Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.11.2011, 01:28   #1
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Guten Abend, seit 2 Tagen nervt mich mein AntiiVir mit eben dieser Meldung. Wenn ich den EchtzeitScanner an habe, berieselt es mich im 3 Sekunden Takt mit diesen tollen Meldungen..
Nun frage ich mich: Fehlalarm, echte Bedrohung und wenn ja, wie bekomm ich sie runter?

Mein System ist noch nen Windows Visita 32bit, allerdings mit neuesten Updates afaik.
Der OnlineScan der Datei ergibt 10/10 sagen dass es Malware ist:
hxxp://virusscan.jotti.org/de/scanresult/7ccbc8710478e1528c4d6ab82ca96c9836a720f6/8717404f9c89fce712be353755ea71e168f66898

Malwarebytes findet nichts. AdAware findet nichts.
Die Datei existiert, allerdings kann ich via google dieser keine Aufgabe zuordnen, es scheint, als wäre sie garkeine Windows Datei, was den Verdacht der Malware natürlich untermauert. Es gibt eine Windowsdatei mit dem Namen: KBDINORI.dll was ja bis auf das I-J identisch ist..
Ich kann die Datei nicht löschen, weder auf normalem Wege noch mit KillBox

Im folgenden kommt der OTL Scan, ich hoffe ich habs richtig gemacht ^^

PS: Mein System ist schon alt, daher wird im Log wahrscheinlich ne Menge Müll auftauchen.. Ich weiß nicht warum, ich komme einfach nicht dazu, mal jemanden zu Fragen, ob er mir den Rechner neu aufsetzt, ich bin da eindeutig zu doof für (hab keine Boot CD sondern ne komische Partition mit den Windows und Dell Dateien und keine Ahnung ob da alle Treiber bei sind, deshalb Finger weg)

Ich hoffe ihr könnt mir helfen. Wenn ihr auch noch ein HijackThis Logfile benötigt, reiche ich des nach

Alt 11.11.2011, 13:53   #2
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Ich hab gerade die Checkliste entdeckt und deshalb nochma neue Logs angefertigt, ich bitte die oben angehängten Dateien zu ignorieren.

Einmal der defrogger log:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:18 on 11/11/2011 (Vanadin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
__________________


Geändert von Kite (11.11.2011 um 13:59 Uhr)

Alt 11.11.2011, 13:53   #3
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Dann der OTL Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.11.2011 12:41:15 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Vanadin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 67,06% Memory free
11,16 Gb Paging File | 10,13 Gb Available in Paging File | 90,80% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,79 Gb Total Space | 94,58 Gb Free Space | 42,84% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,44 Gb Free Space | 54,40% Space Free | Partition Type: NTFS
 
Computer Name: VANADIN-LAPTOP | User Name: Vanadin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Vanadin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe (Highresolution Enterprises)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\devolo\dlan\devolonetsvc.exe ()
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Programme\OO Software\CleverCache\ooccag.exe (O&O Software GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) --  File not found
SRV - (oajhq) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (XMouseButton Launcher) -- C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe (Highresolution Enterprises)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (DevoloNetworkService) -- C:\Programme\devolo\dlan\devolonetsvc.exe ()
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (OOCleverCacheAgent) -- C:\Programme\OO Software\CleverCache\ooccag.exe (O&O Software GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\system32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalisierte Startseite
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Start, STcommunity
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.diesiedleronline.de/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vanadin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vanadin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.02.07 10:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.13 16:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.02 21:06:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.13 16:31:30 | 000,000,000 | ---D | M]
 
[2008.10.03 11:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanadin\AppData\Roaming\mozilla\Extensions
[2011.10.02 21:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanadin\AppData\Roaming\mozilla\Firefox\Profiles\qs34zdor.default\extensions
[2010.04.28 09:16:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vanadin\AppData\Roaming\mozilla\Firefox\Profiles\qs34zdor.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.02 21:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.14 11:32:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.14 12:47:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.24 18:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.02 22:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\VANADIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS34ZDOR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vanadin\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vanadin\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vanadin\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus f\u00FCr Google Chrome\u2122 (Beta) = C:\Users\Vanadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Die Siedler Online = C:\Users\Vanadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dencfipkbmoplciolcjgmlabfllbdaof\1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Vanadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2011.11.10 21:57:08 | 000,000,512 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XMouseButtonControl - Verknüpfung.lnk = C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Highresolution Enterprises)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B45F995-8E32-4D85-8343-1089004640BA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7754AF51-412C-4FD2-9998-925D3F3053C2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4F40661-D89B-4E09-8778-322FEA32B16F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ec7ce9a-ba7a-11de-9a8a-001c23251574}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\copy.exe
O33 - MountPoints2\{3cbf7a4f-648f-11de-b3a2-001c23251574}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{3cbf7a4f-648f-11de-b3a2-001c23251574}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{60a5b318-6be5-11de-a416-001c23251574}\Shell - "" = AutoRun
O33 - MountPoints2\{60a5b318-6be5-11de-a416-001c23251574}\Shell\AutoRun\command - "" = F:\AutoRunMorrowind.exe
O33 - MountPoints2\{60a5b318-6be5-11de-a416-001c23251574}\Shell\install\command - "" = F:\Setup.exe
O33 - MountPoints2\{84d7015d-d074-11de-860d-001c23251574}\Shell\AutoRun\command - "" = G:\installer.exe
O33 - MountPoints2\{84d7015d-d074-11de-860d-001c23251574}\Shell\verb\command - "" = G:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: oajhq -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk - C:\Programme\LOLReplay\LOLRecorder.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe - (Macrovision Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ApnUpdater - hkey= - key= -  File not found
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: BDRegion - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: EPSON Stylus DX7400 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Vanadin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= -  File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: {52D398E8-19A8-653B-9ADC-9DFD172245DD} - hkey= - key= -  File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.10 23:55:27 | 000,000,000 | ---D | C] -- C:\ProgramDataEVENTDB
[2011.11.10 23:55:26 | 000,000,000 | ---D | C] -- C:\ProgramDataINFECTED
[2011.11.10 23:54:50 | 000,000,000 | ---D | C] -- C:\ProgramDataTEMP
[2011.11.10 23:54:32 | 000,000,000 | ---D | C] -- C:\ProgramDataLOGFILES
[2011.11.10 23:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\EVENTDB
[2011.11.10 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Avira
[2011.11.10 23:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.10 23:39:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.11.10 23:39:25 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.10 23:39:25 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.10 23:39:25 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.11.10 23:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.10 23:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.11.10 22:30:53 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.11.10 22:25:32 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.11.10 22:25:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.11.10 22:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.11.10 22:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011.11.10 21:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011.11.10 21:27:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vanadin\Desktop\OTL.exe
[2011.11.08 17:45:13 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\DSO Eco
[2011.11.08 15:17:49 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrazyT
[2011.11.08 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.11.08 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.11.08 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011.11.08 14:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.11.08 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011.11.08 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.11.08 14:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011.11.08 14:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011.11.08 14:38:42 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\Microsoft Help
[2011.11.08 14:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.11.08 14:37:03 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.11.08 14:22:06 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\Microsoft.Office.Professioal.Plus.2010.GERMAN.Full.Cracked
[2011.11.08 11:56:33 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\Mastertools
[2011.11.08 10:27:17 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Malwarebytes
[2011.11.08 10:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.08 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.08 10:26:56 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.08 10:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.02 11:59:31 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\Taktikkarten
[2011.10.13 16:32:27 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\DDMSettings
[2011.10.13 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.10.13 16:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2011.10.13 16:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2011.10.13 16:21:20 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Documents\SelfMV
[2011.10.13 16:19:22 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\Samsung
[2011.10.13 16:18:59 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Documents\samsung
[2011.10.13 16:13:44 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\{8516f02d-31b4-4718-9a55-fee0911066d2}
[2011.10.13 16:13:09 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2011.10.13 16:13:09 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
[2011.10.13 16:13:09 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2011.10.13 16:13:09 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2011.10.13 16:13:09 | 000,114,280 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadserd.sys
[2011.10.13 16:13:09 | 000,030,312 | ---- | C] (Google Inc) -- C:\Windows\System32\drivers\ssadadb.sys
[2011.10.13 16:13:09 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2011.10.13 16:13:09 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2011.10.13 16:13:09 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2011.10.13 16:13:09 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2011.10.13 16:13:09 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2011.10.13 16:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.10.13 16:08:58 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011.10.13 16:08:08 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.10.13 16:08:08 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2011.10.13 16:08:08 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2011.10.13 16:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.10.13 16:06:27 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Samsung
[2011.10.13 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.10.13 16:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.10.13 16:03:28 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\Downloaded Installations
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.11 12:37:12 | 000,687,068 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.11 12:37:12 | 000,637,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.11 12:37:12 | 000,149,550 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.11 12:37:12 | 000,123,492 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.11 12:31:18 | 000,176,478 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.11 12:31:18 | 000,176,478 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.11 12:30:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.11 12:29:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.11 12:29:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.11 12:29:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.11 12:18:18 | 000,000,020 | ---- | M] () -- C:\Users\Vanadin\defogger_reenable
[2011.11.11 12:15:43 | 000,050,477 | ---- | M] () -- C:\Users\Vanadin\Desktop\Defogger.exe
[2011.11.11 12:03:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495758634-3817968798-521802892-1000UA.job
[2011.11.11 11:25:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.11 01:45:26 | 317,149,061 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.11 01:43:10 | 000,302,592 | ---- | M] () -- C:\Users\Vanadin\Desktop\i9q3ngbh.exe
[2011.11.10 23:40:23 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.10 22:30:53 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.11.10 22:30:52 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011.11.10 22:25:44 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.10 22:07:49 | 000,002,216 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.11.10 22:06:58 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011.11.10 21:27:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vanadin\Desktop\OTL.exe
[2011.11.10 21:03:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495758634-3817968798-521802892-1000Core.job
[2011.11.10 20:20:13 | 000,139,124 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011.11.10 19:28:34 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5C15E9E-094B-4616-8C10-DD6021966D93}.job
[2011.11.09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.11.08 16:15:11 | 000,410,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.08 10:27:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.08 10:17:50 | 000,002,631 | ---- | M] () -- C:\Users\Vanadin\Desktop\HiJackThis.lnk
[2011.10.30 20:04:55 | 000,002,054 | ---- | M] () -- C:\Users\Vanadin\Desktop\Google Chrome.lnk
[2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.17 14:05:29 | 000,007,620 | ---- | M] () -- C:\Users\Vanadin\AppData\Local\d3d9caps.dat
[2011.10.13 16:37:43 | 000,100,864 | ---- | M] () -- C:\Users\Vanadin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.13 16:18:43 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.10.13 16:15:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.11 12:18:01 | 000,000,020 | ---- | C] () -- C:\Users\Vanadin\defogger_reenable
[2011.11.11 12:15:42 | 000,050,477 | ---- | C] () -- C:\Users\Vanadin\Desktop\Defogger.exe
[2011.11.11 01:45:26 | 317,149,061 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.11 01:43:09 | 000,302,592 | ---- | C] () -- C:\Users\Vanadin\Desktop\i9q3ngbh.exe
[2011.11.10 23:40:23 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.10 23:32:09 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.11.10 22:25:44 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.10 22:06:58 | 000,000,168 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011.11.10 22:03:49 | 000,002,216 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.11.08 10:27:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.13 16:18:43 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.10.13 16:15:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.07.18 18:58:16 | 000,139,124 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.04.26 18:58:56 | 000,029,184 | ---- | C] () -- C:\Windows\System32\KBDJNORI.DLL
[2011.04.01 20:44:09 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.11.05 23:45:43 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2010.09.27 12:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.09.24 00:57:27 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009.11.05 23:04:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.08 17:48:04 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI
[2009.07.08 16:24:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.08 16:23:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.08 14:07:36 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2008.11.06 16:03:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.11.06 16:03:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.11.06 16:03:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.11.06 16:03:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.11.06 16:03:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.11.06 16:03:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.11.06 16:03:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.11.06 16:03:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.11.06 16:03:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.11.06 16:03:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.11.06 16:03:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.11.06 16:03:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.11.06 16:03:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.11.06 16:03:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.11.06 16:03:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.11.06 16:03:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.11.06 16:03:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.11.06 16:03:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.11.06 16:03:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.11.06 15:58:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini
[2008.09.21 18:06:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.08.08 09:00:03 | 000,017,294 | ---- | C] () -- C:\Users\Vanadin\AppData\Roaming\wklnhst.dat
[2008.08.01 22:01:37 | 000,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.08.01 22:01:35 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.08.01 22:01:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.08.01 22:01:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008.08.01 22:01:34 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.08.01 09:22:09 | 000,176,478 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.08.01 09:22:09 | 000,176,478 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.31 23:45:24 | 000,007,620 | ---- | C] () -- C:\Users\Vanadin\AppData\Local\d3d9caps.dat
[2008.07.31 21:48:21 | 000,013,119 | ---- | C] () -- C:\Users\Vanadin\AppData\Roaming\nvModes.001
[2008.07.31 21:48:16 | 000,013,119 | ---- | C] () -- C:\Users\Vanadin\AppData\Roaming\nvModes.dat
[2008.07.31 21:24:51 | 000,100,864 | ---- | C] () -- C:\Users\Vanadin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.31 21:05:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.07.31 21:05:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.26 18:18:57 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.07.26 18:18:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,687,068 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,149,550 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,410,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,637,058 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,123,492 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll
 
========== LOP Check ==========
 
[2011.09.19 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\AVG
[2009.04.30 07:52:40 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Azureus
[2011.09.21 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Business Objects
[2010.07.02 10:55:06 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\CheckPoint
[2011.03.25 15:16:12 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Coeh
[2009.07.08 20:27:12 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\DAEMON Tools Lite
[2011.03.22 19:55:12 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Ebaxwi
[2009.01.13 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\EPSON
[2010.07.31 10:29:41 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\FOG Downloader
[2011.11.05 16:03:53 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\foobar2000
[2011.09.21 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\GetRightToGo
[2010.12.25 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\GIRDAC
[2010.12.11 18:16:13 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\gtk-2.0
[2011.09.02 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Highresolution Enterprises
[2011.03.27 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\ICAClient
[2010.05.20 17:23:15 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Langenscheidt
[2011.02.27 18:52:16 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\LolClient
[2010.08.02 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Mumble
[2011.06.09 23:25:14 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\OpenCandy
[2010.09.14 11:37:50 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\OpenOffice.org
[2010.12.26 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\ProtectDISC
[2011.02.16 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\RIFT
[2011.10.13 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Samsung
[2011.03.28 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Softpark
[2008.08.08 09:00:04 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Template
[2011.06.27 22:23:45 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\TS3Client
[2010.12.25 11:20:22 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\TuneUp Software
[2011.11.11 12:18:33 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.10 19:28:34 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5C15E9E-094B-4616-8C10-DD6021966D93}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.11.10 21:17:58 | 000,000,000 | ---D | M] -- C:\!KillBox
[2011.01.28 13:25:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.20 09:46:16 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.10.23 09:39:32 | 000,000,000 | ---D | M] -- C:\DELL
[2008.07.26 17:50:32 | 000,000,000 | ---D | M] -- C:\doctemp
[2008.07.31 17:24:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.10 23:32:07 | 000,000,000 | ---D | M] -- C:\Downloads
[2008.07.26 17:50:30 | 000,000,000 | ---D | M] -- C:\Drivers
[2010.10.25 23:41:10 | 000,000,000 | ---D | M] -- C:\ds
[2010.09.29 21:44:38 | 000,000,000 | ---D | M] -- C:\GIRDAC
[2010.06.21 21:33:22 | 000,000,000 | ---D | M] -- C:\hausarbeit
[2011.01.07 21:34:40 | 000,000,000 | ---D | M] -- C:\MDT
[2011.11.08 14:37:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.08.11 19:10:24 | 000,000,000 | ---D | M] -- C:\Musik
[2008.07.31 22:55:32 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.09.14 11:29:07 | 000,000,000 | ---D | M] -- C:\office
[2008.09.16 00:41:12 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.10 23:39:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.10 23:54:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.10 23:57:45 | 000,000,000 | ---D | M] -- C:\ProgramDataEVENTDB
[2011.11.10 23:55:26 | 000,000,000 | ---D | M] -- C:\ProgramDataINFECTED
[2011.11.10 23:54:50 | 000,000,000 | ---D | M] -- C:\ProgramDataLOGFILES
[2011.11.11 00:38:41 | 000,000,000 | ---D | M] -- C:\ProgramDataTEMP
[2008.07.31 17:24:10 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.27 18:07:52 | 000,000,000 | ---D | M] -- C:\Riot Games
[2011.03.02 23:07:11 | 000,000,000 | ---D | M] -- C:\RoM
[2011.11.11 12:43:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.17 17:15:15 | 000,000,000 | ---D | M] -- C:\temp
[2009.10.22 19:14:23 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.11 01:45:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.07.26 18:00:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.07.26 18:00:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 11:48:11
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Vanadin\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 487 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
         
--- --- ---
__________________

Alt 11.11.2011, 13:54   #4
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Der OTL Extras Log:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.11.2011 12:41:15 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Vanadin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 67,06% Memory free
11,16 Gb Paging File | 10,13 Gb Available in Paging File | 90,80% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,79 Gb Total Space | 94,58 Gb Free Space | 42,84% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,44 Gb Free Space | 54,40% Space Free | Partition Type: NTFS
 
Computer Name: VANADIN-LAPTOP | User Name: Vanadin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A10981F-41B1-4974-A1E0-ACC19EC89466}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher | 
"{11692EA8-8A59-42DC-B5CD-6601ED8B2F35}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface | 
"{15A9C27F-E13D-40F9-B0FF-F4564F45CB14}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher | 
"{1E72AA33-B592-4707-86B6-B363D3194440}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F796AFE-145E-4E4C-8D57-194D19D1ADF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{211BDF2A-0D92-42CC-99FF-7EFA7B27227B}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{24CC063E-B8B1-4135-9A4D-6187E2662C2E}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{2A066B26-503F-4805-B29C-A0A3ED7C3EE7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{2BFB63BD-24AB-4A63-AB12-BA8A6A891C44}" = lport=6996 | protocol=17 | dir=in | name=league of legends launcher | 
"{2DE4DC2B-2A37-45C1-A441-F08C309A743B}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher | 
"{2F492606-3B4E-44A2-9C4B-DC8A854693ED}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher | 
"{392C7C3E-77D5-476A-B795-298CF528903D}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher | 
"{3954F994-5E61-4B40-8C18-547AE2B0EAB2}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher | 
"{3A4E0349-79D2-4211-A420-5669CC04361A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EB0EBBB-8DAF-48A9-ADC9-1B79EF937ECC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{426A30E2-46AF-49A2-9F0F-BC705DE16296}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{43EDB256-7C3D-4E20-9CDA-D5AD2FE893C5}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher | 
"{465A96B1-09BC-48DD-BAD3-2DB0B4166FE6}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher | 
"{479DFA25-1B6C-4BE3-A45E-1FC97641DD8F}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{47CD4CE9-E99E-4E06-8651-431F0E3A0B10}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher | 
"{4A01C131-8502-4648-964E-CB830BCFB55A}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{4B1B7BD3-7E71-4D0A-A6BB-CEBF8E553A21}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher | 
"{4B68CE0F-13E9-44E3-9B70-961F62FFA7A0}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | 
"{4CC60EB7-1C73-4C76-8538-A517180BF8FD}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{4F31C225-05C1-47E9-8AD1-1C5CF4D85339}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher | 
"{4FA9B047-950E-47DA-9102-D47D74566076}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | 
"{52729004-4CA7-4FD3-8278-2FE872D8884D}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{601FE290-5084-4E32-BE02-0267A1163CF6}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | 
"{62C6A72B-FB8B-4936-B9DF-0BD2C3F1C518}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{648FDFC3-C159-4EC9-B9A5-72598031F861}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{66C70B37-72C0-447A-AB08-4875D3492857}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{68075AAE-5310-4B25-82A1-AA420514BE61}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher | 
"{686C9B68-F650-4804-917C-5DB351063ACB}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher | 
"{7339C405-8C65-4770-B77A-EBC988E90076}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{76B3571A-784E-4282-8CE2-97BF17E6D844}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{79E8C080-B87C-42C3-B756-01BB43293F40}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{7A4E94E8-47E8-4F99-A1AF-0737EE88976F}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher | 
"{7A5500EC-E9E1-4E5A-8956-94C342FFC342}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F683E21-8663-462C-814E-B6020D1EE46E}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher | 
"{82043178-0A18-41F7-9E0A-BC57CA155D6E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{8A640A77-F95F-4D77-AED4-C7B4F0177D16}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher | 
"{8C057FCA-B1AB-4E75-B678-C4307F4ED5C1}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher | 
"{8C365966-F921-45DE-8F88-64F78DAC6132}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher | 
"{8C43D290-C656-4440-8C79-DC66B5125E57}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher | 
"{8E9A879E-CB62-43EC-A381-E3639752B8C5}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher | 
"{90D43A02-C27D-414E-AF79-104A4B93E3F6}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{90FC4B38-FE48-445B-B927-27C2BE2F5E43}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{926DC3A0-784D-4F53-8F6E-FF95B53461FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{938D7FA9-81FC-4134-AE32-2911C5C7BB51}" = lport=55770 | protocol=6 | dir=in | name=akamai netsession interface | 
"{93FC7DAB-4FBC-49E4-AC7D-E7D8AC773BD1}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{9B5333DA-7B1B-4EC2-9642-233BC4595C4A}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher | 
"{9BD0C7B4-8A76-43EB-A63B-8F0B035DEFCC}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher | 
"{9D3F18EA-6515-43C0-AB6E-5311D09606EB}" = lport=7631 | protocol=6 | dir=in | name=coyoz | 
"{AA9841A9-BF5A-4C8C-B9F2-7731676CC4EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ADD8BF04-48B9-4D46-94D9-23A378E5B2AA}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher | 
"{AF75F221-A007-452D-B0BE-B50D0FDB1080}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher | 
"{B2273AF1-80AD-43E8-B9C2-EE692339D26C}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{B2F11678-67B5-4AC0-AA04-03D7D4F4DB30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B525FFD4-5303-42B3-A7FE-7C69698D22B3}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher | 
"{B64CA831-3FE1-4DE3-94C6-8DE8AA975ED1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B7FD190B-A1D6-4AA0-A9F2-F838B1714C70}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{BBF40C36-0A4A-4584-8D5C-262C124DDE0B}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher | 
"{BFBD46BD-BACD-4C0D-BC2B-F0DBCBF379B0}" = lport=6996 | protocol=6 | dir=in | name=league of legends launcher | 
"{C04E0470-3DA5-4820-AD59-C45699F59D4A}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{C508274B-4D1C-4D5F-9637-AD9D3D08587A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{C796EA32-3007-4256-BE11-8E098CEDB7AD}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | 
"{C9140A1B-3A6B-427B-9768-4FB2B6705D21}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{CA1E04F3-C4F4-454A-811B-C361B5014F97}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{D38B1BD7-E70E-4E58-A6E5-9E62C515E654}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D4F01C9F-E9FE-4976-9934-0DC8F7DEE43E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9CC29BB-962D-4249-9330-73663079F983}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher | 
"{E355B214-2601-4DA9-8060-99AA29E10DFE}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{E506F0DB-A8C2-4A48-B6D0-B6D6C15F93E4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E58F7161-1FB6-47E8-8703-A5535183F322}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher | 
"{E6C90488-3525-4A47-8974-461E3C4C70C9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EAE7AD15-FE66-4A54-BB17-7262F7871E6A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EF097418-4465-4DFF-A3F6-31E901F1BA95}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EF0ABC7B-C71C-4F52-98D2-384885795FFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{EF13E8D5-EF28-4A27-AB0D-438E035E2EEA}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{F0CA1CD6-2D12-4508-99EF-8CE525885C95}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher | 
"{FAC48B2A-0AC0-4FE2-9BFB-D6FAF6D11C5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB068F91-3283-4C3B-89AB-57B00D2C7144}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | 
"{FC3DFFAC-1511-48FC-959E-70598D16D2B3}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | 
"{FEAA4A26-4C8C-4815-AE5D-001C9C66416D}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099D302A-5127-4B05-84DE-930478307F64}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{0BC65E23-CAC2-4C91-A0F5-25AE853B4DF1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{1076A61E-263D-43AD-8FAA-D1AEC8EE2B28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{17C1852D-3F2E-4EF1-8BBD-075B936FD506}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B6D488C-7690-44B6-A17A-0175AD6FB5AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1EEC7F77-CD05-4B80-9B38-58DBEA131893}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{41B84B83-A9AB-41C1-BAD9-680733E05EAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{44CE3F5A-6BC0-4232-B34F-A1BB912F1747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C045D79-6BC8-4572-B302-6488635D761A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5CEE2C3A-23D6-4133-8AE9-5097067DA0B3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{64D36528-48C6-4E3F-B6F8-5AE3500E82A0}" = protocol=6 | dir=out | app=system | 
"{6DB2A0FC-F622-46CF-8189-60B408C6D668}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\x3nios\counter-strike\hl.exe | 
"{7CDFFB85-EEA7-43C7-A166-4A80A06CA316}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{83949B54-6D68-4403-A052-DA63D20A0F30}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{87724CA0-154B-466B-A093-EEF7569AA8B8}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{8A79CA92-85B0-42AE-A8A4-E01D6020F4C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E70D923-7A93-4B43-8578-17C5DF4D8070}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{96EF40F8-3A4D-45F2-9C0C-57BAF587AF08}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9AA5CEEC-33DB-44CD-A1F7-99879E9C2FD1}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{9BAEE923-4B64-4CC3-88FC-85D192A7BE23}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0C633C3-47A2-4417-B334-785F432CD294}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5FFFD2F-FB0E-465B-B9F3-1661517D9A18}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{AE3A63B6-0E4B-4E7F-BE9D-39EEB2204550}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{AEF46910-9D7A-4151-A858-044EEF3F0700}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\x3nios\counter-strike\hl.exe | 
"{B532D2A8-8E5D-4E02-AE5E-F7A1606ABD37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7FDA10C-F126-40CC-A522-5523026BEDA3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{CC444B2A-8378-4C5B-B256-EA1BF269BACC}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{CCB92AFD-F773-4025-83C9-19EB0BE34650}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD56BE9D-BB3C-4BB7-86FB-6581503EE3EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{DA5F31BA-9AD4-4391-B756-242E3B92FEE6}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{E6F12137-263A-42D1-BAFD-02F2F3D37B66}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{E79C0501-6710-4610-8CE2-E9CDD53149B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E99E2556-C3EB-4F24-8875-E94AC78B8BA2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F048CCA3-C1D2-47E3-BE5C-085E527D34AE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{F0C4B8F8-73C3-4D40-A1C5-4F0B4B9C48EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F2B3F5BA-1526-4F8B-BE97-42666E34DF5A}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"TCP Query User{1EE351DC-DF8F-419A-8365-3858A6472545}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{21BE3D3F-A463-4E06-9880-64C792CEAAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{3E3A7F69-C449-4E45-8C1E-63B619F372C9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{69946DDB-E561-46E1-928B-92D4451B7684}C:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe | 
"TCP Query User{72A990C8-8A5E-4474-B174-1A8631335B26}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{79B74720-CC04-4468-8A01-51BCCA9F39C3}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{7FD68F18-C3C1-4C4B-A478-00614556BA1E}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"TCP Query User{BF8C6EB3-488A-47F4-B45F-3C1C396DF811}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E060B11B-8A54-40F8-ABC6-2C69E39C8F6A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E5C3EEB4-D472-4F06-A3AF-E2ECA383D45A}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{28442681-D133-47F5-9F41-8909B962A008}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{3018FEB3-F114-40D8-B8A3-29B2FB18017C}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{39B11A9F-F750-419D-BF4C-FEA2789F88DC}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{468DBF60-F386-4795-88DC-1C6711A65204}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{7703B3EC-9281-4319-A612-11DF932F3FBF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{80C55578-CB3B-4B7E-8FEE-6964455BF653}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{97B7F270-BCAF-463E-AE99-23E9E45D6B3C}C:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe | 
"UDP Query User{A3750DD6-DBE5-48BB-86EE-A892D81BE61B}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"UDP Query User{C87E8F4B-A529-4DDD-B852-FAD7CB1F4EC1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D3B01424-2581-4B3F-B882-21892EB1C044}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2381724F-2FA7-4D10-B5AE-F49B7EC34C2C}" = Ad-Aware
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{27152832-FFD6-4F21-8FBC-9B1BEA591241}" = Crystal Reports Viewer 2008
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480390-0EC4-429E-BBEE-78E19EEB03BD}" = O&O CleverCache
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{BE1626CD-4380-40BF-84A5-D8F1B4217CB3}" = Visual C++ 2008 Runtime (x86)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Setup" = DivX-Setup
"dlancockpit" = devolo dLAN Cockpit
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"Explorer Suite_is1" = Explorer Suite III
"foobar2000" = foobar2000 v1.1.7
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.49
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"mIRC" = mIRC
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 1.0.1-alpha6
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mumble" = Mumble and Murmur
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Röntgen-Tutor" = Röntgen-Tutor
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamSpeakOverlay" = TeamSpeak Overlay BETA 2 (#63)
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X-Mouse Button Control" = X-Mouse Button Control 2.2
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5a38c119dda584f7" = DSO Economic
"5ca7a701f4767ab9" = LoL-Starter
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.11.2011 16:48:20 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.11.2011 16:51:09 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.11.2011 16:51:09 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.11.2011 16:51:09 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.11.2011 17:05:19 | Computer Name = Vanadin-Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 10.11.2011 17:17:50 | Computer Name = Vanadin-Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 10.11.2011 18:24:49 | Computer Name = Vanadin-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avguard.exe, Version 12.1.0.18, Zeitstempel 
0x4e7ca198, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc00000fd, Fehleroffset 0x0004a132,  Prozess-ID 0x558, Anwendungsstartzeit
 01cc9ff752168401.
 
Error - 10.11.2011 18:27:15 | Computer Name = Vanadin-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avguard.exe, Version 12.1.0.18, Zeitstempel 
0x4e7ca198, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc00000fd, Fehleroffset 0x0004a132,  Prozess-ID 0xf34, Anwendungsstartzeit
 01cc9ff7aad24661.
 
Error - 10.11.2011 18:50:08 | Computer Name = Vanadin-Laptop | Source = EventSystem | ID = 4609
Description = 
 
Error - 10.11.2011 19:41:10 | Computer Name = Vanadin-Laptop | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 10.11.2011 21:39:08 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 11.11.2011 05:55:35 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.11.2011 05:55:40 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 11.11.2011 05:57:43 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.11.2011 06:00:00 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.11.2011 07:18:33 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 11.11.2011 07:29:43 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.11.2011 07:29:50 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 11.11.2011 07:31:20 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.11.2011 07:31:58 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 11.11.2011, 13:57   #5
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



So, dann habe ich versucht GMER zu machen. GMer hat eine System Veränderung in der svchost festgestellt, stürzt aber während des Scans ab. (Haken bei IAT/EAT und Show all entfernt und nur C gewählt)



Alt 11.11.2011, 14:00   #6
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Hier kommt gleich der Malwarebytes Fullscan hin:

Alt 11.11.2011, 15:19   #7
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Wieso wird in diesem board die "Editier"-Funktion für eigene Posts nach einiger Zeit deaktiviert? *grml*


Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8137

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.11.2011 15:18:25
mbam-log-2011-11-11 (15-18-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 336898
Laufzeit: 1 Stunde(n), 51 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 11.11.2011, 16:39   #8
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Hier nochma die anderen MWB Logs die ich hab
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8112

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.11.2011 22:24:13
mbam-log-2011-11-10 (22-24-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 39585
Laufzeit: 5 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8112

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.11.2011 12:02:30
mbam-log-2011-11-08 (12-02-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 344753
Laufzeit: 1 Stunde(n), 33 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Musik\Tobi\dvd architect 2.0\KeyGen\sonic mp3 plugin keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Alt 21.11.2011, 22:26   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Zitat:
c:\Musik\Tobi\dvd architect 2.0\KeyGen\sonic mp3 plugin keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfull


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2011, 00:28   #10
Kite
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Zitat:
Zitat von cosinus Beitrag anzeigen


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
Dieses Programm hab ich nie benutzt und es war anscheinend in einem Ordner den ich vor Ewigkeiten auf ner Lan gezogen habe (in dem eigentlich nur Musik sein sollte). Bis MWB des gefunden hat, war ich mir überhaupt nicht bewusst, dass ich sowas auf der Platte habe/hatte...
Von Cracks/Keygens halte ich mich schon seit Ewigkeiten fern, ein dummer Fehler in der Kindheit hat mir damals fast meinen Rechner zerlegt....
Ich weiß nichtmal wofür dieser DVD Architect or whatever gut sein soll...geschweige denn, dass ich ihn irgendwann mal bewusst gestartet habe oO
Der Ordner ist zumindest gelöscht und wäre ich früher darauf aufmerksam geworden, wäre der auch schon viel früher verschwunden

Geändert von Kite (22.11.2011 um 00:35 Uhr)

Alt 22.11.2011, 08:53   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Standard

Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL



Wie auch immer, bei Cracks/Keygens gibt es hier nur Hilfe zur Neuinstallation des OS.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL
antivir, boot, datei, dateien, echtzeitscanner, escan, fehlalarm, file, folge, frage, google, hijack, hijackthis, hijackthis logfile, log, logfile, löschen, malware, namen, otl scan, scan, sekunden, system, system32, treiber, updates, warum, windows




Ähnliche Themen: Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL


  1. Windows 7: Fund mit Antivir
    Log-Analyse und Auswertung - 12.09.2014 (9)
  2. C:\Windows\System32\lsass.exe (file missing)
    Log-Analyse und Auswertung - 29.10.2012 (3)
  3. Windows 7 Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (5)
  4. TR/Spy.Ipsiut.ch in C:\Windows\System32\bcrypt32.dll
    Log-Analyse und Auswertung - 06.02.2012 (10)
  5. Windows 7 Failed to save all the components for the file System32\\00...
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (3)
  6. TR/Spy.Ipsiut.bs in C:\Windows\System32\prndache.dll
    Log-Analyse und Auswertung - 10.11.2011 (1)
  7. AntiVir Fund: das Trojanische Pferd TR/VB.afr.51 in C:\\WINDOWS\system32\svshost.exe
    Log-Analyse und Auswertung - 20.06.2011 (1)
  8. Trojaner TR/Spy.Ipsiut.l in C:\Windows\System32\vdmdbg32.dll
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (25)
  9. AntiVir mit 35 Funden, Trojaner in C:\WINDOWS\system32\ *.dll
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (25)
  10. AntiVir - Fund: C:\WINDOWS\system32\bcmwsink.dll WAS NUN?
    Log-Analyse und Auswertung - 26.06.2010 (11)
  11. Fund: TR/Spy.Banker.AG1 in C:/Windows/System32/rasdhone.dll
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (3)
  12. Antivir: Tr/Agent.ruo in C:\Windows\System32\wineqd.dll
    Plagegeister aller Art und deren Bekämpfung - 30.03.2010 (37)
  13. O10 - Unknown file in Winsock LSP: c:\windows\system32\policylsp.dll
    Log-Analyse und Auswertung - 24.11.2009 (4)
  14. Antivir-Alarm C:\Windows\System32\geyekrybixqvhv.dll
    Log-Analyse und Auswertung - 29.07.2009 (8)
  15. Hilfe c:\windows\system32\directx.exe (file missing)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2007 (13)
  16. W32/Nsag.B in C:\WINDOWS\SYSTEM32\WININET.DLL bei AntiVir
    Plagegeister aller Art und deren Bekämpfung - 09.09.2005 (3)

Zum Thema Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL - Guten Abend, seit 2 Tagen nervt mich mein AntiiVir mit eben dieser Meldung. Wenn ich den EchtzeitScanner an habe, berieselt es mich im 3 Sekunden Takt mit diesen tollen Meldungen.. - Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL...
Archiv
Du betrachtest: Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.