Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bezahlen Sie 50 Euro Virus (https://www.trojaner-board.de/113099-bezahlen-50-euro-virus.html)

Fugi 04.04.2012 05:19

Bezahlen Sie 50 Euro Virus
 
Huhu,

ich habe mir erfolgreich den "50euro virus" eingefangen. Beim hochfahren erscheint folgende Meldung "Durch das Besuchen von Seiten mit infizierten und pornographischen Inhalten ist das Computersystem an eine kritische Grenze angekommen, nach der das System zusammenbrechen und die ganzen Dateien verloren gehen können. Um das System wiederherstellen zu können müssen Sie ein zusätzliches Sicherheitsupdate herunterladen." usw. ich habe bisher Mbam unteranderem drüber laufen lassen was das Problem aber nicht beheben konnte z.b erst garnichts gefunden hat. Ich nutze Windows Vista
ich verlink dann einfach mal die OTL/MbAm logs die zustande gekommen sind, und hoffe auf schnelle Hilfe. :)

Mbam:
Code:

Datenbank Version: v2012.04.03.12

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Andreas :: ANDREAS-PC [Administrator]

Schutz: Deaktiviert

04.04.2012 04:08:36
mbam-log-2012-04-04 (04-08-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 404387
Laufzeit: 1 Stunde(n), 31 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL:

Code:

OTL logfile created on: 04.04.2012 05:45:02 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Andreas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,63 Mb Total Physical Memory | 479,04 Mb Available Physical Memory | 46,84% Memory free
5,85 Gb Paging File | 5,53 Gb Available in Paging File | 94,63% Paging File free
Paging file location(s): c:\pagefile.sys 5000 50000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,00 Gb Total Space | 41,55 Gb Free Space | 18,22% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 3,83 Gb Free Space | 78,46% Space Free | Partition Type: NTFS
Drive E: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.04 03:37:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL (1).exe
PRC - [2011.04.29 22:47:06 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.25 18:12:34 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.05 23:06:21 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lmfuxda.sys -- (sfxgk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.12.08 16:01:18 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.10 18:33:00 | 009,899,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.18 18:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.08.01 12:51:00 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.09.24 11:09:10 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://localhost:9000/application.pac
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Andreas\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Programme\PPLive\PPVA\DownloaderManager.dll (PPLive Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [Octoshape Streaming Services] C:\Users\Andreas\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [PPLiveVA] "C:\Program Files\PPLive\PPVA\PPLiveVA.exe" /LoadModule PPVA.DLL /M REAL /S 0 /T 0 File not found
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [SkypePM] C:\Users\Andreas\AppData\Local\Skype\SkypePM.exe ()
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [WLAN Optimizer] C:\wlan\WLANOptimizerNET.exe ()
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} hxxp://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B448EF5-2471-49FA-849D-F9723F24C1BE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{858134C6-3420-4720-8ED5-3984947DB80A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.10.31 16:59:10 | 000,000,062 | RH-- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{17583c7a-6812-11de-b331-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{17583c7a-6812-11de-b331-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.04 03:07:00 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.04.04 02:37:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2012.04.04 02:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.04 02:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.04 02:37:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.04 02:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.30 15:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
[2012.03.30 14:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andreas\*.tmp files -> C:\Users\Andreas\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.04 04:02:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.04 03:59:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.04 03:59:06 | 000,056,597 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.04 03:58:41 | 000,056,597 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.04 03:58:37 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.04 03:58:36 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 03:58:35 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 02:37:44 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.04 01:07:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.04 01:03:13 | 000,009,216 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.03 19:57:25 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.04.03 16:16:50 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.03 04:06:22 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-03 04_06_19.933823.dmp
[2012.04.03 00:14:59 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.01 22:06:17 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-01 22_06_08.937000.dmp
[2012.03.30 15:09:17 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2012.03.27 16:48:30 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.27 16:48:30 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.27 16:48:30 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.27 16:48:30 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.22 20:32:43 | 000,000,218 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel
[2012.03.18 04:21:40 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-18 03_21_38.519165.dmp
[2012.03.17 05:51:25 | 000,028,443 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-17 04_51_21.117556.dmp
[2012.03.08 04:43:58 | 000,029,930 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-08 03_43_53.506798.dmp
[2012.03.06 03:40:17 | 000,029,930 | ---- | M] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-06 02_40_15.542595.dmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andreas\*.tmp files -> C:\Users\Andreas\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.04 02:37:44 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.03 04:06:19 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-03 04_06_19.933823.dmp
[2012.04.01 22:06:09 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-04-01 22_06_08.937000.dmp
[2012.03.22 20:32:43 | 000,000,218 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel
[2012.03.18 04:21:38 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-18 03_21_38.519165.dmp
[2012.03.17 05:51:21 | 000,028,443 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-17 04_51_21.117556.dmp
[2012.03.08 04:43:53 | 000,029,930 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-08 03_43_53.506798.dmp
[2012.03.06 03:40:15 | 000,029,930 | ---- | C] () -- C:\Users\Andreas\Favorites\Documents\ts3_clientui-win32-12451-2012-03-06 02_40_15.542595.dmp
[2011.05.13 07:13:06 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.08.29 13:15:36 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
 
========== LOP Check ==========
 
[2011.12.16 08:54:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft
[2012.04.04 05:39:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.purple
[2010.06.07 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\GetRightToGo
[2011.07.20 00:01:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\go
[2012.03.22 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.08.30 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ
[2011.05.13 19:46:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LolClient
[2009.08.30 17:31:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MobMapUpdater
[2009.07.24 14:03:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Octoshape
[2012.03.02 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PPlive
[2010.01.11 14:12:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PPLiveVA
[2012.02.23 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\RayV
[2011.05.20 22:24:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\RIFT
[2010.03.29 13:28:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Simply Super Software
[2009.07.04 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\T-Online
[2010.12.23 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\temp
[2010.06.04 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client
[2012.04.04 04:00:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\uTorrent
[2012.04.02 08:43:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.07.04 15:48:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.12 03:08:29 | 000,000,000 | ---D | M] -- C:\5005716aef2c296e24
[2011.03.18 14:28:57 | 000,000,000 | ---D | M] -- C:\8dc4267ed2d4a53231a657781e21
[2010.01.18 20:08:41 | 000,000,000 | ---D | M] -- C:\b5fba0127b5719937a99d51462e5
[2009.10.19 02:24:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.08 19:31:22 | 000,000,000 | ---D | M] -- C:\c17c3aaadcd8786af295
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.04 15:42:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.22 04:22:16 | 000,000,000 | ---D | M] -- C:\extensions
[2012.04.04 03:07:00 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.10.04 13:30:49 | 000,000,000 | ---D | M] -- C:\MPS
[2010.02.12 22:50:48 | 000,000,000 | ---D | M] -- C:\Nostale(DE)
[2009.07.05 11:23:01 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.08 21:45:06 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.04 02:37:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.04 02:37:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.04 15:42:42 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.13 07:16:40 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.04.03 12:45:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.07.04 15:47:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.04 01:52:53 | 000,000,000 | ---D | M] -- C:\Windows
[2009.07.21 22:33:31 | 000,000,000 | ---D | M] -- C:\wlan
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
< MD5 for: EXPLORER.EXE  >
[2009.07.04 17:59:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.07.04 17:59:17 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.07.04 17:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.07.04 18:34:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.07.04 18:34:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.07.04 17:59:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-03 10:46:46
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Extras:
Code:

OTL Extras logfile created on: 04.04.2012 05:45:02 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Andreas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,63 Mb Total Physical Memory | 479,04 Mb Available Physical Memory | 46,84% Memory free
5,85 Gb Paging File | 5,53 Gb Available in Paging File | 94,63% Paging File free
Paging file location(s): c:\pagefile.sys 5000 50000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,00 Gb Total Space | 41,55 Gb Free Space | 18,22% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 3,83 Gb Free Space | 78,46% Space Free | Partition Type: NTFS
Drive E: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8FFE8322-13AC-4403-8F1A-726F0DD4EB70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C25CE208-7B7C-4B25-ACF8-F8E3415E7255}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{E2DEBECE-5B56-494D-8658-7F78ABFD2416}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D7DC6-7240-4A55-9366-C07CDB9FB776}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{03CBED55-929D-4CCA-BC62-634505C6A3A5}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{08C6900C-FA22-428D-A434-8426150BFB68}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{09CF78E3-34EE-4B09-9E53-AE3C9585B2CC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{0AEE840B-9DA4-4F97-847F-F470BEF4407F}" = protocol=6 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
"{12C85A4E-897D-43E5-BB6D-3EE161E0CF4A}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{14278FB0-AE2C-41BB-81E6-600F94E362CB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1ADB1BB1-76F4-4942-B244-F10FA37AB9EE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\condition zero\hl.exe |
"{1D398178-ED00-4DF1-84F2-CB231031CEED}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{244313BF-8AFA-43BC-B2B3-2DDD7C9EBC60}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{246A8711-44C7-44C7-AB16-79D44E4B9AA8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{261FBFE1-9668-42BB-9198-4DB2372585AD}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{28A50693-BCE7-4F3B-A041-04F71D8C43CD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2AFF1FE4-7490-405C-AFA2-26B7E9B68E46}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{30BF2997-F8E3-41A8-956A-4E08962C4A1C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\counter-strike\hl.exe |
"{35FBDC7A-0BBA-4963-8CD3-8D0F1A6E761C}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{360258D3-1516-444E-B172-0020A8A6244B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3909084A-E8FE-4FA8-9C71-5F3B3CA861B6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe |
"{393BC8C7-8B0C-4E19-99C3-A9604BCE8B72}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{41A8DEC7-2A83-4ED2-B2A3-09677AA9A316}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe |
"{42DA1158-E687-448E-9C17-7A32B4CD6B6A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\condition zero\hl.exe |
"{59D53B1E-D21C-4FF8-B676-3F7ACD26BF25}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{5F715359-B0F0-4BC1-A25D-41A067A547D3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{5FAE5D29-09BC-491E-8C6E-304C1B8A6CB7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{6797ADEC-BDC3-4483-9155-57EBE88F32BC}" = protocol=17 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{68AD8DA7-251F-4D01-A82E-8B8110C33854}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\guflor@gmx.de\counter-strike\hl.exe |
"{69649116-01D1-40C9-9A3B-2F1B5B874895}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{6B068B9F-F381-42DF-9426-82B335B27B47}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{6C32AA48-EF7E-4BD9-B7B9-DA3668AE3196}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{77961037-598A-40C3-B116-B081097F7464}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{7A05518A-9EDC-47CF-A520-24423492387C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{7E91C643-A72C-46FB-847E-B8484F08C497}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe |
"{801DE2B7-1A7A-4C5B-A8F1-126E6698E1EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{80294C5E-CC55-4D09-8429-8F4FCAB12A1E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe |
"{82096B20-82E8-4D7F-9E92-6A160E85F1DE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{85338DAF-5E65-488D-A397-B75AC2DC7EFF}" = protocol=6 | dir=in | app=c:\program files\ppliveva\download.exe |
"{86A9C0F1-DB49-454B-AC5A-CF842BB0B165}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{8845F68C-FCCC-45AF-BA67-A71181FD4852}" = protocol=6 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{94246754-B723-439E-8259-3235B1144451}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9F2D18F8-067D-4B69-8276-D8408D097A4F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0-dede-downloader.exe |
"{A158E2C5-80F5-48CC-A9F8-BA24AF416DCF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AC21AD46-14CE-47AD-BAC6-5A49693834D6}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{B045860F-DE02-4965-8BDF-F586347BEA2D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B2749CE2-E61E-4B06-8BE6-EA414C5C6AB8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B28C081E-F9AB-41AE-A4A4-8A0FDBD769F0}" = protocol=17 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
"{B36D5544-42F8-4166-BEDF-E1769A37D0C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B911672A-B118-441A-B7C4-E53231F3C325}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BC52F4D0-1FFF-4457-BA0A-D444E33931E8}" = protocol=6 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"{BCDD17A7-29F2-4E7C-8ECB-06E7DD805C6B}" = protocol=17 | dir=in | app=c:\program files\ppliveva\download.exe |
"{C47207E7-B233-4301-9DBE-7C722AFD77EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\melanie2004\counter-strike\hl.exe |
"{C941E4AF-A80E-4268-88E3-C4931C3E7880}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe |
"{CFC31F80-85DF-46A3-883C-D972B13154F4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0-dede-downloader.exe |
"{D11E5350-BB17-45C0-B0D6-28FF136F8939}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe |
"{D9EF17E3-4690-439F-A099-BCCB9B33DFF2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{E5207215-F8E2-471C-91C2-73D01A7D82BE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{E8D77D94-33E6-40FA-9A6F-AF96A7142886}" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{EC8B4DDD-DF12-4010-B1AA-F14215FFDDEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{EDFC2CA0-92D4-4C2B-A1FA-E3FB8AD20739}" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{EE424C5A-ED2C-4100-BF1D-3D39828AE626}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{EFB748C6-B967-4324-81A0-B24C6FB3C7C9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{F052BB4A-7BF2-4F33-A7CD-1712A70448C6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{F10A2171-04ED-4ACC-889A-B282BDEC5BEB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\melanie2004\counter-strike\hl.exe |
"{F4A4651B-FB50-49D8-914D-B45B9AF1CC85}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{F65EF16A-01CF-4EE5-B050-140324925460}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{FAC40AD5-543C-42CA-AB1A-1B71D5A8F2C0}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{FAC50E94-D38A-4A9D-B03A-44218DF37AA7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{FEEA4EBB-BE7F-4F3A-B049-A5EB7AFDDE40}" = protocol=17 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"TCP Query User{22FA7934-E30C-412B-A449-22728595CB21}C:\program files\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"TCP Query User{23652DD9-BBD0-4547-8D98-5AAB040F21F6}C:\program files\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"TCP Query User{2D77E043-A879-4A80-855A-9AD9CD5EBC8B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{32B5919D-7990-4126-97CA-B9053E70A5C4}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{470AECD9-24D0-4E03-B175-96EA48D750A0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{4B027B4D-924B-4981-B1EB-8435CF9B939F}C:\program files\ppliveva\ppliveva.exe" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"TCP Query User{4EEE9939-9446-4889-A133-546CCBC697ED}C:\users\public\games\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\backgrounddownloader.exe |
"TCP Query User{4FEB22C1-7DBF-48F1-9A40-0896C529FB3F}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{533995BC-AB26-4BB5-9EE9-B06DCFC6E78E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{589D8010-1C34-4199-9302-6B4575263BA4}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{62405626-1AEB-4F1B-B128-AA231AE80C46}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"TCP Query User{7282BDEA-8A2E-4C41-9C91-CD1A0884A509}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{7C0C96DD-9383-4AA3-AD0E-AD73A3C8A9AE}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe |
"TCP Query User{95263022-0649-4DDF-B1E6-672591570032}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9B743E09-E55A-4A2D-97DD-554301D9F3A5}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{A3FA12FC-5EC9-4914-A793-9070A6711080}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{B614B8B2-20ED-488F-AC1C-ECC1FF74087F}C:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{C178895F-F3AC-4CAC-BCB9-34A440D72915}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{C7D8D12B-66CF-4371-B5C8-2CE602D7491B}C:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{CE6F61A4-61E8-444F-AE18-3DE941C2AFDA}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{E49417DA-A605-422B-B1B8-CF16EF7A5044}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{E77E1818-3FE4-426C-B220-98954C99B947}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{09D06C88-23D0-406D-95EE-916472FA7B4D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{1826856A-65A5-4B6E-A490-4D80300EA7EB}C:\program files\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"UDP Query User{2A901B33-49FC-4C9A-A4F4-7FD3E4FB846C}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"UDP Query User{2AE85661-30F2-4206-B3AB-8AFFBBF8DCD3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2C1F090C-1705-4DC5-B2EA-280814E0D5A3}C:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{43A41AD7-F657-4B7E-A3D1-33ACE2432CF4}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe |
"UDP Query User{47DBD353-D365-4B1A-B4F2-CB8BE4FA6A7F}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{592C9ACF-D962-4C20-A7BB-526C76D675AD}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{8216DE82-D51F-4208-A44B-97DB5C195640}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{82748B8E-4A77-493A-91CC-6418751B2A9F}C:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{85A3CA30-B840-4D0D-9288-326CE6877DA6}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{86719018-711B-4EAC-968B-0A96B5339DA7}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{A51075F2-08AB-4832-BF61-52D8EEA71CE0}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{AB40C850-045C-4858-B751-1A62EB056944}C:\program files\ppliveva\ppliveva.exe" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"UDP Query User{B52DA6E5-3FAE-48D3-80DC-5A5A848D7552}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{D585998D-811B-4983-8A3A-4891AC42B2D5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D9ABD20B-2D47-4302-8B60-0A44026A4684}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{DE64EBA3-6C19-4524-B4EB-7AF1CB89BA0A}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{EB22F7B9-F981-4F88-BA51-C97EB0A853C7}C:\users\public\games\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\backgrounddownloader.exe |
"UDP Query User{EDE35EE0-6194-4A8E-AC8B-6701A90D6086}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"UDP Query User{EF45EB2F-3611-4F20-8E2C-BC269C131382}C:\program files\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"UDP Query User{FDA37C26-770B-49DA-BF28-D6A3B9A635B8}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0DE6C47F-57C9-43FB-930B-2094428BEBB3}_is1" = TTDPatch 2.5 beta 9
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21
"{2E1C262F-B7FC-4046-B1F8-F49648BFC10E}" = KoFuMa  21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1C659AF-C761-47A8-BAFD-5FD2BE1ED419}" = Wildlife Park 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Docking Station" = Docking Station
"EA Installer.1475696318" = EA Installer
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"GAMEFORGE Nostale(DE)_is1" = Nostale Online DE (Remove)
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"MobMap_is1" = MobMap 3.43
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenTTD" = OpenTTD 1.1.0
"Pidgin" = Pidgin
"PPLiveVA" = PP¼ÓËÙÆ÷(0.6.5.0007)
"RayV" = RayV TV
"RollerCoaster Tycoon Setup" = Roll
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 10" = Counter-Strike
"Steam App 500" = Left 4 Dead
"Steam App 80" = Condition Zero
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.1
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.2
"vShare" = vShare Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1551079383-3654586665-3936371309-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Game Organizer" = EasyBits GO
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"PPLiveVA" = PPLive Video Accelerator
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.01.2011 18:35:53 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel
 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9,  Prozess-ID 0x654, Anwendungsstartzeit
 01cbbeffba0abfb2.
 
Error - 29.01.2011 11:15:52 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 29.01.2011 11:15:52 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 29.01.2011 11:18:17 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PPLive.exe, Version 2.0.0.2, Zeitstempel 0x4ae91a79,
 fehlerhaftes Modul vodsp.dll, Version 3.3.3.9, Zeitstempel 0x4abc681f, Ausnahmecode
 0xc0000005, Fehleroffset 0x00149157,  Prozess-ID 0xb8c, Anwendungsstartzeit 01cbbfc749283bc2.
 
Error - 29.01.2011 20:31:35 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel
 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9,  Prozess-ID 0x1370, Anwendungsstartzeit
 01cbbfe209308432.
 
Error - 30.01.2011 06:39:34 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.01.2011 06:39:34 | Computer Name = Andreas-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.01.2011 06:41:32 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PPLive.exe, Version 2.0.0.2, Zeitstempel 0x4ae91a79,
 fehlerhaftes Modul vodsp.dll, Version 3.3.3.9, Zeitstempel 0x4abc681f, Ausnahmecode
 0xc0000005, Fehleroffset 0x00149157,  Prozess-ID 0xb44, Anwendungsstartzeit 01cbc069db8f0e16.
 
Error - 30.01.2011 09:35:51 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel
 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9,  Prozess-ID 0x115c, Anwendungsstartzeit
 01cbc07046f1ef06.
 
Error - 30.01.2011 18:37:15 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel
 0x4ca0a622, fehlerhaftes Modul QtCore4.dll, Version 4.6.2.0, Zeitstempel 0x4bab0fd6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000a88c9,  Prozess-ID 0x10c8, Anwendungsstartzeit
 01cbc09059555ea6.
 
[ System Events ]
Error - 03.04.2012 22:01:33 | Computer Name = Andreas-PC | Source = sfsync04 | ID = 262145
Description =
 
Error - 03.04.2012 22:02:14 | Computer Name = Andreas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.04.2012 um 04:00:46 unerwartet heruntergefahren.
 
Error - 03.04.2012 22:02:28 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.04.2012 22:02:40 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.04.2012 22:02:46 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.04.2012 22:03:11 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.04.2012 22:03:37 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 03.04.2012 22:03:37 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 03.04.2012 22:07:28 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.04.2012 22:07:28 | Computer Name = Andreas-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >


markusg 04.04.2012 08:38

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



[CODE]
:OTL
O4 - HKU\S-1-5-21-1551079383-3654586665-3936371309-1000..\Run: [SkypePM] C:\Users\Andreas\AppData\Local\Skype\SkypePM.exe ()
:Files
C:\Users\Andreas\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]



• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132