| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLLWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.11.2011, 01:28
| #1 |
 |  Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Guten Abend, seit 2 Tagen nervt mich mein AntiiVir mit eben dieser Meldung. Wenn ich den EchtzeitScanner an habe, berieselt es mich im 3 Sekunden Takt mit diesen tollen Meldungen.. Nun frage ich mich: Fehlalarm, echte Bedrohung und wenn ja, wie bekomm ich sie runter? Mein System ist noch nen Windows Visita 32bit, allerdings mit neuesten Updates afaik. Der OnlineScan der Datei ergibt 10/10 sagen dass es Malware ist: hxxp://virusscan.jotti.org/de/scanresult/7ccbc8710478e1528c4d6ab82ca96c9836a720f6/8717404f9c89fce712be353755ea71e168f66898 Malwarebytes findet nichts. AdAware findet nichts. Die Datei existiert, allerdings kann ich via google dieser keine Aufgabe zuordnen, es scheint, als wäre sie garkeine Windows Datei, was den Verdacht der Malware natürlich untermauert. Es gibt eine Windowsdatei mit dem Namen: KBDINORI.dll was ja bis auf das I-J identisch ist.. Ich kann die Datei nicht löschen, weder auf normalem Wege noch mit KillBox Im folgenden kommt der OTL Scan, ich hoffe ich habs richtig gemacht ^^ PS: Mein System ist schon alt, daher wird im Log wahrscheinlich ne Menge Müll auftauchen.. Ich weiß nicht warum, ich komme einfach nicht dazu, mal jemanden zu Fragen, ob er mir den Rechner neu aufsetzt, ich bin da eindeutig zu doof für (hab keine Boot CD sondern ne komische Partition mit den Windows und Dell Dateien und keine Ahnung ob da alle Treiber bei sind, deshalb Finger weg) Ich hoffe ihr könnt mir helfen. Wenn ihr auch noch ein HijackThis Logfile benötigt, reiche ich des nach  |
|
11.11.2011, 13:53
| #2 | |
| | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Ich hab gerade die Checkliste entdeckt und deshalb nochma neue Logs angefertigt, ich bitte die oben angehängten Dateien zu ignorieren.
__________________Einmal der defrogger log: Zitat:
Geändert von Kite (11.11.2011 um 13:59 Uhr) |
|
11.11.2011, 13:53
| #3 |
| | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Dann der OTL Log:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.11.2011 12:41:15 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vanadin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 67,06% Memory free 11,16 Gb Paging File | 10,13 Gb Available in Paging File | 90,80% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,79 Gb Total Space | 94,58 Gb Free Space | 42,84% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,44 Gb Free Space | 54,40% Space Free | Partition Type: NTFS Computer Name: VANADIN-LAPTOP | User Name: Vanadin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vanadin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe (Highresolution Enterprises) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\devolo\dlan\devolonetsvc.exe () PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) PRC - C:\Windows\sttray.exe (SigmaTel, Inc.) PRC - C:\Programme\OO Software\CleverCache\ooccag.exe (O&O Software GmbH) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- File not found SRV - (oajhq) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (XMouseButton Launcher) -- C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe (Highresolution Enterprises) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (DevoloNetworkService) -- C:\Programme\devolo\dlan\devolonetsvc.exe () SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) SRV - (OOCleverCacheAgent) -- C:\Programme\OO Software\CleverCache\ooccag.exe (O&O Software GmbH) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\system32\drivers\npf_devolo.sys (CACE Technologies) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalisierte Startseite IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Start, STcommunity IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.diesiedleronline.de/" FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vanadin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vanadin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.02.07 10:55:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.13 16:31:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.02 21:06:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.13 16:31:30 | 000,000,000 | ---D | M] [2008.10.03 11:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanadin\AppData\Roaming\mozilla\Extensions [2011.10.02 21:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanadin\AppData\Roaming\mozilla\Firefox\Profiles\qs34zdor.default\extensions [2010.04.28 09:16:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vanadin\AppData\Roaming\mozilla\Firefox\Profiles\qs34zdor.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.10.02 21:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.14 11:32:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.14 12:47:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.24 18:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.02 22:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} () (No name found) -- C:\USERS\VANADIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS34ZDOR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vanadin\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Vanadin\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vanadin\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Adblock Plus f\u00FCr Google Chrome\u2122 (Beta) = C:\Users\Vanadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\ CHR - Extension: Die Siedler Online = C:\Users\Vanadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dencfipkbmoplciolcjgmlabfllbdaof\1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Vanadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ O1 HOSTS File: ([2011.11.10 21:57:08 | 000,000,512 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Programme\ZoneAlarm\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XMouseButtonControl - Verknüpfung.lnk = C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Highresolution Enterprises) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B45F995-8E32-4D85-8343-1089004640BA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7754AF51-412C-4FD2-9998-925D3F3053C2}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4F40661-D89B-4E09-8778-322FEA32B16F}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2ec7ce9a-ba7a-11de-9a8a-001c23251574}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\copy.exe O33 - MountPoints2\{3cbf7a4f-648f-11de-b3a2-001c23251574}\Shell\AutoRun\command - "" = F:\ O33 - MountPoints2\{3cbf7a4f-648f-11de-b3a2-001c23251574}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{60a5b318-6be5-11de-a416-001c23251574}\Shell - "" = AutoRun O33 - MountPoints2\{60a5b318-6be5-11de-a416-001c23251574}\Shell\AutoRun\command - "" = F:\AutoRunMorrowind.exe O33 - MountPoints2\{60a5b318-6be5-11de-a416-001c23251574}\Shell\install\command - "" = F:\Setup.exe O33 - MountPoints2\{84d7015d-d074-11de-860d-001c23251574}\Shell\AutoRun\command - "" = G:\installer.exe O33 - MountPoints2\{84d7015d-d074-11de-860d-001c23251574}\Shell\verb\command - "" = G:\installer.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: oajhq - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk - C:\Programme\LOLReplay\LOLRecorder.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe - (Macrovision Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ApnUpdater - hkey= - key= - File not found MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig - StartUpReg: BDRegion - hkey= - key= - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) MsConfig - StartUpReg: EPSON Stylus DX7400 Series - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Vanadin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.) MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - File not found MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) MsConfig - StartUpReg: {52D398E8-19A8-653B-9ADC-9DFD172245DD} - hkey= - key= - File not found MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.10 23:55:27 | 000,000,000 | ---D | C] -- C:\ProgramDataEVENTDB [2011.11.10 23:55:26 | 000,000,000 | ---D | C] -- C:\ProgramDataINFECTED [2011.11.10 23:54:50 | 000,000,000 | ---D | C] -- C:\ProgramDataTEMP [2011.11.10 23:54:32 | 000,000,000 | ---D | C] -- C:\ProgramDataLOGFILES [2011.11.10 23:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\EVENTDB [2011.11.10 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Avira [2011.11.10 23:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.10 23:39:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.11.10 23:39:25 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.11.10 23:39:25 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.11.10 23:39:25 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.11.10 23:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.11.10 23:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.11.10 22:30:53 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.11.10 22:25:32 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.11.10 22:25:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.11.10 22:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.11.10 22:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011.11.10 21:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2011.11.10 21:27:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vanadin\Desktop\OTL.exe [2011.11.08 17:45:13 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\DSO Eco [2011.11.08 15:17:49 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrazyT [2011.11.08 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2011.11.08 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.11.08 14:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2011.11.08 14:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011.11.08 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2011.11.08 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011.11.08 14:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2011.11.08 14:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2011.11.08 14:38:42 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\Microsoft Help [2011.11.08 14:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.11.08 14:37:03 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.11.08 14:22:06 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\Microsoft.Office.Professioal.Plus.2010.GERMAN.Full.Cracked [2011.11.08 11:56:33 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\Mastertools [2011.11.08 10:27:17 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Malwarebytes [2011.11.08 10:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.08 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.08 10:26:56 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.08 10:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.02 11:59:31 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Desktop\Taktikkarten [2011.10.13 16:32:27 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\DDMSettings [2011.10.13 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.10.13 16:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2011.10.13 16:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec [2011.10.13 16:21:20 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Documents\SelfMV [2011.10.13 16:19:22 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\Samsung [2011.10.13 16:18:59 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\Documents\samsung [2011.10.13 16:13:44 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\{8516f02d-31b4-4718-9a55-fee0911066d2} [2011.10.13 16:13:09 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll [2011.10.13 16:13:09 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01005.dll [2011.10.13 16:13:09 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys [2011.10.13 16:13:09 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys [2011.10.13 16:13:09 | 000,114,280 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadserd.sys [2011.10.13 16:13:09 | 000,030,312 | ---- | C] (Google Inc) -- C:\Windows\System32\drivers\ssadadb.sys [2011.10.13 16:13:09 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys [2011.10.13 16:13:09 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys [2011.10.13 16:13:09 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys [2011.10.13 16:13:09 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys [2011.10.13 16:13:09 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys [2011.10.13 16:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.10.13 16:08:58 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2011.10.13 16:08:08 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2011.10.13 16:08:08 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll [2011.10.13 16:08:08 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2011.10.13 16:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2011.10.13 16:06:27 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Roaming\Samsung [2011.10.13 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.10.13 16:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2011.10.13 16:03:28 | 000,000,000 | ---D | C] -- C:\Users\Vanadin\AppData\Local\Downloaded Installations [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.11 12:37:12 | 000,687,068 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.11 12:37:12 | 000,637,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.11 12:37:12 | 000,149,550 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.11 12:37:12 | 000,123,492 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.11 12:31:18 | 000,176,478 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.11.11 12:31:18 | 000,176,478 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.11.11 12:30:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.11 12:29:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.11 12:29:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.11 12:29:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.11 12:18:18 | 000,000,020 | ---- | M] () -- C:\Users\Vanadin\defogger_reenable [2011.11.11 12:15:43 | 000,050,477 | ---- | M] () -- C:\Users\Vanadin\Desktop\Defogger.exe [2011.11.11 12:03:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495758634-3817968798-521802892-1000UA.job [2011.11.11 11:25:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.11 01:45:26 | 317,149,061 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.11.11 01:43:10 | 000,302,592 | ---- | M] () -- C:\Users\Vanadin\Desktop\i9q3ngbh.exe [2011.11.10 23:40:23 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.11.10 22:30:53 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.11.10 22:30:52 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011.11.10 22:25:44 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.11.10 22:07:49 | 000,002,216 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2011.11.10 22:06:58 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2011.11.10 21:27:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vanadin\Desktop\OTL.exe [2011.11.10 21:03:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495758634-3817968798-521802892-1000Core.job [2011.11.10 20:20:13 | 000,139,124 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2011.11.10 19:28:34 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5C15E9E-094B-4616-8C10-DD6021966D93}.job [2011.11.09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.11.08 16:15:11 | 000,410,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.08 10:27:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.08 10:17:50 | 000,002,631 | ---- | M] () -- C:\Users\Vanadin\Desktop\HiJackThis.lnk [2011.10.30 20:04:55 | 000,002,054 | ---- | M] () -- C:\Users\Vanadin\Desktop\Google Chrome.lnk [2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.17 14:05:29 | 000,007,620 | ---- | M] () -- C:\Users\Vanadin\AppData\Local\d3d9caps.dat [2011.10.13 16:37:43 | 000,100,864 | ---- | M] () -- C:\Users\Vanadin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.13 16:18:43 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.10.13 16:15:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.11 12:18:01 | 000,000,020 | ---- | C] () -- C:\Users\Vanadin\defogger_reenable [2011.11.11 12:15:42 | 000,050,477 | ---- | C] () -- C:\Users\Vanadin\Desktop\Defogger.exe [2011.11.11 01:45:26 | 317,149,061 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.11.11 01:43:09 | 000,302,592 | ---- | C] () -- C:\Users\Vanadin\Desktop\i9q3ngbh.exe [2011.11.10 23:40:23 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.11.10 23:32:09 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.11.10 22:25:44 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.11.10 22:06:58 | 000,000,168 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2011.11.10 22:03:49 | 000,002,216 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2011.11.08 10:27:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.13 16:18:43 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.10.13 16:15:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.07.18 18:58:16 | 000,139,124 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.04.26 18:58:56 | 000,029,184 | ---- | C] () -- C:\Windows\System32\KBDJNORI.DLL [2011.04.01 20:44:09 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.11.05 23:45:43 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI [2010.09.27 12:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.09.24 00:57:27 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2009.11.05 23:04:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.08 17:48:04 | 000,000,000 | ---- | C] () -- C:\Windows\zSpy.INI [2009.07.08 16:24:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.08 16:23:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.08 14:07:36 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2008.11.06 16:03:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.11.06 16:03:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.11.06 16:03:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.11.06 16:03:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.11.06 16:03:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.11.06 16:03:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.11.06 16:03:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.11.06 16:03:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.11.06 16:03:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.11.06 16:03:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.11.06 16:03:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.11.06 16:03:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.11.06 16:03:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.11.06 16:03:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.11.06 16:03:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.11.06 16:03:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.11.06 16:03:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.11.06 16:03:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.11.06 16:03:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.11.06 15:58:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini [2008.09.21 18:06:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.08.08 09:00:03 | 000,017,294 | ---- | C] () -- C:\Users\Vanadin\AppData\Roaming\wklnhst.dat [2008.08.01 22:01:37 | 000,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.08.01 22:01:35 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.08.01 22:01:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.01 22:01:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2008.08.01 22:01:34 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.08.01 09:22:09 | 000,176,478 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.08.01 09:22:09 | 000,176,478 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.31 23:45:24 | 000,007,620 | ---- | C] () -- C:\Users\Vanadin\AppData\Local\d3d9caps.dat [2008.07.31 21:48:21 | 000,013,119 | ---- | C] () -- C:\Users\Vanadin\AppData\Roaming\nvModes.001 [2008.07.31 21:48:16 | 000,013,119 | ---- | C] () -- C:\Users\Vanadin\AppData\Roaming\nvModes.dat [2008.07.31 21:24:51 | 000,100,864 | ---- | C] () -- C:\Users\Vanadin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.31 21:05:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.07.31 21:05:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.07.26 18:18:57 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.07.26 18:18:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:33:31 | 000,687,068 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,149,550 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,410,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,637,058 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,123,492 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll ========== LOP Check ========== [2011.09.19 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\AVG [2009.04.30 07:52:40 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Azureus [2011.09.21 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Business Objects [2010.07.02 10:55:06 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\CheckPoint [2011.03.25 15:16:12 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Coeh [2009.07.08 20:27:12 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\DAEMON Tools Lite [2011.03.22 19:55:12 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Ebaxwi [2009.01.13 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\EPSON [2010.07.31 10:29:41 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\FOG Downloader [2011.11.05 16:03:53 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\foobar2000 [2011.09.21 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\GetRightToGo [2010.12.25 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\GIRDAC [2010.12.11 18:16:13 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\gtk-2.0 [2011.09.02 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Highresolution Enterprises [2011.03.27 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\ICAClient [2010.05.20 17:23:15 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Langenscheidt [2011.02.27 18:52:16 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\LolClient [2010.08.02 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Mumble [2011.06.09 23:25:14 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\OpenCandy [2010.09.14 11:37:50 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\OpenOffice.org [2010.12.26 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\ProtectDISC [2011.02.16 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\RIFT [2011.10.13 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Samsung [2011.03.28 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Softpark [2008.08.08 09:00:04 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\Template [2011.06.27 22:23:45 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\TS3Client [2010.12.25 11:20:22 | 000,000,000 | ---D | M] -- C:\Users\Vanadin\AppData\Roaming\TuneUp Software [2011.11.11 12:18:33 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.11.10 19:28:34 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5C15E9E-094B-4616-8C10-DD6021966D93}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.10 21:17:58 | 000,000,000 | ---D | M] -- C:\!KillBox [2011.01.28 13:25:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.09.20 09:46:16 | 000,000,000 | -HSD | M] -- C:\Boot [2009.10.23 09:39:32 | 000,000,000 | ---D | M] -- C:\DELL [2008.07.26 17:50:32 | 000,000,000 | ---D | M] -- C:\doctemp [2008.07.31 17:24:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.10 23:32:07 | 000,000,000 | ---D | M] -- C:\Downloads [2008.07.26 17:50:30 | 000,000,000 | ---D | M] -- C:\Drivers [2010.10.25 23:41:10 | 000,000,000 | ---D | M] -- C:\ds [2010.09.29 21:44:38 | 000,000,000 | ---D | M] -- C:\GIRDAC [2010.06.21 21:33:22 | 000,000,000 | ---D | M] -- C:\hausarbeit [2011.01.07 21:34:40 | 000,000,000 | ---D | M] -- C:\MDT [2011.11.08 14:37:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.08.11 19:10:24 | 000,000,000 | ---D | M] -- C:\Musik [2008.07.31 22:55:32 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010.09.14 11:29:07 | 000,000,000 | ---D | M] -- C:\office [2008.09.16 00:41:12 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.10 23:39:22 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.10 23:54:30 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.10 23:57:45 | 000,000,000 | ---D | M] -- C:\ProgramDataEVENTDB [2011.11.10 23:55:26 | 000,000,000 | ---D | M] -- C:\ProgramDataINFECTED [2011.11.10 23:54:50 | 000,000,000 | ---D | M] -- C:\ProgramDataLOGFILES [2011.11.11 00:38:41 | 000,000,000 | ---D | M] -- C:\ProgramDataTEMP [2008.07.31 17:24:10 | 000,000,000 | -HSD | M] -- C:\Programme [2011.02.27 18:07:52 | 000,000,000 | ---D | M] -- C:\Riot Games [2011.03.02 23:07:11 | 000,000,000 | ---D | M] -- C:\RoM [2011.11.11 12:43:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.11.17 17:15:15 | 000,000,000 | ---D | M] -- C:\temp [2009.10.22 19:14:23 | 000,000,000 | R--D | M] -- C:\Users [2011.11.11 01:45:26 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.07.26 18:00:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.07.26 18:00:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 11:48:11 ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Vanadin\Documents\CyberLink:Roxio EMC Stream @Alternate Data Stream - 487 bytes -> C:\ProgramData\Temp:05EE1EEF @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report > |
|
11.11.2011, 13:54
| #4 |
| | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Der OTL Extras Log: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.11.2011 12:41:15 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vanadin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 67,06% Memory free
11,16 Gb Paging File | 10,13 Gb Available in Paging File | 90,80% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,79 Gb Total Space | 94,58 Gb Free Space | 42,84% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,44 Gb Free Space | 54,40% Space Free | Partition Type: NTFS
Computer Name: VANADIN-LAPTOP | User Name: Vanadin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A10981F-41B1-4974-A1E0-ACC19EC89466}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{11692EA8-8A59-42DC-B5CD-6601ED8B2F35}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{15A9C27F-E13D-40F9-B0FF-F4564F45CB14}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{1E72AA33-B592-4707-86B6-B363D3194440}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F796AFE-145E-4E4C-8D57-194D19D1ADF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{211BDF2A-0D92-42CC-99FF-7EFA7B27227B}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{24CC063E-B8B1-4135-9A4D-6187E2662C2E}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{2A066B26-503F-4805-B29C-A0A3ED7C3EE7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{2BFB63BD-24AB-4A63-AB12-BA8A6A891C44}" = lport=6996 | protocol=17 | dir=in | name=league of legends launcher |
"{2DE4DC2B-2A37-45C1-A441-F08C309A743B}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher |
"{2F492606-3B4E-44A2-9C4B-DC8A854693ED}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher |
"{392C7C3E-77D5-476A-B795-298CF528903D}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |
"{3954F994-5E61-4B40-8C18-547AE2B0EAB2}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{3A4E0349-79D2-4211-A420-5669CC04361A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EB0EBBB-8DAF-48A9-ADC9-1B79EF937ECC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{426A30E2-46AF-49A2-9F0F-BC705DE16296}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{43EDB256-7C3D-4E20-9CDA-D5AD2FE893C5}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher |
"{465A96B1-09BC-48DD-BAD3-2DB0B4166FE6}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher |
"{479DFA25-1B6C-4BE3-A45E-1FC97641DD8F}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{47CD4CE9-E99E-4E06-8651-431F0E3A0B10}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{4A01C131-8502-4648-964E-CB830BCFB55A}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{4B1B7BD3-7E71-4D0A-A6BB-CEBF8E553A21}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{4B68CE0F-13E9-44E3-9B70-961F62FFA7A0}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |
"{4CC60EB7-1C73-4C76-8538-A517180BF8FD}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{4F31C225-05C1-47E9-8AD1-1C5CF4D85339}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{4FA9B047-950E-47DA-9102-D47D74566076}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{52729004-4CA7-4FD3-8278-2FE872D8884D}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{601FE290-5084-4E32-BE02-0267A1163CF6}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{62C6A72B-FB8B-4936-B9DF-0BD2C3F1C518}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{648FDFC3-C159-4EC9-B9A5-72598031F861}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66C70B37-72C0-447A-AB08-4875D3492857}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68075AAE-5310-4B25-82A1-AA420514BE61}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher |
"{686C9B68-F650-4804-917C-5DB351063ACB}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher |
"{7339C405-8C65-4770-B77A-EBC988E90076}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{76B3571A-784E-4282-8CE2-97BF17E6D844}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{79E8C080-B87C-42C3-B756-01BB43293F40}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{7A4E94E8-47E8-4F99-A1AF-0737EE88976F}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |
"{7A5500EC-E9E1-4E5A-8956-94C342FFC342}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F683E21-8663-462C-814E-B6020D1EE46E}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{82043178-0A18-41F7-9E0A-BC57CA155D6E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8A640A77-F95F-4D77-AED4-C7B4F0177D16}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher |
"{8C057FCA-B1AB-4E75-B678-C4307F4ED5C1}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher |
"{8C365966-F921-45DE-8F88-64F78DAC6132}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{8C43D290-C656-4440-8C79-DC66B5125E57}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{8E9A879E-CB62-43EC-A381-E3639752B8C5}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher |
"{90D43A02-C27D-414E-AF79-104A4B93E3F6}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
"{90FC4B38-FE48-445B-B927-27C2BE2F5E43}" = lport=10243 | protocol=6 | dir=in | app=system |
"{926DC3A0-784D-4F53-8F6E-FF95B53461FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{938D7FA9-81FC-4134-AE32-2911C5C7BB51}" = lport=55770 | protocol=6 | dir=in | name=akamai netsession interface |
"{93FC7DAB-4FBC-49E4-AC7D-E7D8AC773BD1}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{9B5333DA-7B1B-4EC2-9642-233BC4595C4A}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{9BD0C7B4-8A76-43EB-A63B-8F0B035DEFCC}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{9D3F18EA-6515-43C0-AB6E-5311D09606EB}" = lport=7631 | protocol=6 | dir=in | name=coyoz |
"{AA9841A9-BF5A-4C8C-B9F2-7731676CC4EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ADD8BF04-48B9-4D46-94D9-23A378E5B2AA}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher |
"{AF75F221-A007-452D-B0BE-B50D0FDB1080}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{B2273AF1-80AD-43E8-B9C2-EE692339D26C}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
"{B2F11678-67B5-4AC0-AA04-03D7D4F4DB30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B525FFD4-5303-42B3-A7FE-7C69698D22B3}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{B64CA831-3FE1-4DE3-94C6-8DE8AA975ED1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7FD190B-A1D6-4AA0-A9F2-F838B1714C70}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BBF40C36-0A4A-4584-8D5C-262C124DDE0B}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher |
"{BFBD46BD-BACD-4C0D-BC2B-F0DBCBF379B0}" = lport=6996 | protocol=6 | dir=in | name=league of legends launcher |
"{C04E0470-3DA5-4820-AD59-C45699F59D4A}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{C508274B-4D1C-4D5F-9637-AD9D3D08587A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C796EA32-3007-4256-BE11-8E098CEDB7AD}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |
"{C9140A1B-3A6B-427B-9768-4FB2B6705D21}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{CA1E04F3-C4F4-454A-811B-C361B5014F97}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{D38B1BD7-E70E-4E58-A6E5-9E62C515E654}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D4F01C9F-E9FE-4976-9934-0DC8F7DEE43E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9CC29BB-962D-4249-9330-73663079F983}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher |
"{E355B214-2601-4DA9-8060-99AA29E10DFE}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{E506F0DB-A8C2-4A48-B6D0-B6D6C15F93E4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E58F7161-1FB6-47E8-8703-A5535183F322}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{E6C90488-3525-4A47-8974-461E3C4C70C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EAE7AD15-FE66-4A54-BB17-7262F7871E6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EF097418-4465-4DFF-A3F6-31E901F1BA95}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF0ABC7B-C71C-4F52-98D2-384885795FFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EF13E8D5-EF28-4A27-AB0D-438E035E2EEA}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{F0CA1CD6-2D12-4508-99EF-8CE525885C95}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher |
"{FAC48B2A-0AC0-4FE2-9BFB-D6FAF6D11C5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB068F91-3283-4C3B-89AB-57B00D2C7144}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{FC3DFFAC-1511-48FC-959E-70598D16D2B3}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{FEAA4A26-4C8C-4815-AE5D-001C9C66416D}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099D302A-5127-4B05-84DE-930478307F64}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{0BC65E23-CAC2-4C91-A0F5-25AE853B4DF1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{1076A61E-263D-43AD-8FAA-D1AEC8EE2B28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17C1852D-3F2E-4EF1-8BBD-075B936FD506}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B6D488C-7690-44B6-A17A-0175AD6FB5AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EEC7F77-CD05-4B80-9B38-58DBEA131893}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41B84B83-A9AB-41C1-BAD9-680733E05EAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44CE3F5A-6BC0-4232-B34F-A1BB912F1747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C045D79-6BC8-4572-B302-6488635D761A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5CEE2C3A-23D6-4133-8AE9-5097067DA0B3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{64D36528-48C6-4E3F-B6F8-5AE3500E82A0}" = protocol=6 | dir=out | app=system |
"{6DB2A0FC-F622-46CF-8189-60B408C6D668}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\x3nios\counter-strike\hl.exe |
"{7CDFFB85-EEA7-43C7-A166-4A80A06CA316}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{83949B54-6D68-4403-A052-DA63D20A0F30}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{87724CA0-154B-466B-A093-EEF7569AA8B8}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{8A79CA92-85B0-42AE-A8A4-E01D6020F4C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E70D923-7A93-4B43-8578-17C5DF4D8070}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{96EF40F8-3A4D-45F2-9C0C-57BAF587AF08}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9AA5CEEC-33DB-44CD-A1F7-99879E9C2FD1}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9BAEE923-4B64-4CC3-88FC-85D192A7BE23}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0C633C3-47A2-4417-B334-785F432CD294}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5FFFD2F-FB0E-465B-B9F3-1661517D9A18}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{AE3A63B6-0E4B-4E7F-BE9D-39EEB2204550}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AEF46910-9D7A-4151-A858-044EEF3F0700}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\x3nios\counter-strike\hl.exe |
"{B532D2A8-8E5D-4E02-AE5E-F7A1606ABD37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7FDA10C-F126-40CC-A522-5523026BEDA3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{CC444B2A-8378-4C5B-B256-EA1BF269BACC}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{CCB92AFD-F773-4025-83C9-19EB0BE34650}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD56BE9D-BB3C-4BB7-86FB-6581503EE3EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DA5F31BA-9AD4-4391-B756-242E3B92FEE6}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E6F12137-263A-42D1-BAFD-02F2F3D37B66}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E79C0501-6710-4610-8CE2-E9CDD53149B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E99E2556-C3EB-4F24-8875-E94AC78B8BA2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F048CCA3-C1D2-47E3-BE5C-085E527D34AE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F0C4B8F8-73C3-4D40-A1C5-4F0B4B9C48EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F2B3F5BA-1526-4F8B-BE97-42666E34DF5A}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{1EE351DC-DF8F-419A-8365-3858A6472545}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{21BE3D3F-A463-4E06-9880-64C792CEAAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3E3A7F69-C449-4E45-8C1E-63B619F372C9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{69946DDB-E561-46E1-928B-92D4451B7684}C:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe |
"TCP Query User{72A990C8-8A5E-4474-B174-1A8631335B26}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{79B74720-CC04-4468-8A01-51BCCA9F39C3}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{7FD68F18-C3C1-4C4B-A478-00614556BA1E}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{BF8C6EB3-488A-47F4-B45F-3C1C396DF811}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E060B11B-8A54-40F8-ABC6-2C69E39C8F6A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E5C3EEB4-D472-4F06-A3AF-E2ECA383D45A}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{28442681-D133-47F5-9F41-8909B962A008}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{3018FEB3-F114-40D8-B8A3-29B2FB18017C}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{39B11A9F-F750-419D-BF4C-FEA2789F88DC}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{468DBF60-F386-4795-88DC-1C6711A65204}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{7703B3EC-9281-4319-A612-11DF932F3FBF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{80C55578-CB3B-4B7E-8FEE-6964455BF653}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{97B7F270-BCAF-463E-AE99-23E9E45D6B3C}C:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\x3nios\counter-strike source\hl2.exe |
"UDP Query User{A3750DD6-DBE5-48BB-86EE-A892D81BE61B}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{C87E8F4B-A529-4DDD-B852-FAD7CB1F4EC1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D3B01424-2581-4B3F-B882-21892EB1C044}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2381724F-2FA7-4D10-B5AE-F49B7EC34C2C}" = Ad-Aware
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{27152832-FFD6-4F21-8FBC-9B1BEA591241}" = Crystal Reports Viewer 2008
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480390-0EC4-429E-BBEE-78E19EEB03BD}" = O&O CleverCache
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{BE1626CD-4380-40BF-84A5-D8F1B4217CB3}" = Visual C++ 2008 Runtime (x86)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Setup" = DivX-Setup
"dlancockpit" = devolo dLAN Cockpit
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"Explorer Suite_is1" = Explorer Suite III
"foobar2000" = foobar2000 v1.1.7
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.49
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"mIRC" = mIRC
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 1.0.1-alpha6
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mumble" = Mumble and Murmur
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Röntgen-Tutor" = Röntgen-Tutor
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamSpeakOverlay" = TeamSpeak Overlay BETA 2 (#63)
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X-Mouse Button Control" = X-Mouse Button Control 2.2
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5a38c119dda584f7" = DSO Economic
"5ca7a701f4767ab9" = LoL-Starter
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.11.2011 16:48:20 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2011 16:51:09 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2011 16:51:09 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2011 16:51:09 | Computer Name = Vanadin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.11.2011 17:05:19 | Computer Name = Vanadin-Laptop | Source = VSS | ID = 8194
Description =
Error - 10.11.2011 17:17:50 | Computer Name = Vanadin-Laptop | Source = VSS | ID = 8194
Description =
Error - 10.11.2011 18:24:49 | Computer Name = Vanadin-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avguard.exe, Version 12.1.0.18, Zeitstempel
0x4e7ca198, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc00000fd, Fehleroffset 0x0004a132, Prozess-ID 0x558, Anwendungsstartzeit
01cc9ff752168401.
Error - 10.11.2011 18:27:15 | Computer Name = Vanadin-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avguard.exe, Version 12.1.0.18, Zeitstempel
0x4e7ca198, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc00000fd, Fehleroffset 0x0004a132, Prozess-ID 0xf34, Anwendungsstartzeit
01cc9ff7aad24661.
Error - 10.11.2011 18:50:08 | Computer Name = Vanadin-Laptop | Source = EventSystem | ID = 4609
Description =
Error - 10.11.2011 19:41:10 | Computer Name = Vanadin-Laptop | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 10.11.2011 21:39:08 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7034
Description =
Error - 11.11.2011 05:55:35 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7023
Description =
Error - 11.11.2011 05:55:40 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 11.11.2011 05:57:43 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 11.11.2011 06:00:00 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 11.11.2011 07:18:33 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7034
Description =
Error - 11.11.2011 07:29:43 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7023
Description =
Error - 11.11.2011 07:29:50 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7026
Description =
Error - 11.11.2011 07:31:20 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description =
Error - 11.11.2011 07:31:58 | Computer Name = Vanadin-Laptop | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
11.11.2011, 14:00
| #6 |
| | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Hier kommt gleich der Malwarebytes Fullscan hin: |
|
11.11.2011, 15:19
| #7 | |
| | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Wieso wird in diesem board die "Editier"-Funktion für eigene Posts nach einiger Zeit deaktiviert? *grml* Zitat:
|
|
11.11.2011, 16:39
| #8 | ||
| | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Hier nochma die anderen MWB Logs die ich hab Zitat:
Zitat:
|
|
21.11.2011, 22:26
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLLZitat:
 Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2011, 00:28
| #10 | |
| | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLLZitat:
Von Cracks/Keygens halte ich mich schon seit Ewigkeiten fern, ein dummer Fehler in der Kindheit hat mir damals fast meinen Rechner zerlegt.... Ich weiß nichtmal wofür dieser DVD Architect or whatever gut sein soll...geschweige denn, dass ich ihn irgendwann mal bewusst gestartet habe oO Der Ordner ist zumindest gelöscht und wäre ich früher darauf aufmerksam geworden, wäre der auch schon viel früher verschwunden Geändert von Kite (22.11.2011 um 00:35 Uhr) |
|
22.11.2011, 08:53
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL Wie auch immer, bei Cracks/Keygens gibt es hier nur Hilfe zur Neuinstallation des OS.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL |
| antivir, boot, datei, dateien, echtzeitscanner, escan, fehlalarm, file, folge, frage, google, hijack, hijackthis, hijackthis logfile, log, logfile, löschen, malware, namen, otl scan, scan, sekunden, system, system32, treiber, updates, warum, windows |
Linear-Darstellung
