Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Skype virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.05.2013, 19:51   #1
busa
 
Skype virus - Standard

Skype virus



Hallo meine freundi hat heute bei skype von einen bekannt ein link bekommen und ihm probiert zu öffnen jetzt kriegen alle eine fehler meldung vor angst das es immer so weiter geht hat sie skype vom rechner geworfen jetzt wollt ich wissen da es sich dabei ja um ein virus handelt is die sache damit gelöst oder wird wenn sie skype wieder rauf macht das problem wieder da sein,und falls das problem wieder das ist was kann ich dagegen tun? achso hab vergessen zu schreiben bei ihren antiviren programm kommt auch eine meldung von wegen, Worm:win32/dorkbot falls euch das weiter hilft

Geändert von busa (21.05.2013 um 19:58 Uhr)

Alt 21.05.2013, 21:38   #2
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus



Hi,

diese Kiste ist definitiv infiziert.
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________

__________________

Alt 21.05.2013, 23:44   #3
busa
 
Skype virus - Standard

Skype virus



hier nochmal die datein
__________________

Alt 21.05.2013, 23:47   #4
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus



Kannst du die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].
Danke.
__________________
cheers,
Leo

Alt 21.05.2013, 23:52   #5
busa
 
Skype virus - Standard

Skype virus



jetzt bin ich total verwirrt ich kenn mich mit computer nicht wirklich aus sorry.deswegen versteh ich jetzt gar nicht mehr


Alt 21.05.2013, 23:56   #6
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus



Ok, egal, dann lass das. Aber hänge die OTL.txt nochmals als zip-File und nicht als *.7z hier an.
__________________
--> Skype virus

Alt 21.05.2013, 23:57   #7
busa
 
Skype virus - Standard

Skype virus



Code:
ATTFilter
OTL logfile created on: 21.05.2013 23:33:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 65,37% Memory free
12,00 Gb Paging File | 10,28 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 23,22 Gb Free Space | 9,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,17 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M]
 
[2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de
[2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml
[2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012.01.14 02:31:49 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll뀀;㶉噯 佃䑎䥕ㅾ䐮䱌 File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PokerStars] C:\Users\user\Documents\PokerStars\PokerStars.scr File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [fcfccbdcadbsacfsfdsf] C:\ProgramData\fcfccbdcadbsacfsfdsf.exe ()
O4 - HKCU..\Run: [Integrated Driver] C:\Users\user\AppData\Roaming\Mozilla\winmgr.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PokerStars = C:\Users\user\Documents\PokerStars\PokerStars.scr
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: PokerStars - C:\Users\user\Documents\PokerStars\PokerStars.scr - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{03f6a33c-8c90-11e1-b9d2-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{03f6a33c-8c90-11e1-b9d2-0025227cbc5f}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012.08.13 19:56:20 | 000,183,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{2dc5649c-2828-11e2-ba09-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{2dc5649c-2828-11e2-ba09-0025227cbc5f}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{52b8a7d7-3f24-11e1-bac4-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{52b8a7d7-3f24-11e1-bac4-0025227cbc5f}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{52b8a7e3-3f24-11e1-bac4-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{52b8a7e3-3f24-11e1-bac4-0025227cbc5f}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{e05ef057-a4c5-11e1-ab79-0025227cbc5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e05ef057-a4c5-11e1-ab79-0025227cbc5f}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.16 02:52:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 02:52:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 02:52:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 02:52:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.16 02:52:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.16 02:52:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 02:52:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.16 02:52:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 02:52:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.16 02:52:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.16 02:52:38 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 02:52:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 02:52:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 02:52:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 02:52:35 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 12:00:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 12:00:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 12:00:17 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 12:00:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 12:00:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 12:00:15 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 12:00:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 23:26:11 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.14 21:39:04 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.14 21:39:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.14 21:39:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.14 21:39:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game
[2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe
[2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin
[2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.21 23:37:12 | 000,091,136 | ---- | M] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.21 23:32:16 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 23:32:16 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 23:26:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.21 23:24:30 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.21 23:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.21 23:24:09 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 22:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
[2013.05.21 22:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 22:23:31 | 000,071,680 | ---- | M] () -- C:\ProgramData\4619.exe
[2013.05.21 22:08:31 | 000,071,680 | ---- | M] () -- C:\ProgramData\8866.exe
[2013.05.21 21:53:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\CC0A.exe
[2013.05.21 21:38:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\FBE.exe
[2013.05.21 21:23:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\5373.exe
[2013.05.21 21:08:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\96AA.exe
[2013.05.21 20:53:30 | 000,071,680 | ---- | M] () -- C:\ProgramData\DA2F.exe
[2013.05.21 20:38:29 | 000,071,680 | ---- | M] () -- C:\ProgramData\1596.exe
[2013.05.21 20:33:27 | 000,071,680 | ---- | M] () -- C:\ProgramData\FA2A.exe
[2013.05.21 20:18:29 | 000,071,680 | ---- | M] () -- C:\ProgramData\3B8D.exe
[2013.05.21 20:10:02 | 000,071,680 | ---- | M] () -- C:\ProgramData\DF4B.exe
[2013.05.21 19:54:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\1CB6.exe
[2013.05.21 19:39:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\602C.exe
[2013.05.21 19:33:37 | 000,071,680 | ---- | M] () -- C:\ProgramData\F0FD.exe
[2013.05.21 19:18:37 | 000,071,680 | ---- | M] () -- C:\ProgramData\3359.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
[2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.14 23:26:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.14 23:26:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 23:26:12 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.14 21:38:57 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.14 21:38:55 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.14 21:38:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.14 21:38:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.14 21:38:54 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.05.14 21:38:54 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.21 22:23:30 | 000,071,680 | ---- | C] () -- C:\ProgramData\4619.exe
[2013.05.21 22:08:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\8866.exe
[2013.05.21 21:53:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\CC0A.exe
[2013.05.21 21:38:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\FBE.exe
[2013.05.21 21:23:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\5373.exe
[2013.05.21 21:08:28 | 000,071,680 | ---- | C] () -- C:\ProgramData\96AA.exe
[2013.05.21 20:53:28 | 000,071,680 | ---- | C] () -- C:\ProgramData\DA2F.exe
[2013.05.21 20:38:27 | 000,071,680 | ---- | C] () -- C:\ProgramData\1596.exe
[2013.05.21 20:33:25 | 000,071,680 | ---- | C] () -- C:\ProgramData\FA2A.exe
[2013.05.21 20:18:29 | 000,071,680 | ---- | C] () -- C:\ProgramData\3B8D.exe
[2013.05.21 20:09:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\DF4B.exe
[2013.05.21 19:54:55 | 000,071,680 | ---- | C] () -- C:\ProgramData\1CB6.exe
[2013.05.21 19:39:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\602C.exe
[2013.05.21 19:33:37 | 000,071,680 | ---- | C] () -- C:\ProgramData\F0FD.exe
[2013.05.21 19:18:36 | 000,071,680 | ---- | C] () -- C:\ProgramData\3359.exe
[2013.05.21 19:18:34 | 000,091,136 | ---- | C] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url
[2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini
[2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll
[2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini
[2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >
         

Alt 21.05.2013, 23:58   #8
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus



Prima, genau so meinte ich.
__________________
cheers,
Leo

Alt 21.05.2013, 23:59   #9
busa
 
Skype virus - Standard

Skype virus



Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 23:50:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                       fffff800033ac000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                       fffff800033ac02f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\Explorer.EXE[1732] C:\Windows\SYSTEM32\ntdll.dll!atan                                                                         0000000077959604 39 bytes [40, 53, 48, 83, EC, 30, 80, ...]
.text     C:\Windows\Explorer.EXE[1732] C:\Windows\SYSTEM32\ntdll.dll!atan + 40                                                                    000000007795962c 1 byte [F8]
.text     C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\1&1\IGDCTRL.EXE[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\1&1\IGDCTRL.EXE[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                  0000000072bb1a22 2 bytes [BB, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                  0000000072bb1ad0 2 bytes [BB, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                  0000000072bb1b08 2 bytes [BB, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                  0000000072bb1bba 2 bytes [BB, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                  0000000072bb1bda 2 bytes [BB, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076221465 2 bytes [22, 76]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076221465 2 bytes [22, 76]
.text     C:\Users\user\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076221465 2 bytes [22, 76]
.text     C:\Users\user\AppData\Local\Akamai\netsession_win.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Winamp\winampa.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\Winamp\winampa.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076221465 2 bytes [22, 76]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2
.text     C:\Users\user\Downloads\gmer_2.1.19163.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000076221465 2 bytes [22, 76]
.text     C:\Users\user\Downloads\gmer_2.1.19163.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000762214bb 2 bytes [22, 76]
.text     ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Explorer.EXE [1732:3412]                                                                                                      00000000056548b0
Thread    C:\Windows\Explorer.EXE [1732:3416]                                                                                                      00000000056557a0
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:4900]                                                                           000007fefbce2a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4620:4908]                                                                           000007fee34ed618

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
OTL Extras logfile created on: 21.05.2013 23:33:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 65,37% Memory free
12,00 Gb Paging File | 10,28 Gb Available in Paging File | 85,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 23,22 Gb Free Space | 9,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,17 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4319:TCP" = 4319:TCP:*:Enabled:Remote Assistance Local
"5812:TCP" = 5812:TCP:*:Enabled:Remote Assistance Remote
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Combat Arms EU\CombatArms.exe" = D:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Combat Arms EU\Engine.exe" = D:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Combat Arms EU\CombatArms.exe" = D:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Combat Arms EU\Engine.exe" = D:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024490DC-DC56-4DAA-B9B2-80B58BDE029D}" = lport=58530 | protocol=6 | dir=in | name=pando media booster | 
"{037E821B-841F-4C69-BCA0-A344E27572A5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0425BCDF-08A4-4C21-93E6-41815451C7AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{071DABEE-402B-4869-AC3F-DECF8D04B1E5}" = lport=58530 | protocol=17 | dir=in | name=pando media booster | 
"{2AED87C9-9501-41A9-9040-F5FD8F0C5C83}" = lport=58530 | protocol=6 | dir=in | name=pando media booster | 
"{3151696E-65EE-4812-B02B-A94F64D58C68}" = lport=58445 | protocol=17 | dir=in | name=pando media booster | 
"{348CEBFA-508A-4C67-AF5D-676816B5D1B2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{37CBFEF5-19DF-4EA0-A1BC-86BFE13C3C31}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe | 
"{4C98CBB7-C520-46D8-A420-EF2F9D87F4CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E461E35-1595-4996-B831-ACE266F73D0E}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\tools\launcher.exe | 
"{570D004B-D1B4-4409-8D25-6003847CB302}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{580D1AC6-E965-4910-A65B-4982102AE3B0}" = lport=49235 | protocol=6 | dir=in | name=akamai netsession interface | 
"{587D5537-350C-4E39-AC82-3A9F3EA6EF02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{5C5B287C-DE35-41D8-8FCC-27AAEE4C6D20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E54C900-9577-4D5F-9EFD-7D7B3AE8911F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{656C6A7D-3BD3-410E-80DF-90472221CDF4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{732BA7A7-49A0-4D42-BBBB-4D5C53ADAF5F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7AB9F357-13A4-4A23-BD35-D62834F1CE08}" = lport=56544 | protocol=17 | dir=in | name=pando media booster | 
"{7FAE09BE-6193-4E45-9996-578C220AD82E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{859E2FD3-54DA-451A-ACCE-B548B1159B84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{863A9064-953F-40B5-A55A-967BB4557B97}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{86F5F435-049A-429A-8B08-F63773F09C3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87F0099B-0E30-4A38-B4FA-60FA768203BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E440427-780D-49C7-9735-CCDD81EB665A}" = lport=58445 | protocol=6 | dir=in | name=pando media booster | 
"{93E41EC4-B597-4CDD-B09D-0546691FE6AE}" = lport=58530 | protocol=17 | dir=in | name=pando media booster | 
"{94671735-2C2A-4C90-A385-FA3D489DA303}" = lport=56544 | protocol=6 | dir=in | name=pando media booster | 
"{9AA20F22-95B1-4F4D-97B9-CFE3B6BBEDAC}" = lport=56544 | protocol=17 | dir=in | name=pando media booster | 
"{9ADDFA46-8DEB-4357-AB3E-B0AF374FF119}" = lport=58445 | protocol=6 | dir=in | name=pando media booster | 
"{A2CA7A8B-7219-4BA4-A550-4B52D02B8309}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A70EF457-65FA-4CBE-AA6F-2B6F5F9D52A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7994482-27B9-4BE9-B2E3-A534C286D8C0}" = lport=56544 | protocol=6 | dir=in | name=pando media booster | 
"{BB13B974-4855-4FB4-9E75-61305C9D79E1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BC191E7A-6542-4BD9-83B6-AA3057A7553F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CC275F8B-D1F1-40DE-AB21-D581D6CA2A04}" = rport=80 | protocol=6 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.exe | 
"{D4C5291D-4141-4F7A-8619-C28261A33EEE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D86D62B1-442E-4C35-BEBB-3DED209CF0DE}" = lport=58445 | protocol=17 | dir=in | name=pando media booster | 
"{EB3985A1-CDE0-4A07-932C-3951CC3D2119}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ED9F17F5-6E0C-4655-A10B-163D16853A1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FDFD3546-B47B-41E6-B837-CCC79775E202}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012B7A71-012F-47E9-9C7E-68A060FEFA53}" = protocol=17 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin | 
"{028D80BB-B70D-4B61-8518-0555B3F127F9}" = protocol=6 | dir=out | app=system | 
"{051963BC-DAF5-4C8A-A6F9-170E2FCD3C9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{095071B6-903E-4B57-AB82-90D566E374F8}" = protocol=17 | dir=in | app=d:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | 
"{0AAE1B9A-05AB-4495-9A64-EFE2BF0328F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0B10F62F-B56A-4A6B-8A76-AFE03380673F}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe | 
"{0BCFC4E4-06A3-4062-9E46-FD73AD8ADA57}" = dir=in | app=levelr.bin | 
"{0D1E8651-1AE2-4C3C-85DC-F7E5604AE609}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{0FAA446D-7339-466A-AF08-5B277047E588}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"{10E9D0BA-7C1D-4614-BC5D-1F827CF01C0E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{11F15D93-D443-4B1B-8EA8-15370144B46F}" = protocol=17 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe | 
"{12A4AD2E-F22E-46C8-B5BD-59E6AC4B0E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{12B6B00E-8526-4380-A5D7-CE1AFD048CF4}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{13331879-4F9D-49D5-A7B4-9EF98278EDA3}" = protocol=17 | dir=in | app=c:\users\user\downloads\utorrent.exe | 
"{13CB2A47-C42C-42C9-80D1-621095A1956D}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | 
"{13EB0206-DE55-4BD4-AFDA-C1355B5CC050}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{148AF18F-53C2-4BF3-B2D0-3A5B866E52E9}" = protocol=6 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe | 
"{14C21B87-F7A5-43B0-ABCB-11ED911E7341}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"{154396AE-1CF5-41CE-9657-633E7A3228B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{156E318E-F3EE-46CB-A5FE-B3CB3EB3938C}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{1570FF38-576E-4298-B1C3-5F724D3EF0E8}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstar.exe | 
"{163EDD2D-B74F-4FB5-AA60-5559AF2C039C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe | 
"{17F1B9A8-021E-48CE-9237-C1062402D564}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"{1917BC30-6A20-4253-B901-4A8F451569AB}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"{1A86B1B4-A6EF-417D-A3B4-8B4C59254750}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{229E7E9D-E06F-42F2-B7AF-433361D6B691}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe | 
"{22B39F94-4F7C-4055-A86D-5DF4732749E9}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{23222283-2D56-42CB-9BD9-CFE30657381F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{23EB719F-E63B-493F-B1A3-825CF7C08CFB}" = dir=out | app=c:\windows\syswow64\svchost.exe | 
"{263881B7-BBD1-4E8C-B046-7E79AFEFA72C}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{2650B705-5EE7-4E2C-B8C5-D03047084A7C}" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe | 
"{29A2FA4A-3246-4925-A55D-52B110012ED7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DC870EC-6FFD-41A5-908F-703B8341F9A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2F872DD0-901A-4D97-919B-D040AF6BC0CD}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{32484BBB-1F69-42C6-A48F-EFA8911BEE89}" = protocol=17 | dir=in | app=d:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{33033F9C-4051-4F75-A103-15D17648B200}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{34346DB5-BF1C-438E-9A5A-184E597D962C}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | 
"{347CD297-8E59-44E3-90B3-4C4CDC45B47C}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 
"{34D4DC71-8C37-4768-A217-3CD7B792E2AC}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\warframe\warframe.exe | 
"{366E29A6-EA9C-4021-81B3-26092F7C5A06}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{3693DC16-D881-4511-BE58-8B42D2BE48ED}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{3806D649-5D12-411A-8503-B7BB984C6B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{3A9760F1-3A8B-4208-B292-72F8B54072A2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{3C010C19-9C6C-4745-B17E-414D57A7B365}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstarpatcherloader.exe | 
"{3EF1A9E3-9388-4523-8179-19A7CB570BF4}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{421EF5DC-F68F-4DED-8690-AE6D58ADFAC7}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe | 
"{4263C3DD-0C33-4475-8096-DF35FD9622A1}" = protocol=6 | dir=in | app=c:\users\user\downloads\utorrent.exe | 
"{455CA5E4-6DF0-432E-A4CA-2880E1E59888}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\girafficwatchdog.exe | 
"{4611D45A-359F-4C2E-BD14-77D8E11B6AA9}" = protocol=17 | dir=in | app=d:\gamigo\golfstar\golfstarpatcher.exe | 
"{46CE64F1-9C1D-4AD5-9139-0D00711AC2E1}" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe | 
"{46F2598F-061B-4B3C-B5CE-DF0675FAC5BC}" = protocol=17 | dir=in | app=d:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{4898D1E4-F96A-4648-963C-CAE10FD1393F}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{49495210-AD27-4FC5-84E9-1E43ADCC79E4}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat | 
"{4E17F503-322D-4A6D-A24B-1A7E566AD22B}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{4E324369-F0D3-4FBF-8482-20A484C8C05C}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"{50E226DC-0EC4-4C7A-A858-8D403285BD64}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{52A7E715-30EE-41DE-B4FA-B882C844AFE3}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe | 
"{52B94BCB-9E37-4C83-9F59-C6DD167002BB}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe | 
"{5497FD1F-8C93-4E94-9949-C9D861943D1A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{54F311AB-BCFC-415B-9C3F-DC29302C523F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{54FA24A9-79B3-4E01-B671-552EF8551914}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe | 
"{5526A378-B2DD-4368-A9CE-3AEE4937BA66}" = dir=in | app=c:\windows\syswow64\svchost.exe | 
"{56B4D626-CEDD-4925-BB79-D047B3D88B66}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstar.exe | 
"{574682E0-AB62-45E6-80D7-579DF91AD41B}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | 
"{577745A5-0573-4324-89ED-0899D7A43C44}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{5AD5FF7C-E3AE-4FDE-9D77-575BC4C1E55A}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"{5C6D1E0F-BBBC-4FA8-ABCD-7993E684EEED}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5D2B7928-A3C6-4648-A326-38FF02F9A197}" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe | 
"{5D96F1DA-129B-45D3-8BD9-4415291316A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5DC8484F-D1B8-4CED-8201-EBF8B22AE4FA}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe | 
"{5E89604E-27B8-46F2-A080-3FEF265484F5}" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
"{5EE1B7F0-E910-479A-B3F7-876D3ADD8AB5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{6098F3CD-F958-46AE-9091-3FC8A2992BE1}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{624DC7BA-72DD-4751-878E-8A345193B536}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{63AEDED1-51C8-4023-9AEA-07CCDA025996}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{6474899D-1595-4C1A-A43D-5E8AE8EB6E05}" = protocol=6 | dir=in | app=d:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | 
"{655A1AF1-8E79-454B-A09B-753FBDE07683}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe | 
"{6681EA39-D829-4A82-907B-8F1709CF1ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{66F18244-C809-42CA-82FB-13D45ABC49CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{68129668-8EB5-441C-AF58-18BC960DDDC4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{696470EB-7493-4F9A-A3CB-A1931EFB4C45}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\curseclient.exe | 
"{6965C9EF-68A5-462B-8E4D-DD5119D20C76}" = protocol=6 | dir=in | app=d:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{69A40B8A-3D62-4C64-B309-20CB1125C888}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{6B9BCC58-7507-4886-AA0E-B368758865D9}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | 
"{6BC2878D-F010-4D57-A0B3-EBDF312A5049}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6C04D010-DF07-4D74-86AC-874AE11CE07C}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{6D65B78E-3094-4DFC-AAC8-EEF0423D0394}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{6DC7AF4D-B35C-4C59-84CF-F7ED22367FF5}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{6FFB2AE0-0DC2-4D66-9995-7E7985FAED99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{712D619C-83A3-4F9B-BA9D-409786B1B311}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{714464B2-C76F-49D5-8E6E-FE1D45C96A6F}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{728B55B8-1D74-472D-BC4C-154BAFD2D3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{7316061E-06FA-467F-9C2D-E3A9F33B97A8}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"{73852FBB-F9C4-4C2B-990F-2D78A400EBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"{7454DD7E-4306-4E64-96C2-767200BF4159}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"{75902E15-779B-4522-8F5B-6C081161B4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{763A6A5B-1DBC-49AB-8249-528D9B4EC352}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{78D9D35C-C145-42B6-B2C2-47AF2A9A6D61}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{78F025A2-4291-4DD4-B04D-00CF36E2D0DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{795967E2-B607-4EC5-A6D0-76C17585FBDA}" = protocol=6 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"{7EF4FA6E-7022-4B33-8745-A3907A0F4EB7}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe | 
"{7F7598E8-9334-4BCB-AE97-D4294B9B6969}" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe | 
"{8061D75E-6B57-4DC2-961F-629A49A11EE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{81BC1E5F-F3B6-473E-B33C-EEE458752235}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{844DA98A-489D-4B5A-B8CF-78E1414594AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{87A0929E-02F9-40B0-95CB-924F4CCD18B7}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{8D0A2C76-0448-4CB0-8F7B-10CD3BC05410}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat | 
"{8D77A37B-858D-4EA3-B6F0-38C8E5F7BDF8}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{8EFEEA82-0CA8-43A8-AA23-18AB9D1C1192}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe | 
"{900CEA9E-76C7-4402-A526-6C425D836017}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | 
"{90B1D026-CC40-4AAF-B88B-270BCDD851EA}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | 
"{92D82719-7C2C-4233-B8A1-C6CCC56FBCB0}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe | 
"{95775531-06AB-414C-B89F-CFE0ECC02B1E}" = protocol=6 | dir=in | app=c:\brawlbustersdownloader\bbdownloader.exe | 
"{991FF523-1B8B-4A2E-956C-EF2240982A22}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe | 
"{9B2EDDA2-060D-4A72-A111-B5D50CF11BC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9B6FB34B-1C7C-4E62-AAAF-62A2D7EEDFBA}" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
"{9DA6CC4C-CF2C-4934-BB78-2C9879CA0892}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe | 
"{9FB6223F-8956-41D2-A38D-8DBAE50316CB}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{9FE461AA-8B90-486E-A065-73F69D9450FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A16AF5C1-0CBB-4DE1-8AE2-D5ABDF22B211}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe | 
"{A1AF426E-33E4-4A91-8B88-69A3BA10C420}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A28E333B-428E-41A6-987E-3438F0B4FD30}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe | 
"{A367B2DC-390E-4E4C-9AC2-9F8970DC2561}" = protocol=17 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"{A397F26B-4461-4477-A7E5-E2BEFC36771D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A747B66B-19A1-4293-96CB-5F850EB62B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{AA5B5D69-D0CD-4873-9FD6-587CB34050E8}" = protocol=17 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.x64.exe | 
"{AB480A07-7C04-482F-B476-98DBAE704D66}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe | 
"{ACC455B0-97FA-4F1F-B8BB-5F4FF30797C8}" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe | 
"{ADA3743D-58BD-48BE-A2F4-BE48B90F4F74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B03DD69D-FF59-437D-ACBA-1BD0AEDB8363}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe | 
"{B3CBF20F-4D82-4F4D-9822-5B67C53AA62B}" = protocol=17 | dir=in | app=c:\brawlbustersdownloader\bbdownloader.exe | 
"{B42B8C4E-8C6C-407C-A9EE-7E0085C73D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{B4AECC43-7259-44CC-B188-9BB18D16B056}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{B68118BC-D191-4AB0-8B58-2AB92EAD9BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\girafficwatchdog.exe | 
"{BBD60DC7-9F57-408F-B65A-31BF5CE3E3DC}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{BCD53722-45F2-4046-BF82-CA73D66A0C9F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BE832C31-F3E4-45BD-92DF-0A4DEA441535}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"{C34C8BA8-011B-4DD5-849A-52E226DBDCB1}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstarpatcherloader.exe | 
"{C3AFD985-0828-4205-954B-0AF111B66188}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C5252961-6AAF-419D-9DA7-F393FA16CF92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6D9F675-36A0-44B9-A4DE-69C7861B6AD2}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe | 
"{C7F89184-3610-432B-AA82-41175C0CE36F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C822F2F7-81E1-4F39-BCFE-0B62B44CF127}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"{C89C3188-3AF1-4BF6-82F3-97850D1F5BB0}" = protocol=6 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin | 
"{CA2BDF41-7629-4EE3-BA96-10B512EE7F3A}" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe | 
"{CAEA4AD1-0962-48EC-8B1A-2EC8793EF9A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC5224FD-C7FE-49C6-8445-7CCCD6D76120}" = protocol=17 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe | 
"{CDACA8DE-FF06-444A-89A6-D25BC10B77F5}" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe | 
"{CDE946DF-A63D-41CB-B7D7-294BB944D5B6}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{D121A5E4-72AE-4E43-8016-9BBD8946231E}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"{D531E277-6C1B-4E0C-8228-84E01DF09D02}" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe | 
"{D6893CD3-B70F-46BB-BE95-6C1A75071408}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{D72B96FB-D2B5-422B-8CA9-80DD6E85644B}" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe | 
"{D85E8ED7-8266-4D76-94B0-FB8D552363AD}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe | 
"{D8EF3E74-CE18-40C6-8297-2C0FCB30D961}" = protocol=17 | dir=out | app=d:\skyrim\steamapps\common\warframe\warframe.exe | 
"{D93FEF3D-3E59-49B6-B3F1-7985B31DB0BC}" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe | 
"{DA76710D-206B-4239-851B-5D6624D8860B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCB8A490-E508-474C-9CB6-1D1233DE8933}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DEEB17BF-2507-48B1-A131-A5AE606E02D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{E0F718B0-1C5F-4E47-A60C-CAE002C1CE22}" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin | 
"{E21F5D54-232D-4452-82FC-CB604639538D}" = protocol=6 | dir=in | app=d:\gamigo\golfstar\golfstarpatcher.exe | 
"{E2D427F3-24DA-4C68-9DB7-EF828998C1F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4D3DEBF-7D29-4BB8-8D94-CCEC7A9705BB}" = protocol=6 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe | 
"{E536A6C2-C11C-4865-80C0-DA9D6F74AEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{E691AD3B-652C-47F8-AEBF-8C4DE114582D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E71B68D9-8B93-4C50-AE7C-B59582B0ECFD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{E8FEBCC3-32C7-4C90-898D-0A9661DC9B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"{E9F65E66-7514-4960-8E45-F65AA737A740}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{EA8D9709-477A-4D54-82CF-2564231A1463}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe | 
"{EB629D38-F128-4BEC-A503-79866F78E6C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"{ED72AA1B-CE5F-4EDB-9B9E-CB1F4E49EEE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EDA1A2E0-8542-4512-9D9E-7062FF85D242}" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin | 
"{EE613A8F-1134-4B92-998B-56CC795588EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{F2A897C2-5952-40A8-90AE-9A1E9E838048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{F3F01057-4547-46C9-93B8-56DD8817399A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{F64FC1B4-E297-4450-8CC9-AD20E9CEC7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe | 
"{F724F2BC-ACFA-41D2-AD23-69803A7FB335}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"{F8B7722B-15D2-45DE-9A59-0952E00BA3F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F9F0144B-2CE1-4BCF-A10A-B8A294E494E8}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 
"{FA78AC4A-7379-4CC9-9ABA-5A9DE541105F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{FD8746F4-8E28-404E-A799-1F3BA92CCD5E}" = protocol=6 | dir=in | app=d:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{FECA4F58-8861-44A8-8B3B-AAD0B67FE27E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FFC4295B-4E30-447A-A83D-A23F19D606E3}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"TCP Query User{0744FDA1-78FD-4E6B-ACA9-F9AD485990CA}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"TCP Query User{07F422C5-816D-497C-B08C-26BD9FFAA6E2}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"TCP Query User{0AAF023D-8E9D-4060-A921-42DF881A3D9F}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{126EE4AA-570A-4AA6-BB9F-5F982F83A3F6}D:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe | 
"TCP Query User{16E97906-9C69-4472-9B26-A61DBEB749CA}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{2348C923-9803-4235-A55C-BDC503AAC28A}C:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe | 
"TCP Query User{24654ECD-2119-4FD7-96EB-337D9436FC09}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"TCP Query User{2BAC8F82-183D-4AB1-A1C0-A3A9D6CFEB9E}C:\users\user\desktop\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin | 
"TCP Query User{362CCED2-8337-41E9-B5FF-CAD5AF0F3CAF}D:\di\deadislandgame.exe" = protocol=6 | dir=in | app=d:\di\deadislandgame.exe | 
"TCP Query User{3F9CC23A-89BD-4EFE-AF7C-564E902EB021}C:\program files (x86)\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"TCP Query User{5126378B-CF52-4176-ADF2-F51E4DCA160E}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"TCP Query User{5A04FB88-ED3A-40B1-8E31-33D5658EF4C6}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe | 
"TCP Query User{5D3A2685-B936-4DD0-9CC2-0A80E3B80DC7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{5F93DA30-8C47-4F62-9D64-5A3F64EA0AEB}D:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe | 
"TCP Query User{61BFCCE9-BB99-48D3-9645-972C759298CC}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{68A8E39C-375F-4335-B901-D7ED56E52844}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe | 
"TCP Query User{6B0AEFFD-23E8-4A4D-8134-B3177CDB0483}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe | 
"TCP Query User{72FDE2DB-ED92-4C33-92AC-FA08D67039B6}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat | 
"TCP Query User{76BEC1A8-2C78-46F2-856C-4D8262D103A8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{7DAF71EF-F927-45EA-850F-24C2352B7BDA}D:\skyrim\steamapps\common\dota 2 beta\dota.exe" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\dota 2 beta\dota.exe | 
"TCP Query User{7EA77A10-07A8-44DE-8017-464EA62E0902}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"TCP Query User{896AA2FB-8ED8-42F0-9263-EE70E76D6B78}C:\program files\gamigo\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin | 
"TCP Query User{91BB64BC-A19F-40C5-BAAE-F84B125259FA}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe | 
"TCP Query User{9202B557-B0A3-4088-8F15-006D9714B2A2}C:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe | 
"TCP Query User{9BF4FC09-4D5D-4D23-92D5-D332EDB34FE3}C:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"TCP Query User{9C7EC8D4-7ECC-4CD2-87F7-AEEA2BE9C90D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A0604FDF-04D0-4A4A-884A-885384DA656F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{B0BE1425-2696-41FB-9EEC-7491E09BCBA4}D:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=d:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe | 
"TCP Query User{B29974A4-E982-4E46-9A89-5680C2287AF4}D:\candisoft_load!_0.7.2\load.exe" = protocol=6 | dir=in | app=d:\candisoft_load!_0.7.2\load.exe | 
"TCP Query User{B983E990-42A1-478A-BF2A-33BBC7957832}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"TCP Query User{C388C7E5-6A7E-4456-BF61-0894A3AEE575}D:\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe | 
"TCP Query User{D1569EB9-26B5-4FD3-8F9B-4DD268E203C9}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{DC655847-5026-485D-BD73-314DC3D4B884}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{E3B1472A-06AF-4105-A3E5-E9CA098E810B}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
"TCP Query User{E49C3ADC-78D7-460C-89C7-64BB3BC6ABB8}C:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"TCP Query User{EC5A3825-8EFD-4B75-A245-D57D4022181A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{F8614C83-5762-40DE-B887-07779E78E4B5}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{F949D56E-8937-4CEE-9927-A183F3AEFE5F}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{FFB2BDCD-1BCE-413E-9F21-1C48D27111E1}C:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe | 
"UDP Query User{00B16FA7-DDB3-42B8-8091-EF35DA431D34}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{01183963-785D-47B7-BEFB-EC6DC2C191E6}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"UDP Query User{09BC906C-B8CD-4DC0-86D8-91CFF850EEE9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{0DE095A4-9FE6-4D36-9396-50549E0D0653}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{14CB14F2-850C-4B86-8C1E-302D76616715}D:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe | 
"UDP Query User{1C255329-EFFD-4086-98D4-20BE449916B9}D:\skyrim\steamapps\common\dota 2 beta\dota.exe" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\dota 2 beta\dota.exe | 
"UDP Query User{1C6C4398-EE6E-4219-8313-C77ACDE41562}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{2E5DAA7D-F92B-45BA-8CAC-22701BCFB101}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"UDP Query User{329A8240-8078-4948-81FA-5435329060BF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{347182ED-575F-4728-A9DE-6FC8C739D65E}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
"UDP Query User{3EE38F09-CD9D-4FD9-95D2-8B5BB9B612AC}D:\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe | 
"UDP Query User{4159C364-69E7-45BA-8CC6-C887315DAF8A}C:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\omh5z9b6.1jk\8moj7d39.gp0\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"UDP Query User{57D8B9C9-C7C9-482F-90C3-82F36A047AEB}D:\di\deadislandgame.exe" = protocol=17 | dir=in | app=d:\di\deadislandgame.exe | 
"UDP Query User{68E16083-4360-4606-9D96-4C39715FA10E}C:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kirito8586\team fortress 2\hl2.exe | 
"UDP Query User{692670F3-4ECA-4565-BC3A-8AB956B0757C}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"UDP Query User{7266CB73-9877-4FD8-9E25-7A5F9AB67F89}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe | 
"UDP Query User{7CD37311-245B-482C-967A-58B323264275}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"UDP Query User{7EA73ECD-D5FE-4726-80E5-03A1C9A480C6}D:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\counter-strike global offensive\csgo.exe | 
"UDP Query User{852778E8-699D-4A0B-ACC8-56C3F22C85E0}C:\program files\gamigo\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin | 
"UDP Query User{864C9DA6-E62E-47B3-8C8A-552873C91301}C:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\codemasters\f1 2011\f1_2011.exe | 
"UDP Query User{87B5D65D-510C-4A47-A689-6F89A581858A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{8D6EC5DB-3FA9-4D93-9F84-EC8F9A932BF7}C:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\formel1\codemasters\f1 2011\f1_2011.exe | 
"UDP Query User{9266EC45-D9C5-44DE-A8F4-A362025D91B4}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mp.dat | 
"UDP Query User{9A58D0B8-B365-445B-BCA3-DF29A9E26377}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{AA435997-6D53-4706-A930-1EAE08F2F470}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"UDP Query User{B66F766F-FC1F-4AEC-B8EA-CAD0223DB762}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mp.exe | 
"UDP Query User{BB33F0FA-DFFB-40CA-AB40-E3734EDFD87B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{C68E281D-27C1-410B-AE74-053BD5501A4A}D:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=d:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe | 
"UDP Query User{C7D49D84-B3DB-46CE-B7E5-550EA9D12DB9}C:\users\user\desktop\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\users\user\desktop\levelr\levelr.bin | 
"UDP Query User{D8F23CE9-E720-49A7-AB88-C74B737446E7}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\iw4mpold.exe | 
"UDP Query User{DAD3404A-8176-4479-AA8C-5EED061B0BA1}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{DB8D3AB0-D6EF-4261-B027-313DBC634C63}C:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\modernwarfare\call of duty modern warfare 2\bootstrap\iw4mpold.exe | 
"UDP Query User{E53BAFD3-0F24-4725-97F3-3B9506F15E9A}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{E6E32BC1-AC7C-4E27-9FFE-D938ABFB4909}C:\program files (x86)\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\reactor.exe | 
"UDP Query User{EC49F6C2-9037-46F6-8899-4B9C362E72DF}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{EFCF4504-997D-47FC-B2A2-08A4AFB76364}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{F51B46CF-E08D-458B-9543-D6EEFF293389}C:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\counter.strike.source.2010.orange.box.nosteam.[setti]\counter.strike.source.2010.orange.box.nosteam.[setti]\counter strike source 2010\hl2.exe | 
"UDP Query User{F9A8D3E2-C35C-42B2-BAE1-6A1C4BE9B18F}D:\candisoft_load!_0.7.2\load.exe" = protocol=17 | dir=in | app=d:\candisoft_load!_0.7.2\load.exe | 
"UDP Query User{FBA6195B-F039-42BF-9F6C-078230ADA4B2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"C-Media CM106 Like Sound Driver" = Trust 5.1 Gaming Headset
"HoneyView3" = HoneyView3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E892FBB-0060-44C9-9E8C-017855956193}" = DBO_CT_TW
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{A3EBC021-4FBA-40DB-BC59-9C5ECEF3514E}_is1" = PESJP Patch 2013 version 3.0.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = Movie2KDownloader
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"aTube Catcher" = aTube Catcher
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlackShot" = BlackShot
"Borderlands 2_is1" = Borderlands 2
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DMO" = GDMO
"facemoods" = Facemoods Toolbar
"Generic USB 108 Sound" = TEAC
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"Giraffic" = Veoh Giraffic Video Accelerator
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Pangya" = Pangya (Ntreev SG Interactive)
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PlayCatan Client" = PlayCatan Zugangssoftware
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12900" = Audiosurf
"Steam App 230410" = Warframe
"Steam App 234710" = Poker Night 2
"Steam App 24240" = PAYDAY: The Heist
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"Steam App 91310" = Dead Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"SOE-C:/Users/user/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-D:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.05.2013 05:41:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.05.2013 06:38:09 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.05.2013 13:40:31 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.05.2013 14:19:08 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.05.2013 14:39:19 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.05.2013 16:13:54 | Computer Name = user-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 21.05.2013 16:13:55 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PESEDIT.exe, Version: 2.1.0.0, Zeitstempel:
 0x51706042  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x2e8  Startzeit der fehlerhaften Anwendung: 0x01ce565fb4367964  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEDIT.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: f631dafc-c252-11e2-8386-0025227cbc5f
 
Error - 21.05.2013 16:30:59 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.05.2013 17:06:54 | Computer Name = user-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.05.2013 17:26:04 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.05.2013 05:40:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 21.05.2013 05:40:26 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHlpa64
 
Error - 21.05.2013 13:38:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 21.05.2013 13:39:24 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHlpa64
 
Error - 21.05.2013 14:17:32 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 21.05.2013 14:17:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHlpa64
 
Error - 21.05.2013 14:37:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 21.05.2013 14:38:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHlpa64
 
Error - 21.05.2013 17:24:28 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler
 beendet:   %%126
 
Error - 21.05.2013 17:24:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHlpa64
 
 
< End of report >
         

Alt 22.05.2013, 00:03   #10
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus



Ja da läuft doch einiges an Malware...
Hier sind die nächsten Schritte für dich:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 22.05.2013, 00:20   #11
busa
 
Skype virus - Standard

Skype virus



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 22/05/2013 um 01:10:23 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA15A143-FB6D-44E1-93BD-B0EAAB84C725}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA8D8EED-ECE0-41B6-ACF5-4E57E9E95F24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6D80289-F2FA-4DCA-997C-F2BC885330E6}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AA15A143-FB6D-44E1-93BD-B0EAAB84C725}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA8D8EED-ECE0-41B6-ACF5-4E57E9E95F24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F6D80289-F2FA-4DCA-997C-F2BC885330E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE3E4F76-730F-4A7A-B79A-1A51F7096121}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC9054C1-3CB4-445F-8623-C16134852DD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

-\\ Google Chrome v [Version kann nicht ermittelt werden]

-\\ Chromium v      directory_upgrade: true
   }

-\\ Opera v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[S1].txt - [15070 octets] - [22/05/2013 01:10:23]

########## EOF - C:\AdwCleaner[S1].txt - [15131 octets] ##########
         
--- --- ---


Code:
ATTFilter
ComboFix 13-05-21.01 - user 22.05.2013   1:26.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6143.4795 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\programdata\1596.exe
c:\programdata\1CB6.exe
c:\programdata\3359.exe
c:\programdata\3B8D.exe
c:\programdata\4619.exe
c:\programdata\5373.exe
c:\programdata\602C.exe
c:\programdata\8866.exe
c:\programdata\96AA.exe
c:\programdata\CC0A.exe
c:\programdata\DA2F.exe
c:\programdata\DF4B.exe
c:\programdata\F0FD.exe
c:\programdata\FA2A.exe
c:\programdata\FBE.exe
c:\programdata\fcfccbdcadbsacfsfdsf.exe
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmp79C2.tmp
c:\windows\SysWow64\tmp79C3.tmp
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-21 bis 2013-05-21  ))))))))))))))))))))))))))))))
.
.
2013-05-21 23:07 . 2013-05-21 23:29	76232	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\offreg.dll
2013-05-21 21:54 . 2013-05-21 21:54	--------	d-----w-	c:\program files (x86)\7-Zip
2013-05-21 17:54 . 2013-05-21 17:50	964552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B362F80F-DE1A-4E5D-99AB-FF56CB8042ED}\gapaengine.dll
2013-05-21 17:51 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\mpengine.dll
2013-05-21 17:18 . 2013-05-21 23:38	91136	----a-w-	c:\programdata\fcfccbdcadbsacfsfdsf.exe
2013-05-20 11:05 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 10:00 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 21:26 . 2013-05-14 21:26	17613192	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 19:39 . 2013-05-14 19:39	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-14 19:39 . 2013-05-14 19:38	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 15:19 . 2013-05-08 15:19	--------	d-----w-	c:\program files (x86)\World of Warcraft
2013-05-08 15:19 . 2013-05-08 15:19	--------	d-----w-	c:\program files (x86)\Rift Game
2013-05-07 17:20 . 2013-05-11 20:21	--------	d-----w-	c:\programdata\EA Logs
2013-05-07 17:17 . 2013-05-08 15:55	--------	d-----w-	c:\users\user\AppData\Local\Warframe
2013-05-07 14:57 . 2013-05-07 14:57	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2013-05-07 12:38 . 2013-05-08 16:44	--------	d-----w-	c:\users\user\AppData\Roaming\Origin
2013-05-07 12:38 . 2013-05-07 12:38	--------	d-----w-	c:\program files (x86)\Origin Games
2013-05-07 12:38 . 2013-05-07 12:47	--------	d-----w-	c:\users\user\AppData\Local\Origin
2013-05-07 12:37 . 2013-05-07 12:47	--------	d-----w-	c:\programdata\Origin
2013-05-07 12:37 . 2013-05-07 12:38	--------	d-----w-	c:\program files (x86)\Origin
2013-04-24 12:45 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 12:24 . 2013-04-23 12:24	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 00:57 . 2011-04-04 14:15	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-14 21:26 . 2012-05-03 00:57	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 21:26 . 2012-05-03 00:57	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 19:38 . 2012-04-04 01:41	866720	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-05-14 19:38 . 2011-04-04 13:56	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-24 12:49 . 2013-03-12 16:45	905296	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-15 10:00	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:00	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:00	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:00	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-29 03:41 . 2013-03-29 03:41	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 03:41 . 2013-03-29 03:41	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 03:41 . 2013-03-29 03:41	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 03:41 . 2013-03-29 03:41	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 03:41 . 2013-03-29 03:41	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 03:41 . 2013-03-29 03:41	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 03:41 . 2013-03-29 03:41	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 03:41 . 2013-03-29 03:41	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 03:41 . 2013-03-29 03:41	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 03:41 . 2013-03-29 03:41	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 03:41 . 2013-03-29 03:41	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 03:41 . 2013-03-29 03:41	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 03:41 . 2013-03-29 03:41	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 03:41 . 2013-03-29 03:41	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-29 03:41 . 2013-03-29 03:41	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 03:41 . 2013-03-29 03:41	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 03:41 . 2013-03-29 03:41	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 03:41 . 2013-03-29 03:41	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 03:41 . 2013-03-29 03:41	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-10 10:40	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:40	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:40	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:40	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:40	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:40	112640	----a-w-	c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2011-11-05 17:28	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	958120	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-22 2648184]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"fcfccbdcadbsacfsfdsf"="c:\programdata\fcfccbdcadbsacfsfdsf.exe" [2013-05-21 91136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
R3 X6va006;X6va006;c:\users\user\AppData\Local\Temp\00630D4.tmp [x]
R3 X6va007;X6va007;c:\users\user\AppData\Local\Temp\00719DE.tmp [x]
R3 X6va008;X6va008;c:\users\user\AppData\Local\Temp\0085C08.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-06 283200]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2013-05-13 2245232]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:26]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.cpl" [2007-06-07 6402048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-08 8757248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Integrated Driver - c:\users\user\AppData\Roaming\Mozilla\winmgr.exe
Wow6432Node-HKLM-Run-PokerStars - c:\users\user\Documents\PokerStars\PokerStars.scr
SSODL-PokerStars-c:\users\user\Documents\PokerStars\PokerStars.scr - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Ashampoo Burning Studio 6 FREE_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe
AddRemove-pcsx2-r4600 - c:\program files (x86)\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-PunkBusterSvc - d:\ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
AddRemove-PlanetSide 2 PSG - d:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00630D4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00719DE.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\0085C08.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22  01:39:42
ComboFix-quarantined-files.txt  2013-05-21 23:39
.
Vor Suchlauf: 15 Verzeichnis(se), 23.475.597.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 30.261.698.560 Bytes frei
.
- - End Of File - - 444A3CC7D6743978931F4BAB6652DF3E
         
Code:
ATTFilter
OTL logfile created on: 22.05.2013 01:55:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,08 Gb Available Physical Memory | 67,94% Memory free
12,00 Gb Paging File | 10,39 Gb Available in Paging File | 86,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 27,83 Gb Free Space | 11,23% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 136,02 Gb Free Space | 19,90% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M]
 
[2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de
[2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml
[2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.05.22 01:37:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [fcfccbdcadbsacfsfdsf] C:\ProgramData\fcfccbdcadbsacfsfdsf.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 01:53:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.22 01:39:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 01:23:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 01:23:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 01:23:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 01:23:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.22 01:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 01:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 01:08:38 | 005,068,564 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 23:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.21 23:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.21 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\otl.exe
[2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game
[2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe
[2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin
[2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 01:54:15 | 000,091,136 | ---- | M] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.22 01:53:09 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 01:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 01:52:50 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 01:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
[2013.05.22 01:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 01:37:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 01:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 01:19:18 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 01:19:18 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 01:08:43 | 005,068,564 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
[2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 01:23:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 01:23:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 01:23:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 01:23:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 01:23:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.21 19:18:34 | 000,091,136 | ---- | C] () -- C:\ProgramData\fcfccbdcadbsacfsfdsf.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url
[2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini
[2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll
[2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini
[2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011.04.04 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo
[2012.04.22 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 05:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2011.08.31 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ijjigame
[2011.07.21 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lionhead Studios
[2012.08.22 03:48:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2013.05.21 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble
[2011.07.03 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World
[2012.11.07 01:41:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2012.11.13 10:14:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011.11.25 03:49:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2013.05.08 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2013.02.11 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayCatanClient
[2013.05.22 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RIFT
[2012.11.14 21:38:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013.05.22 01:09:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client
[2012.08.14 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2013.04.21 00:54:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >
         

Alt 22.05.2013, 01:40   #12
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus



Lass bitte Combofix noch einmal genau gleich durchlaufen und poste das neue Logfile.
__________________
cheers,
Leo

Alt 22.05.2013, 12:02   #13
busa
 
Skype virus - Standard

Skype virus



Code:
ATTFilter
ComboFix 13-05-21.01 - user 22.05.2013  12:21:35.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6143.4462 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fcfccbdcadbsacfsfdsf.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-22 bis 2013-05-22  ))))))))))))))))))))))))))))))
.
.
2013-05-22 10:29 . 2013-05-22 10:29	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-05-22 10:29 . 2013-05-22 10:29	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-05-22 10:29 . 2013-05-22 10:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-21 23:07 . 2013-05-22 09:58	76232	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\offreg.dll
2013-05-21 21:54 . 2013-05-21 21:54	--------	d-----w-	c:\program files (x86)\7-Zip
2013-05-21 17:54 . 2013-05-21 17:50	964552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B362F80F-DE1A-4E5D-99AB-FF56CB8042ED}\gapaengine.dll
2013-05-21 17:51 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64AB8476-49FF-4915-8C29-8C0B232DB2FC}\mpengine.dll
2013-05-20 11:05 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 10:00 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 21:26 . 2013-05-14 21:26	17613192	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 19:39 . 2013-05-14 19:39	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-14 19:39 . 2013-05-14 19:38	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 15:19 . 2013-05-08 15:19	--------	d-----w-	c:\program files (x86)\World of Warcraft
2013-05-08 15:19 . 2013-05-08 15:19	--------	d-----w-	c:\program files (x86)\Rift Game
2013-05-07 17:20 . 2013-05-11 20:21	--------	d-----w-	c:\programdata\EA Logs
2013-05-07 17:17 . 2013-05-08 15:55	--------	d-----w-	c:\users\user\AppData\Local\Warframe
2013-05-07 14:57 . 2013-05-07 14:57	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2013-05-07 12:38 . 2013-05-08 16:44	--------	d-----w-	c:\users\user\AppData\Roaming\Origin
2013-05-07 12:38 . 2013-05-07 12:38	--------	d-----w-	c:\program files (x86)\Origin Games
2013-05-07 12:38 . 2013-05-07 12:47	--------	d-----w-	c:\users\user\AppData\Local\Origin
2013-05-07 12:37 . 2013-05-07 12:47	--------	d-----w-	c:\programdata\Origin
2013-05-07 12:37 . 2013-05-07 12:38	--------	d-----w-	c:\program files (x86)\Origin
2013-04-24 12:45 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 00:57 . 2011-04-04 14:15	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-14 21:26 . 2012-05-03 00:57	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 21:26 . 2012-05-03 00:57	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 19:38 . 2012-04-04 01:41	866720	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-05-14 19:38 . 2011-04-04 13:56	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-24 12:49 . 2013-03-12 16:45	905296	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-23 12:24 . 2013-04-23 12:24	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 10:00	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:00	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:00	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:00	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:00	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-29 03:41 . 2013-03-29 03:41	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 03:41 . 2013-03-29 03:41	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 03:41 . 2013-03-29 03:41	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 03:41 . 2013-03-29 03:41	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 03:41 . 2013-03-29 03:41	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 03:41 . 2013-03-29 03:41	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 03:41 . 2013-03-29 03:41	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 03:41 . 2013-03-29 03:41	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 03:41 . 2013-03-29 03:41	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 03:41 . 2013-03-29 03:41	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 03:41 . 2013-03-29 03:41	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 03:41 . 2013-03-29 03:41	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 03:41 . 2013-03-29 03:41	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 03:41 . 2013-03-29 03:41	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 03:41 . 2013-03-29 03:41	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 03:41 . 2013-03-29 03:41	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 03:41 . 2013-03-29 03:41	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 03:41 . 2013-03-29 03:41	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 03:41 . 2013-03-29 03:41	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 03:41 . 2013-03-29 03:41	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 03:41 . 2013-03-29 03:41	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 03:41 . 2013-03-29 03:41	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-29 03:41 . 2013-03-29 03:41	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 03:41 . 2013-03-29 03:41	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 03:41 . 2013-03-29 03:41	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 03:41 . 2013-03-29 03:41	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 03:41 . 2013-03-29 03:41	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 03:41 . 2013-03-29 03:41	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 03:41 . 2013-03-29 03:41	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 03:41 . 2013-03-29 03:41	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 03:41 . 2013-03-29 03:41	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 03:41 . 2013-03-29 03:41	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 03:41 . 2013-03-29 03:41	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 03:41 . 2013-03-29 03:41	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-10 10:40	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:40	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:40	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:40	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:40	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:40	112640	----a-w-	c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2011-11-05 17:28	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	958120	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-22 2648184]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-03 1635752]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R1 tuxnrfkk;tuxnrfkk;c:\windows\system32\drivers\tuxnrfkk.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
R3 X6va006;X6va006;c:\users\user\AppData\Local\Temp\00630D4.tmp [x]
R3 X6va007;X6va007;c:\users\user\AppData\Local\Temp\00719DE.tmp [x]
R3 X6va008;X6va008;c:\users\user\AppData\Local\Temp\0085C08.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-06 283200]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2013-05-13 2245232]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\1&1\IGDCTRL.EXE [2007-10-25 87344]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 21:26]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-09 20:18]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 01:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.cpl" [2007-06-07 6402048]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-08 8757248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5iobvw9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-fcfccbdcadbsacfsfdsf - c:\programdata\fcfccbdcadbsacfsfdsf.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Ashampoo Burning Studio 6 FREE_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe
AddRemove-pcsx2-r4600 - c:\program files (x86)\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-PunkBusterSvc - d:\ubisoft\Ghost Recon Online\PDC-Live\pbsvc_gro.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00630D4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\00719DE.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\0085C08.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-22  12:38:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-22 10:38
ComboFix2.txt  2013-05-21 23:39
.
Vor Suchlauf: 16 Verzeichnis(se), 34.166.403.072 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 33.855.541.248 Bytes frei
.
- - End Of File - - 1F38C38F6C69A9AFFEDC312A2CDB193E
         

Alt 22.05.2013, 12:20   #14
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus



Jep, dann so weiter:


Schritt 1

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Bitte poste in deiner nächsten Antwort:
  • Log von MBAR
__________________
cheers,
Leo

Alt 22.05.2013, 13:07   #15
busa
 
Skype virus - Standard

Skype virus



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [administrator]

22.05.2013 13:35:53
mbar-log-2013-05-22 (13-35-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30618
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
c:\Users\user\AppData\Roaming\Macromedia\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\OpenOffice.org\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\TeamViewer\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\user\AppData\Roaming\vlc\winmgr.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Delete on reboot.

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-PC [administrator]

22.05.2013 13:58:43
mbar-log-2013-05-22 (13-58-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30638
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Antwort

Themen zu Skype virus
angst, fehler, gelöst, geworfen, heute, kriege, link, meldung, probiert, problem, rechner, sache, skype, skype virus, virus, wissen, öffnen



Ähnliche Themen: Skype virus


  1. Skype Virus "Your skype does not support extended icons"
    Log-Analyse und Auswertung - 10.10.2014 (15)
  2. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  3. Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (4)
  4. Skype virus
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (11)
  5. Skype Virus
    Alles rund um Mac OSX & Linux - 27.06.2013 (8)
  6. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (69)
  7. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 22.05.2013 (11)
  8. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (3)
  9. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  10. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  11. TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe
    Log-Analyse und Auswertung - 27.02.2013 (15)
  12. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  13. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (8)
  14. Virus in Skype
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  15. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  16. TR/Crypt.ZPACK.Gen2 - in Programme/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (9)
  17. TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (2)

Zum Thema Skype virus - Hallo meine freundi hat heute bei skype von einen bekannt ein link bekommen und ihm probiert zu öffnen jetzt kriegen alle eine fehler meldung vor angst das es immer so - Skype virus...
Archiv
Du betrachtest: Skype virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.