55.816 bytes
Age . . . . . . . : 5.9 days (2013-05-25 22:19:19)
Entropy . . . . . : 7.0
SHA-256 . . . . . : 4DBB532A9CDCF078E2A7F48A6E31F254119B8AE0F5140DE706BEDD79CFB79301
Product
Description
Version . . . . . : 5.2.0.2
Copyright
Fuzzy . . . . . . : 26.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Program is running but currently exposes no human-computer interface (GUI).
Authors name is missing in version info. This is not common to most programs.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-0.0s C:\Users\Sentencer\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\
0.0s C:\Users\Sentencer\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
C:\Users\Sentencer\Documents\BFBC2\pb\pbcl.dll
Size . . . . . . . : 891.962 bytes
Age . . . . . . . : 543.8 days (2011-12-04 23:34:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : A324BDA2B890227F72D9F12323AD3FF51582CE312286C296F6558BD3F3927616
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Cookies _____________________________________________________________________
C:\Users\Sentencer\AppData\Roaming\Microsoft\Windows\Cookies\4DX0ZSQM.txt
C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\cookies.sqlite:doubleclick.net
C:\Users\Sentencer\AppData\Roaming\Mozilla\Firefox\Profiles\uz0zf0kj.default\cookies.sqlite:serving-sys.com
|
|
31.05.2013, 19:22
| #25 |
| /// Malware-holic | Schon wieder GVU Virus alles was hitman als Cookies _____________________________________________________________________ bezeichnet, kannst du löschen Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 23:23
| #26 |
| | Schon wieder GVU Virus OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2013 00:09:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sentencer\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,14 Gb Available Physical Memory | 69,14% Memory free 11,98 Gb Paging File | 10,19 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,17 Gb Total Space | 512,14 Gb Free Space | 55,60% Space Free | Partition Type: NTFS Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,68% Space Free | Partition Type: NTFS Computer Name: BULLSHIT | User Name: Sentencer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sentencer\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\games\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Philips\GoGear Spark Device Manager\main.exe (KeenHigh Tech.) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Users\Sentencer\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll () MOD - C:\games\Steam\bin\chromehtml.dll () MOD - C:\games\Steam\SDL2.dll () MOD - C:\games\Steam\bin\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\games\Steam\bin\avcodec-53.dll () MOD - C:\games\Steam\bin\avformat-53.dll () MOD - C:\games\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\Philips\GoGear Spark Device Manager\SigmaTel.dll () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\SearchScopes,DefaultScope = {5ED129F9-5087-4B0B-B242-6F8E17D74FEF} IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\SearchScopes\{5ED129F9-5087-4B0B-B242-6F8E17D74FEF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\SearchScopes\{7F746C26-ECA1-48CC-AEF7-695CF98CE83F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=ba90a4ec-4449-4a1b-8e03-b133226c7a84&apn_sauid=F31FF262-BB98-436C-87F4-E3755D770BB7 IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\SearchScopes\{902D76CD-4644-4E24-B5B4-3F14BEC37261}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1005\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=de_DE&c=94&bd=Pavilion&pf=cndt IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..extensions.enabledAddons: addon%40youtubeanywhere.com:2.1.89 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.30 22:17:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.30 22:17:32 | 000,000,000 | ---D | M] [2009.12.25 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sentencer\AppData\Roaming\mozilla\Extensions [2013.05.31 07:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sentencer\AppData\Roaming\mozilla\Firefox\Profiles\uz0zf0kj.default\extensions [2012.08.03 21:42:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sentencer\AppData\Roaming\mozilla\Firefox\Profiles\uz0zf0kj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.25 21:44:08 | 000,000,000 | ---D | M] (YouTubeAnywhere) -- C:\Users\Sentencer\AppData\Roaming\mozilla\Firefox\Profiles\uz0zf0kj.default\extensions\addon@youtubeanywhere.com [2013.05.31 06:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.08.24 20:20:10 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.31 06:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.05.31 06:55:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.31 18:53:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - Extension: YouTubeAnywhere = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjncgbafaonlkolfjaaoolfoaechkpn\2.1.89_0\ CHR - Extension: YouTube = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: YouTube = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google-Suche = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\Sentencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.05.25 22:18:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (YouTubeAnywhere) - {8015C430-448C-4003-A969-274F7F0F2D9C} - C:\Users\Sentencer\AppData\LocalLow\YouTubeAnywhere\IE\YouTubeAnywhere.dll (Diego Casorran) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000..\Run: [Steam] C:\games\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3902464133-3703953061-810384064-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 41975 = C:\PROGRA~3\LOCALS~1\Temp\msuouoxqc.pif O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3902464133-3703953061-810384064-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sentencer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sentencer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EDAC4DA-541E-46A4-9A80-1D4ED613F74C}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.05.31 19:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.05.31 07:25:44 | 000,000,000 | ---D | C] -- C:\Users\Sentencer\AppData\Local\Macromedia [2013.05.31 06:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.31 06:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.31 06:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.05.30 22:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.05.28 22:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.05.28 22:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.28 16:22:06 | 000,000,000 | ---D | C] -- C:\Users\Sentencer\AppData\Roaming\Malwarebytes [2013.05.28 16:22:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.28 16:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.28 16:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.28 16:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.28 16:21:44 | 000,000,000 | ---D | C] -- C:\Users\Sentencer\AppData\Local\Programs [2013.05.26 02:42:34 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.25 22:26:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.25 22:18:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.25 22:04:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.25 22:04:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.25 22:04:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.25 22:01:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.25 22:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.25 21:59:49 | 005,071,432 | R--- | C] (Swearware) -- C:\Users\Sentencer\Desktop\ComboFix.exe [2013.05.25 21:37:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sentencer\Desktop\tdsskiller.exe [2013.05.25 21:07:29 | 000,000,000 | ---D | C] -- C:\9838ad918078db8f1d [2013.05.15 23:53:49 | 000,000,000 | ---D | C] -- C:\found.000 ========== Files - Modified Within 30 Days ========== [2013.05.31 23:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.31 23:53:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.31 07:18:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 07:18:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 07:11:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.31 07:10:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.31 07:10:18 | 529,854,463 | -HS- | M] () -- C:\hiberfil.sys [2013.05.31 06:55:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.31 06:54:11 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.31 06:47:15 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.28 22:47:32 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.28 16:22:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.27 22:45:42 | 001,650,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.27 22:45:42 | 000,710,854 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.27 22:45:42 | 000,663,876 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.27 22:45:42 | 000,153,964 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.27 22:45:42 | 000,126,006 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.27 03:22:51 | 000,343,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.25 22:18:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.25 22:00:03 | 005,071,432 | R--- | M] (Swearware) -- C:\Users\Sentencer\Desktop\ComboFix.exe [2013.05.25 21:37:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sentencer\Desktop\tdsskiller.exe ========== Files Created - No Company Name ========== [2013.05.31 07:25:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.31 06:55:23 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.31 06:55:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.31 06:47:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.05.31 06:47:15 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.31 06:44:03 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.31 06:43:48 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.31 06:43:48 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.28 22:47:32 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.28 16:22:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.25 22:04:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.25 22:04:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.25 22:04:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.25 22:04:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.25 22:04:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.29 13:12:27 | 000,000,004 | ---- | C] () -- C:\Users\Sentencer\AppData\Roaming\AltShell.ini [2012.03.22 21:09:46 | 000,007,604 | ---- | C] () -- C:\Users\Sentencer\AppData\Local\Resmon.ResmonCfg [2011.07.03 21:05:51 | 000,114,180 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2010.09.25 21:34:24 | 000,006,144 | ---- | C] () -- C:\Users\Sentencer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.27 21:40:04 | 000,000,228 | ---- | C] () -- C:\Users\Sentencer\AppData\Roaming\wklnhst.dat [2010.01.11 07:13:33 | 000,000,097 | ---- | C] () -- C:\Users\Sentencer\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.29 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\AVG2013 [2010.07.31 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Command & Conquer 3 Kanes Rache [2010.07.23 21:44:30 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2013.05.31 06:59:53 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\DAEMON Tools Lite [2010.07.20 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\DAEMON Tools Pro [2012.10.12 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\DVDVideoSoft [2012.01.03 18:52:09 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Firefly Studios [2010.12.31 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\GetRightToGo [2012.10.02 00:14:26 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Gutie [2011.08.06 21:10:24 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Imaxel [2010.12.31 18:33:55 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Opera [2012.10.12 20:07:40 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Origin [2011.06.26 11:05:28 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Samsung [2012.03.20 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\TeamViewer [2010.01.27 21:40:04 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Template [2010.10.03 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\TS3Client [2012.08.03 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\TuneUp Software [2012.10.12 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Ubguvi [2009.12.10 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Ubisoft [2010.11.13 19:34:23 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\VSX [2012.03.21 08:17:43 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Windows Desktop Search [2012.10.07 01:50:10 | 000,000,000 | ---D | M] -- C:\Users\Sentencer\AppData\Roaming\Zealc ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.05.30 21:25:06 | 000,000,000 | ---D | M] -- C:\$AVG [2013.05.25 22:18:38 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2013.05.25 21:07:31 | 000,000,000 | ---D | M] -- C:\9838ad918078db8f1d [2010.07.18 17:53:31 | 000,000,000 | ---D | M] -- C:\Alte Kamerakarte [2013.05.31 06:57:05 | 000,000,000 | ---D | M] -- C:\data [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.01 23:13:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.05.15 23:53:49 | 000,000,000 | ---D | M] -- C:\found.000 [2013.05.30 22:24:29 | 000,000,000 | ---D | M] -- C:\games [2012.09.11 20:56:56 | 000,000,000 | ---D | M] -- C:\Hasi [2010.02.28 11:20:07 | 000,000,000 | ---D | M] -- C:\hp [2009.09.22 17:25:10 | 000,000,000 | ---D | M] -- C:\Intel [2013.02.08 10:27:56 | 000,000,000 | ---D | M] -- C:\Kamera 8.2.13 [2013.05.17 00:40:02 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2010.07.20 20:40:46 | 000,000,000 | R--D | M] -- C:\MSOCache [2013.02.02 12:44:13 | 000,000,000 | ---D | M] -- C:\music [2011.11.27 21:20:51 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010.04.13 18:36:32 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.30 22:36:09 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.31 07:09:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.05.31 19:46:42 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.12.01 23:13:54 | 000,000,000 | -HSD | M] -- C:\Programme [2013.05.25 22:26:59 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.09.07 10:01:16 | 000,000,000 | ---D | M] -- C:\Sicherung Bilder 7.9 [2010.08.23 23:33:45 | 000,000,000 | ---D | M] -- C:\Sicherung Photo 23_08_10 [2013.06.01 00:10:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.04.15 03:07:23 | 000,000,000 | ---D | M] -- C:\Temp [2010.11.03 15:53:33 | 000,000,000 | ---D | M] -- C:\torrents [2010.07.12 13:02:57 | 000,000,000 | ---D | M] -- C:\Urlaub 2009 [2011.11.27 22:05:37 | 000,000,000 | R--D | M] -- C:\Users [2013.05.31 07:01:49 | 000,000,000 | ---D | M] -- C:\Windows [2013.05.28 20:46:45 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.05.31 06:43:48 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.05.31 06:43:48 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.05.31 07:25:37 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\hp\drivers\Intel_Storage\IaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a012329c4d1be4fd\iaStor.sys [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_023f2cfe3fa02200\iaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.01 00:10:15 | 003,932,160 | -HS- | M] () -- C:\Users\Sentencer\NTUSER.DAT [2013.05.26 02:39:05 | 000,008,192 | -H-- | M] () -- C:\Users\Sentencer\ntuser.dat.LOG [2013.06.01 00:10:15 | 000,262,144 | -HS- | M] () -- C:\Users\Sentencer\ntuser.dat.LOG1 [2009.12.01 23:14:01 | 000,000,000 | -HS- | M] () -- C:\Users\Sentencer\ntuser.dat.LOG2 [2009.12.02 01:16:46 | 000,065,536 | -HS- | M] () -- C:\Users\Sentencer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2009.12.02 01:16:46 | 000,524,288 | -HS- | M] () -- C:\Users\Sentencer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2009.12.02 01:16:46 | 000,524,288 | -HS- | M] () -- C:\Users\Sentencer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2009.12.01 23:14:01 | 000,000,020 | -HS- | M] () -- C:\Users\Sentencer\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Sentencer\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Sentencer\Desktop\desktop.ini:gs5sys < End of report > |
|
31.05.2013, 23:24
| #27 |
| | Schon wieder GVU Virus OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 00:09:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sentencer\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,14 Gb Available Physical Memory | 69,14% Memory free
11,98 Gb Paging File | 10,19 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,17 Gb Total Space | 512,14 Gb Free Space | 55,60% Space Free | Partition Type: NTFS
Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,68% Space Free | Partition Type: NTFS
Computer Name: BULLSHIT | User Name: Sentencer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3902464133-3703953061-810384064-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Hasi\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Hasi\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Hasi\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Hasi\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Hasi\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Hasi\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E18928-B735-4078-BE48-ABAC1623339E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08FDB852-4E0C-4CF0-A55D-61862AC1C47C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2507063A-62D6-45BB-9802-4B8CA3399F76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A171D79-4457-4B30-9CB6-32AE7F06C83E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49054B77-55F1-456A-A5E2-9444A9B99CBB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A992D73-4966-4109-8F56-16BFE77C1FC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B2E93A9-3D20-4CCD-8104-A53DD3F13CB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{903ED504-4A49-4703-8E2A-665A16FBE1A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F2E6A04-AB8A-47F2-8F6F-CC23A2BBDF5B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2670D33-6422-4ADF-8EC8-C8229069847B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD5A35F7-92A5-4B43-AB3D-7A4FBBD0C578}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00945D1B-0B4E-424E-BA17-DB86921DBAE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{040BFC4C-82D7-4298-9C4A-3EA31D63B18B}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty black ops\blackops.exe |
"{0867C3C7-683B-4BE0-A2AA-C2A6ECF5B863}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{097DF778-D5C7-47DA-A835-0FE29F096C59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A096FB5-873E-4849-B4E3-46A107C87F55}" = protocol=17 | dir=in | app=c:\games\anno 1404\anno4.exe |
"{0AFB6538-3C36-43EE-A514-990663663F88}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0C234A6E-B966-4DEE-A9BB-0E3B5C5CABE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CFE6D9D-862B-4C7A-A97B-6B6B4B85C23C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E952B0F-EB0E-46E3-B989-889BDCA04AA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0ECB644B-53D3-4CEC-91A2-82D1FFE2A1F3}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0FBCCDBA-C8DB-46FA-88A9-BB27995C3024}" = protocol=6 | dir=in | app=c:\games\fear\fear.exe |
"{0FF14235-E4C1-434C-AEE5-0061CD3F464A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{103E15C6-6D2B-4D45-8E9F-ABE26CC268C6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{12725068-BBCA-4E80-A4E6-7BEC685B589D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{12FE4E93-E8DC-46EF-A244-B4296B842C06}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{141DE573-030B-447D-B982-202D104AC1AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14B52E9E-C8BB-4989-B568-2C2E12CF61EF}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{15F06B97-F116-42C3-9B0B-1FF7605A9208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17ACA385-608C-4A9E-A048-C6A2EF2D9F37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{180D44B8-5B5C-4FE4-B108-82438ABA96ED}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1A8CAA25-00EB-4F95-9FC6-EE3BFA7B9C34}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{1B24235A-2703-4CFB-AA5E-FDFF247CA66A}" = protocol=6 | dir=in | app=c:\games\crysis\bin32\crysis.exe |
"{1C01AF83-4411-449A-94F1-F08C7C06BAAE}" = protocol=17 | dir=in | app=c:\games\crysis\bin32\crysis.exe |
"{1D4E13CF-E18E-4DBA-81DD-C9113E164468}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{1DCB5CE3-E439-4A99-8349-30D72E7529FC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{1E4A08AB-62C8-4C20-BACB-B53B9561F258}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{240BC7B4-79DC-4477-B3CD-6EA7B04091B9}" = protocol=6 | dir=in | app=c:\games\cod4mw\iw3mp.exe |
"{2442C5DF-73CC-486A-AEBD-B6E8898C08BF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{26DFC5C3-FEF7-48D3-A7BF-611637B417CA}" = protocol=6 | dir=in | app=c:\games\anno 1404\anno4.exe |
"{26E5673F-024C-48B0-B41D-F4B13827DBBB}" = protocol=17 | dir=in | app=c:\games\battlefield 3\battlefield 3\bf3.exe |
"{2C030E2A-627D-4547-81B0-930E4C0A87B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DC0D865-474A-4800-A2AF-827CAF53C61B}" = protocol=17 | dir=in | app=c:\games\torchlight 2\torchlight2.exe |
"{2E9DF18F-BE76-41AB-A9C8-8A5FDE7A75FB}" = protocol=17 | dir=in | app=c:\games\fear\fearmp.exe |
"{321F836A-5992-406A-900D-F20C87CDC752}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{33796847-FD20-4737-82E9-6038A5D3894F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{343C00A8-BE0A-481F-8379-9868348D68D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{360597FF-C395-485E-85B9-0863632F67D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36C69EE4-43F9-4EC9-92B4-8BAF7F479285}" = protocol=17 | dir=in | app=c:\games\torchlight 2\tl2.runic.launcher.exe |
"{37B22D1E-9680-4293-AF06-F3EB3E853CCA}" = protocol=6 | dir=out | app=system |
"{396E029A-69F5-4692-8580-0912D38119C8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{39B3C2A4-C240-4D33-9202-F0197749E813}" = protocol=6 | dir=in | app=c:\games\crysis\bin64\crysisdedicatedserver.exe |
"{3D4CD4F9-08B9-48BB-B96B-2ED22C01389B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D975AA4-684A-4766-9849-EB837282918D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3E288462-8C2F-4411-AFA5-2984800F11F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FEBE4D3-F565-48DA-B37E-E2F116F84E75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{400D2541-2E2C-4D57-AB96-868BBCCABD82}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{425139EF-5DC2-47B7-922A-24A46C438803}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{450FEEB7-D2AC-4357-B7D3-1FA2245062EB}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{4AB30268-D499-46A1-85D0-214E50FE9ECA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4AF22B24-BC79-450F-8758-04D589C126D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D31048D-96BC-4A97-9AF6-883F76EB89BE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4D60A473-6B37-4B0C-B902-2F30209DDD39}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4D6EEBF5-B892-44D9-8816-D731123B7F8E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E0AA013-2252-498D-95AE-9DE0D18C937E}" = protocol=6 | dir=in | app=c:\games\torchlight 2\torchlight2.exe |
"{51A04899-5A55-46B3-956E-7FD043EA01EC}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe |
"{538F15BA-6AC1-44CB-8689-A23DF6B1CD34}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{546C54E4-F1A0-4DF2-B072-05AB74C6C362}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5493E21C-616B-42EA-BF1A-15E7A17ACF1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{551ED0BA-69A1-4034-8E6A-BA4C4E95B90B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{56562C1E-8A0D-4D04-9BE6-65410C15B8B1}" = protocol=6 | dir=in | app=c:\games\torchlight 2\tl2.runic.launcher.exe |
"{5818489D-752F-482E-8798-5EF95CAE3CB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58FAB0FC-4692-43C7-9628-DCB8A9DC3490}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{596302B7-C403-461E-BF8F-484013B96EBC}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{5AA6670C-BB24-4905-AA33-324C01CE9F70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5B241A31-2040-4C2C-B33D-8A2E31AE8429}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E764A2B-1BD0-424F-95B5-4792733436A1}" = protocol=6 | dir=in | app=c:\games\anno 1404\tools\anno4web.exe |
"{5ECF3A10-969A-47B7-8730-98054832F86A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6161EFC0-6C69-4BD9-AC20-1AAC8F8693FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{618CA5D7-2C0D-4966-B93F-489CEC42B385}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{62D9733D-2D55-4617-9B7D-F96BADE823AC}" = protocol=6 | dir=in | app=c:\games\call of duty - world at war\codwawmp.exe |
"{68F30845-1DE2-47C1-A16A-69798AB835D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6954527B-1768-4168-A625-9E3CEDF6CF15}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{6A7018C7-4FDA-45EB-82EB-845B81CC9428}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6EDC7182-6FB1-492E-9E5E-9C5B2C4394C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F80FC63-F058-45DF-BF95-65691234F1C8}" = protocol=17 | dir=in | app=c:\games\crysis\bin64\crysis.exe |
"{6FA64544-D699-496D-9C09-D5C314BB3311}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73437F39-CCB9-401D-BD46-C46D332B4EDC}" = protocol=17 | dir=in | app=c:\games\battlefield bad company 2\bfbc2updater.exe |
"{74B13FFD-2A35-4EE8-8317-C34A8A678293}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{76F8146C-8322-46E1-B011-E533D2686BCC}" = protocol=6 | dir=in | app=c:\games\crysis\bin32\crysisdedicatedserver.exe |
"{78B891DE-F4B8-4FB1-BD91-CD2769299889}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{797AE015-3A7D-459F-A7AA-40DEB2148469}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{7B6C2DB6-2A3C-4CFB-A8D7-C8A9B7B9E32B}" = protocol=17 | dir=in | app=c:\games\anno 1404\tools\anno4web.exe |
"{7B986E8B-1206-404D-B33E-2B4224FFC1C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C831E33-66BE-4971-A9E0-18E29F90B14C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{801CF24F-54EA-473E-A2BA-3DAC3E629EF7}" = protocol=6 | dir=in | app=c:\games\battlefield 3\battlefield 3\bf3.exe |
"{810C7490-D55B-491E-936C-D60001C8C88B}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe |
"{843B34FF-2F79-48D6-BCB6-56E224E7099F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{883E42BF-74AA-4F8B-AC9C-0FCFB9970D54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89626932-2FA4-40A8-BFB2-1C764A6846FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{8CBAC44C-D2DE-42B2-8C73-8E695FBC5C5F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8EDA03DB-2353-47E0-8171-511EDC6FF090}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F00F74E-BE93-4243-9922-E739906BAF1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F0FBBE3-5177-4A81-A794-4C1658F048E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F7B0D51-078E-4115-A445-92AE22F9521C}" = protocol=6 | dir=in | app=c:\games\battlefield bad company 2\bfbc2updater.exe |
"{900779CE-465C-4FDE-BA91-F577A1B915D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90AFA69F-90D3-4C0C-9FAC-D4F53DD7C727}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9159189B-6EB2-4428-BBE7-CBE38B2CA3B7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{92E994F7-DF26-4F48-A3E0-60B064641E51}" = protocol=17 | dir=in | app=c:\games\cod4mw\iw3mp.exe |
"{93ED21A4-1FAF-496B-8751-D2D190EB3B05}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{9DD0F75C-C0DE-4621-AACB-FE63918C121C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A03BEFCB-53DD-42A3-B530-4F263073007D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A0BFF9A7-D0EE-47C0-98A5-85A46DA3964F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1B6D4F1-C26D-482C-8407-F093A7AA4804}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{A1DAED02-731F-437F-89A1-08D9E193AE2D}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{A27430E1-7F54-4587-8059-D2EA38BC8C5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2B16527-0599-4E65-B433-9CB5FD6A70A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3A24D1A-63D9-43C8-A709-125B4A01AB70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A889D0D5-1194-4015-B78A-FE7973D79CBC}" = protocol=6 | dir=in | app=c:\program files (x86)\midway games\blacksite\binaries\blacksite.exe |
"{A969F959-0DE6-49EF-9B19-A2507C056677}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{ABEB27A0-D7EC-4330-82A9-3AB0523B3B83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD4D0D7C-EDCF-4FB1-9273-B06B5F9891F9}" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe |
"{AEFDF64D-1F64-455E-863F-B0930F4C52FD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{AFBA1AD1-FFAD-4527-98DB-224C65AF08FC}" = protocol=17 | dir=in | app=c:\games\fear\fear.exe |
"{B04D4801-B2E5-4ABF-83CA-B3A5BB947CF2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B06CDF73-A5CC-4D0D-9DF9-50C847C8BE5E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{B1B75064-DBEE-4274-83E2-D22D771B617F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1F9D3C0-33C1-4B88-8B92-D0D898FF0F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B3831F0A-2D17-4BBD-9978-40570215B173}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B63FB7AB-226A-45C0-8622-51DFC17F3FF7}" = protocol=17 | dir=in | app=c:\games\medal of honor mp open beta\mohmpupdater.exe |
"{B69BDF41-F789-4DD9-BA7E-4BAB1F7936A1}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
"{B7895670-76EE-4A18-A3CF-35A6DFD0D86D}" = protocol=17 | dir=in | app=c:\games\crysis\bin32\crysisdedicatedserver.exe |
"{B7BBC2AE-0691-4027-AE89-8C2C229F8958}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty black ops\blackops.exe |
"{B7C49FC4-C8D2-4F4D-8C89-48DC3D686E05}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{B86F2661-1641-470D-8F27-29892380D175}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B8F2851B-3503-44DA-B11A-D4F92C480938}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{BC0B28DE-408A-495C-8137-726F9C7A2211}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{BC569485-551D-41A6-87A7-A016E0FC1DC2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE5717F8-5D37-4E02-BC2A-14E329113871}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BEF4D7A8-5274-4134-92E2-EC8B388B7A2D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C08928A1-0E97-4673-A218-9A9BD47A83A6}" = protocol=6 | dir=in | app=c:\games\call of duty - world at war\codwaw.exe |
"{C3DD1A78-0598-40F2-B63B-CF45FAA5A439}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C4D37148-EE24-4C17-99EF-6D39382F936F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C54C8DC4-C61E-4826-A851-82FBF1287B0D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C88012E4-6485-4E36-949F-8A874D34C77E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{CA859080-CF0E-4F9D-A1D8-F6ECBB96BC06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CBA2A7CF-63C0-48CD-82E5-C02A68F47AA7}" = protocol=17 | dir=in | app=c:\games\call of duty - world at war\codwaw.exe |
"{CBD8E5E2-095B-4994-9238-022F2CD2A747}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF1EB7C6-C196-4B30-B691-E7751E5F7CDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D194EF6B-EFFC-4DD8-B0BE-C31258B7ED35}" = protocol=17 | dir=in | app=c:\program files (x86)\midway games\blacksite\binaries\blacksite.exe |
"{D4C1B4DB-4150-4196-BEBB-53651FD6D498}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{D9012252-4700-41E4-A1B6-4BDB8F2FD758}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{DAF54B9B-3650-4EEC-8900-93FD297E3EDB}" = protocol=6 | dir=in | app=c:\games\fear\fearmp.exe |
"{DB8B3194-37AC-4BEB-8893-700D12AFBDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{DC50A8C3-0B9D-4B0C-8A62-D8080D6CE747}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD66E8A4-C72E-454B-B689-FB79E6FBD286}" = protocol=17 | dir=in | app=c:\games\crysis\bin64\crysisdedicatedserver.exe |
"{DD7F33E5-7387-40BA-BCBB-CE2CE19A2366}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DE86DA18-5B9C-498B-8794-FC67EF312E3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E233BE22-8FE9-45E6-9559-8FD4668214EE}" = protocol=6 | dir=in | app=c:\games\crysis\bin64\crysis.exe |
"{E2B299E2-0CF1-4C16-8508-04E065E1A34D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E48C1C41-512F-4555-B878-EC3A8CE66083}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4B5AC90-47E1-4A6C-BAD1-DD200608FA3E}" = protocol=6 | dir=in | app=c:\games\medal of honor mp open beta\mohmpupdater.exe |
"{E59A0EEB-BC82-4AEF-9E6C-5744C11739EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E749F0C3-DDEC-4BDE-A551-1278677A8D29}" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe |
"{E9CC5D7D-2263-4069-AE31-CA1454B1D29C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBD70542-127B-4B51-9C5B-DA0E94A307A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECA74661-E726-40BA-B4BE-454BB4B75D71}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ED04305B-CDF8-4C1F-B8C9-1577CAE1DFE8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F02FA094-2225-4225-8022-ECDAA5BF848A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F04C6DE0-49C2-4AD0-9C03-04DEAEDADAD0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{F13C92AF-E281-4BCE-94B4-C05074DF2109}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{F5101C0A-3EBB-4093-A944-BBBD2C5E6F58}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{F528D27E-4D3C-4036-BACD-EE18775F4D3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5CFE65C-BBEE-41ED-AA3A-A3439CABAFA1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F812E372-053C-483C-9911-EC3F0C08F4AC}" = protocol=17 | dir=in | app=c:\games\call of duty - world at war\codwawmp.exe |
"{F8CD8774-6D9E-4746-AE6C-437E069A2558}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe |
"{F92F9314-2D08-4150-8819-0F4ACEB77AAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA818267-C185-47EE-82B0-B3182D72AAEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB7955CF-BC39-4E72-934D-B87CF919DF73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC2F9789-F792-4EF3-8811-BA2472318430}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE9DB386-5EF9-4E6B-98EA-6331D9D905B4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"TCP Query User{05B35CCD-FAD9-4043-9589-7419C3C213A7}C:\games\medal of honor mp open beta\mohmpgame.exe" = protocol=6 | dir=in | app=c:\games\medal of honor mp open beta\mohmpgame.exe |
"TCP Query User{24D3E962-7D2E-4A45-9388-053F3383E181}C:\games\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\games\medal of honor\mp\mohmpgame.exe |
"TCP Query User{3DDFA99E-2E26-4DDE-9603-9D75B5065380}C:\games\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\games\medal of honor\binaries\moh.exe |
"TCP Query User{40DDF994-2077-431F-94BC-6981235F41BC}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{47B0B724-A50D-4A76-B21F-FC45FAC76B47}C:\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\games\anno 1404\tools\anno4web.exe |
"TCP Query User{5EE7E729-BE80-4AA1-9BDE-96A03DB760F9}C:\users\sentencer\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\sentencer\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{AD5AEAD8-0460-424C-95AF-BD6ADE2612B3}C:\games\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\games\medal of honor\mp\mohmpgame.exe |
"TCP Query User{B24E7043-3683-4DE2-9CB9-19EF9FD3C24C}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{0B7DB09E-0363-4DDF-814F-5227955E10A9}C:\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\games\anno 1404\tools\anno4web.exe |
"UDP Query User{41AAE78D-3528-4EA8-B534-D3531458FB7B}C:\games\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\games\medal of honor\mp\mohmpgame.exe |
"UDP Query User{4F842298-E5EC-4027-8CDE-F8D3484DF4E2}C:\games\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\games\medal of honor\mp\mohmpgame.exe |
"UDP Query User{7CC37F39-01CA-49D0-AD88-2F1665CC17AC}C:\games\medal of honor mp open beta\mohmpgame.exe" = protocol=17 | dir=in | app=c:\games\medal of honor mp open beta\mohmpgame.exe |
"UDP Query User{83FFF99B-3E21-45D4-9DE9-5C642289F119}C:\games\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\games\medal of honor\binaries\moh.exe |
"UDP Query User{CB475941-E7B2-4FF5-B628-7D067C190B69}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{D3E1F5CB-8CC9-48C2-A5EA-3461EF619466}C:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\games\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{DED15A1F-5278-4E48-8B44-3837CE0C7DE6}C:\users\sentencer\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\sentencer\appdata\local\temp\electronicarts_patcher_000.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C3C2983F-BF2E-431D-B140-C678B60A8FB7}" = GoGear Spark Device Manager
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5AED751-CD8F-43EF-8720-AD970CBEA741}" = Medal of Honor™ MP Open Beta
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"Biet-O-Matic v2.12.6" = Biet-O-Matic v2.12.6
"Combat Arms" = Combat Arms
"dm Digi Foto" = dm Digi Foto
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"ESN Sonar-0.70.4" = ESN Sonar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"HP Remote Solution" = HP Remote Solution
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.12.1707" = Opera 12.12
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 47400" = Stronghold 3
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.6
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3902464133-3703953061-810384064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}" = Torchlight 2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2013 20:27:19 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9142
Error - 30.01.2013 20:27:19 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9142
Error - 31.01.2013 04:13:09 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.01.2013 04:13:09 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27959279
Error - 31.01.2013 04:13:09 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27959279
Error - 31.01.2013 04:46:39 | Computer Name = Bullshit | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: D3D10Warp.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b7af Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002b38f ID des fehlerhaften
Prozesses: 0x11c0 Startzeit der fehlerhaften Anwendung: 0x01cdf35ab2763143 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\D3D10Warp.dll Berichtskennung: b9c1e7af-6b82-11e2-8b92-40618648e226
Error - 31.01.2013 08:56:52 | Computer Name = Bullshit | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: jvm.dll, Version: 20.0.0.11,
Zeitstempel: 0x4da6f198 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005e6b2 ID des fehlerhaften
Prozesses: 0x138c Startzeit der fehlerhaften Anwendung: 0x01cdf35ecd2df655 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~2\Java\jre6\bin\client\jvm.dll Berichtskennung:
ae9389d6-6ba5-11e2-8b92-40618648e226
Error - 31.01.2013 18:55:58 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.01.2013 18:55:58 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
Error - 31.01.2013 18:55:58 | Computer Name = Bullshit | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
[ System Events ]
Error - 29.05.2013 12:58:48 | Computer Name = Bullshit | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 30.05.2013 15:33:00 | Computer Name = Bullshit | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 31.05.2013 00:34:43 | Computer Name = Bullshit | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 31.05.2013 00:34:43 | Computer Name = Bullshit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 31.05.2013 00:47:11 | Computer Name = Bullshit | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 31.05.2013 01:04:19 | Computer Name = Bullshit | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 31.05.2013 01:04:19 | Computer Name = Bullshit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 31.05.2013 01:11:45 | Computer Name = Bullshit | Source = DCOM | ID = 10010
Description =
Error - 31.05.2013 01:13:03 | Computer Name = Bullshit | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 31.05.2013 01:13:03 | Computer Name = Bullshit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
02.06.2013, 12:29
| #28 |
| /// Malware-holic | Schon wieder GVU Virus Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\SearchScopes\{7F746C26-ECA1-48CC-AEF7-695CF98CE83F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=ba90a4ec-4449-4a1b-8e03-b133226c7a84&apn_sauid=F31FF262-BB98-436C-87F4-E3755D770BB7
O3 - HKU\S-1-5-21-3902464133-3703953061-810384064-1000\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sentencer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sentencer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File
not found
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 21:34
| #29 |
| | Schon wieder GVU Virus oh je nun is mein mp3 converter weg, böser Markus oder war dies die Wurzel des Übels?? Wie viel isses jetz noch, ich hatte im Glauben, dass wir fertig sind schon letzte Woche meine Spende getätigt ?! All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3902464133-3703953061-810384064-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\ not found. Registry key HKEY_USERS\S-1-5-21-3902464133-3703953061-810384064-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F746C26-ECA1-48CC-AEF7-695CF98CE83F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F746C26-ECA1-48CC-AEF7-695CF98CE83F}\ not found. Registry value HKEY_USERS\S-1-5-21-3902464133-3703953061-810384064-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}\ not found. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully. File C:\Users\Sentencer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found. File C:\Users\Sentencer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Sentencer ->Temp folder emptied: 133456585 bytes ->Temporary Internet Files folder emptied: 11511726 bytes ->Java cache emptied: 860274 bytes ->FireFox cache emptied: 85124667 bytes ->Google Chrome cache emptied: 347593523 bytes ->Opera cache emptied: 6638261 bytes ->Flash cache emptied: 15859732 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 46820 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 413097 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 670 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 574,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06052013_222653 Files\Folders moved on Reboot... C:\Users\Sentencer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Sentencer\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
05.06.2013, 21:59
| #30 |
| /// Malware-holic | Schon wieder GVU Virus weg kann er eig nich sein, aber lad ihn zur not noch mal runter und instaliere ihn neu. schau dann mal obs geht, bzw welche Probleme es noch gibt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Schon wieder GVU Virus |
| abhilfe, direkt, entferne, erneut, gvu virus, kaspersky, konnte, monate, neues, neueste, pando media booster, rescue, rescue disk, schafft, trojan.agent.tpl, trojan.zbot.fv, virus, windows, windows 7 |
Linear-Darstellung
