| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 100 Tan TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2011, 09:28
| #1 |
 |  100 Tan Trojaner Hallo, hatte vor zwei Tagen den 100 Tan Trojaner am Laptop. Wurde schon öfter bschrieben. Es erscheint nach Eingabe der Login Daten ein Popup mit der Aufforderung 100 Tans einzugeben. Läöst sich auch nicht wegklicken. Avira Freeware fand ihn nicht. Habe dann Malewarebytes durchlaufen lassen. Es wurden 7 infizierte Orte gefunden. Nach dem Löschen war der Trojaner dann weg. Inzwischen habe ich sämtliche Passwörter geändert. Meine Frage: Bin ich nun sicher oder muss ich System neu aufsetzen? Hier die Log Datei Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8210 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 21.11.2011 20:38:21 mbam-log-2011-11-21 (20-37-41).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 187545 Laufzeit: 8 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Registry Cleaner for Vista_is1 (Rogue.FreeRegistryCleanerForVista) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Malware.Gen) -> Value: Userinit -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5DC3DC96-99A1-7F67-D792-706463EB81AC} (Trojan.Ransom) -> Value: {5DC3DC96-99A1-7F67-D792-706463EB81AC} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\free registry cleaner for vista (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\programdata\microsoft\Windows\start menu\Programs\free registry cleaner for vista (Rogue.FreeRegistryCleanerForVista) -> No action taken. Infizierte Dateien: c:\Users\utti\AppData\Roaming\appconf32.exe (Malware.Gen) -> No action taken. c:\Users\utti\AppData\Roaming\Babew\udlanoz.exe (Trojan.Ransom) -> No action taken. c:\Users\utti\AppData\Roaming\acroiehelpe.dll (Trojan.Banker) -> No action taken. c:\program files\free registry cleaner for vista\backuphkcu.reg (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\program files\free registry cleaner for vista\regcleanerforvista.exe (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\program files\free registry cleaner for vista\unins000.dat (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\program files\free registry cleaner for vista\unins000.exe (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\programdata\microsoft\Windows\start menu\Programs\free registry cleaner for vista\free registry cleaner for vista.lnk (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\programdata\microsoft\Windows\start menu\Programs\free registry cleaner for vista\uninstall free registry cleaner for vista.lnk (Rogue.FreeRegistryCleanerForVista) -> No action taken. A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00000005, pid=4988, tid=2796 # # JRE version: 6.0_26-b03 # Java VM: Java HotSpot(TM) Client VM (20.1-b02 mixed mode, sharing windows-x86 ) # Problematic frame: # C 0x00000005 # # If you would like to submit a bug report, please visit: # hxxp://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --------------- T H R E A D --------------- Current thread (0x04420c00): JavaThread "AWT-Windows" daemon [_thread_in_native, id=2796, stack(0x047e0000,0x04830000)] siginfo: ExceptionCode=0xc0000005, reading address 0x00000005 Registers: EAX=0x0440fe98, EBX=0x00000001, ECX=0x044bbca8, EDX=0x00000004 ESP=0x0482f9bc, EBP=0x0482f9e8, ESI=0x04420d28, EDI=0x044bbca8 EIP=0x00000005, EFLAGS=0x00010293 Top of Stack: (sp=0x0482f9bc) 0x0482f9bc: 6d09cb90 0482fa64 0000981a 00000000 0x0482f9cc: 0482fa64 0482fb1c 04420d28 0482f9c0 0x0482f9dc: 0482fa7c 6d0c04a8 00000001 0482fa14 0x0482f9ec: 772efd72 000f0a7e 0000981a 044bbca8 0x0482f9fc: 00000000 0000981a dcbaabcd 00000000 0x0482fa0c: 0482fa64 0000981a 0482fa8c 772efe4a 0x0482fa1c: 6d09c650 000f0a7e 0000981a 044bbca8 0x0482fa2c: 00000000 be333dcb 0482fb24 0482fb1c Instructions: (pc=0x00000005) 0xffffffe5: Register to memory mapping: EAX=0x0440fe98 is an unknown value EBX=0x00000001 is an unknown value ECX=0x044bbca8 is an unknown value EDX=0x00000004 is an unknown value ESP=0x0482f9bc is pointing into the stack for thread: 0x04420c00 EBP=0x0482f9e8 is pointing into the stack for thread: 0x04420c00 ESI=0x04420d28 is an unknown value EDI=0x044bbca8 is an unknown value Stack: [0x047e0000,0x04830000], sp=0x0482f9bc, free space=318k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C 0x00000005 C [USER32.dll+0x1fd72] GetWindowLongW+0x4b3 C [USER32.dll+0x1fe4a] GetWindowLongW+0x58b C [USER32.dll+0x2018d] GetMessageW+0x296 C [USER32.dll+0x2022b] DispatchMessageW+0xf Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j sun.awt.windows.WToolkit.eventLoop()V+0 j sun.awt.windows.WToolkit.run()V+52 j java.lang.Thread.run()V+11 v ~StubRoutines::call_stub --------------- P R O C E S S --------------- Java Threads: ( => current thread ) 0x0442fc00 JavaThread "Thread-3" daemon [_thread_in_native, id=7800, stack(0x053e0000,0x05430000)] 0x0442c400 JavaThread "Thread-15" [_thread_blocked, id=156, stack(0x052a0000,0x052f0000)] 0x0442d000 JavaThread "Timer-2" [_thread_blocked, id=6700, stack(0x04870000,0x048c0000)] 0x0442f000 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=7424, stack(0x05780000,0x057d0000)] 0x0442ec00 JavaThread "TimerQueue" daemon [_thread_blocked, id=6292, stack(0x05730000,0x05780000)] 0x0442d800 JavaThread "thread applet-com.pfsoft.proftrading.chart.ProQuote.class-1" [_thread_blocked, id=7096, stack(0x05200000,0x05250000)] 0x0442dc00 JavaThread "AWT-EventQueue-2" [_thread_in_native, id=6356, stack(0x05250000,0x052a0000)] 0x0442cc00 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=8100, stack(0x05160000,0x051b0000)] 0x0442c000 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=4816, stack(0x04b50000,0x04ba0000)] 0x0442b800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=7656, stack(0x04b00000,0x04b50000)] 0x0442b000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2464, stack(0x04ab0000,0x04b00000)] 0x04427000 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=6728, stack(0x04250000,0x042a0000)] 0x01d36c00 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=7380, stack(0x04910000,0x04960000)] 0x04423800 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3180, stack(0x048c0000,0x04910000)] =>0x04420c00 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2796, stack(0x047e0000,0x04830000)] 0x0441d000 JavaThread "AWT-Shutdown" [_thread_blocked, id=3400, stack(0x04790000,0x047e0000)] 0x0441c800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=4040, stack(0x04740000,0x04790000)] 0x01d15400 JavaThread "Timer-0" [_thread_blocked, id=4400, stack(0x04200000,0x04250000)] 0x01ce3400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=7100, stack(0x04020000,0x04070000)] 0x01cc9c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6600, stack(0x03f80000,0x03fd0000)] 0x01cba800 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=6340, stack(0x03f30000,0x03f80000)] 0x01cb9400 JavaThread "Attach Listener" daemon [_thread_blocked, id=2624, stack(0x03ee0000,0x03f30000)] 0x01cb6800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=7816, stack(0x03e90000,0x03ee0000)] 0x01cb0000 JavaThread "Finalizer" daemon [_thread_blocked, id=3660, stack(0x03e40000,0x03e90000)] 0x01caec00 JavaThread "Reference Handler" daemon [_thread_blocked, id=6456, stack(0x03df0000,0x03e40000)] 0x00b2b000 JavaThread "main" [_thread_blocked, id=6980, stack(0x00330000,0x00380000)] Other Threads: 0x01c71800 VMThread [stack: 0x03da0000,0x03df0000] [id=6648] 0x01ccb000 WatcherThread [stack: 0x03fd0000,0x04020000] [id=7232] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap def new generation total 4928K, used 2945K [0x24400000, 0x24950000, 0x29950000) eden space 4416K, 66% used [0x24400000, 0x246dffc0, 0x24850000) from space 512K, 0% used [0x24850000, 0x24850618, 0x248d0000) to space 512K, 0% used [0x248d0000, 0x248d0000, 0x24950000) tenured generation total 10944K, used 7384K [0x29950000, 0x2a400000, 0x34400000) the space 10944K, 67% used [0x29950000, 0x2a0862c0, 0x2a086400, 0x2a400000) compacting perm gen total 12288K, used 3311K [0x34400000, 0x35000000, 0x38400000) the space 12288K, 26% used [0x34400000, 0x3473bfd0, 0x3473c000, 0x35000000) ro space 10240K, 51% used [0x38400000, 0x3892dff8, 0x3892e000, 0x38e00000) rw space 12288K, 55% used [0x38e00000, 0x3949c208, 0x3949c400, 0x39a00000) Code Cache [0x01d40000, 0x01f00000, 0x03d40000) total_blobs=977 nmethods=765 adapters=147 free_code_cache=31745344 largest_free_block=0 Dynamic libraries: 0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe 0x778e0000 - 0x77a08000 C:\Windows\system32\ntdll.dll 0x76040000 - 0x7611c000 C:\Windows\system32\kernel32.dll 0x77a20000 - 0x77ae6000 C:\Windows\system32\ADVAPI32.dll 0x77810000 - 0x778d3000 C:\Windows\system32\RPCRT4.dll 0x6ea10000 - 0x6ea2e000 C:\Windows\system32\ShimEng.dll 0x75de0000 - 0x75e0c000 C:\Windows\system32\apphelp.dll 0x6afd0000 - 0x6b058000 C:\Windows\AppPatch\AcLayers.DLL 0x772d0000 - 0x7736d000 C:\Windows\system32\USER32.dll 0x77af0000 - 0x77b3b000 C:\Windows\system32\GDI32.dll 0x76120000 - 0x76c31000 C:\Windows\system32\SHELL32.dll 0x774e0000 - 0x7758a000 C:\Windows\system32\msvcrt.dll 0x77480000 - 0x774d9000 C:\Windows\system32\SHLWAPI.dll 0x76f30000 - 0x77075000 C:\Windows\system32\ole32.dll 0x76c40000 - 0x76ccd000 C:\Windows\system32\OLEAUT32.dll 0x75e60000 - 0x75e7e000 C:\Windows\system32\USERENV.dll 0x75e40000 - 0x75e54000 C:\Windows\system32\Secur32.dll 0x6dc90000 - 0x6dcd2000 C:\Windows\system32\WINSPOOL.DRV 0x759e0000 - 0x759f4000 C:\Windows\system32\MPR.dll 0x77280000 - 0x7729e000 C:\Windows\system32\IMM32.DLL 0x76e60000 - 0x76f28000 C:\Windows\system32\MSCTF.dll 0x77a10000 - 0x77a19000 C:\Windows\system32\LPK.DLL 0x77090000 - 0x7710d000 C:\Windows\system32\USP10.dll 0x74d20000 - 0x74ebe000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll 0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll 0x6d7f0000 - 0x6da9f000 C:\Program Files\Java\jre6\bin\client\jvm.dll 0x749b0000 - 0x749e2000 C:\Windows\system32\WINMM.dll 0x74790000 - 0x747ce000 C:\Windows\system32\OLEACC.dll 0x6d7a0000 - 0x6d7ac000 C:\Program Files\Java\jre6\bin\verify.dll 0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll 0x75f10000 - 0x75f17000 C:\Windows\system32\PSAPI.DLL 0x6d7e0000 - 0x6d7ef000 C:\Program Files\Java\jre6\bin\zip.dll 0x6d420000 - 0x6d426000 C:\Program Files\Java\jre6\bin\jp2native.dll 0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll 0x758e0000 - 0x759d2000 C:\Windows\system32\CRYPT32.dll 0x75a40000 - 0x75a52000 C:\Windows\system32\MSASN1.dll 0x77110000 - 0x7722a000 C:\Windows\system32\WININET.dll 0x77610000 - 0x77613000 C:\Windows\system32\Normaliz.dll 0x77650000 - 0x77808000 C:\Windows\system32\iertutil.dll 0x77370000 - 0x77480000 C:\Windows\system32\urlmon.dll 0x6d6a0000 - 0x6d6e6000 C:\Program Files\Java\jre6\bin\regutils.dll 0x75640000 - 0x75648000 C:\Windows\system32\VERSION.dll 0x6d600000 - 0x6d613000 C:\Program Files\Java\jre6\bin\net.dll 0x77620000 - 0x7764d000 C:\Windows\system32\WS2_32.dll 0x77080000 - 0x77086000 C:\Windows\system32\NSI.dll 0x755d0000 - 0x7560b000 C:\Windows\system32\mswsock.dll 0x75630000 - 0x75635000 C:\Windows\System32\wship6.dll 0x6d620000 - 0x6d629000 C:\Program Files\Java\jre6\bin\nio.dll 0x6d000000 - 0x6d14b000 C:\Program Files\Java\jre6\bin\awt.dll 0x73880000 - 0x73905000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll 0x6e440000 - 0x6e44c000 C:\Windows\system32\DWMAPI.DLL 0x75020000 - 0x7505f000 C:\Windows\system32\uxtheme.dll 0x6d230000 - 0x6d27f000 C:\Program Files\Java\jre6\bin\fontmanager.dll 0x75840000 - 0x75859000 C:\Windows\system32\iphlpapi.dll 0x75800000 - 0x75835000 C:\Windows\system32\dhcpcsvc.DLL 0x75a80000 - 0x75aac000 C:\Windows\system32\DNSAPI.dll 0x757f0000 - 0x757f7000 C:\Windows\system32\WINNSI.DLL 0x757c0000 - 0x757e2000 C:\Windows\system32\dhcpcsvc6.DLL 0x75290000 - 0x75295000 C:\Windows\System32\wshtcpip.dll 0x74610000 - 0x7461f000 C:\Windows\system32\NLAapi.dll 0x6fe00000 - 0x6fe0f000 C:\Windows\system32\napinsp.dll 0x6ee40000 - 0x6ee52000 C:\Windows\system32\pnrpnsp.dll 0x6ee70000 - 0x6ee78000 C:\Windows\System32\winrnr.dll 0x77230000 - 0x77279000 C:\Windows\system32\WLDAP32.dll 0x6f050000 - 0x6f056000 C:\Windows\system32\rasadhlp.dll 0x6d440000 - 0x6d465000 C:\Program Files\Java\jre6\bin\jpeg.dll VM Arguments: jvm_args: -D__jvm_launched=33576511845 -Xbootclasspath/a:C:\\PROGRA~1\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Dsun.plugin2.jvm.args=-D__jvm_launched=33576511845 "-Xbootclasspath/a:C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\plu gin.jar" "-Djava.class.path=C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- -- java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid4948_pipe6,read_pipe_name=jpi2_pid4948_pipe5 Launcher Type: SUN_STANDARD Environment Variables: PATH=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Apple\Apple Application Support;C:\Program Files\Common Files\Apple\Mobile Device Support;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Haufe\iDesk\iDeskService\;C:\Program Files\QuickTime\QTSystem\ USERNAME=utti OS=Windows_NT PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel --------------- S Y S T E M --------------- OS: Windows Vista Build 6002 Service Pack 2 CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 14 stepping 12, cmov, cx8, fxsr, mmx, sse, sse2, sse3 Memory: 4k page, physical 2086344k(644800k free), swap 4415672k(1109512k free) vm_info: Java HotSpot(TM) Client VM (20.1-b02) for windows-x86 JRE (1.6.0_26-b03), built on May 4 2011 00:50:59 by "java_re" with MS VC++ 7.1 (VS2003) time: Wed Nov 09 22:09:50 2011 elapsed time: 4568 seconds |
|
22.11.2011, 10:39
| #2 |
  | 100 Tan Trojaner Hi,
__________________ich nehme an, Du hast alles löschen lassen (no action taken?)... Du hast einen Quick Scann durchgeführt, bitte MAM updaten und dann nochmal Fullscan, Log posten! Deployment-Cache löschen: Folge den Anweisungen auf dieser Seite Virus im Java-Cacheverzeichnis gefunden und dann dem Abschnitt "Lösung"... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. sowie: TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ |
|
22.11.2011, 13:29
| #3 |
| | 100 Tan Trojaner Also erstmal Mam Fullscan Log Datei. Hat 2 Std gedauert. Rest folgt.
__________________Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 8213 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 22.11.2011 13:23:40 mbam-log-2011-11-22 (13-23-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 368766 Laufzeit: 2 Stunde(n), 29 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 13 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Registry Cleaner for Vista_is1 (Rogue.FreeRegistryCleanerForVista) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\free registry cleaner for vista (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\programdata\microsoft\Windows\start menu\Programs\free registry cleaner for vista (Rogue.FreeRegistryCleanerForVista) -> No action taken. Infizierte Dateien: c:\Users\utti\AppData\Roaming\5043\components\AcroFF5.dll (Trojan.Passwords) -> No action taken. c:\Users\utti\AppData\Roaming\5043\components\AcroFF6.dll (Trojan.Passwords) -> No action taken. c:\Users\utti\AppData\Roaming\5043\components\AcroFF7.dll (Trojan.Passwords) -> No action taken. c:\Users\utti\AppData\Roaming\5044\components\acroff0445.dll (Trojan.Passwords) -> No action taken. c:\Users\utti\AppData\Roaming\5044\components\acroff0446.dll (Trojan.Passwords) -> No action taken. c:\Users\utti\AppData\Roaming\5044\components\acroff0447.dll (Trojan.Passwords) -> No action taken. c:\Users\utti\AppData\Roaming\5045\components\acroff0457.dll (Trojan.Passwords) -> No action taken. c:\program files\free registry cleaner for vista\backuphkcu.reg (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\program files\free registry cleaner for vista\regcleanerforvista.exe (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\program files\free registry cleaner for vista\unins000.dat (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\program files\free registry cleaner for vista\unins000.exe (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\programdata\microsoft\Windows\start menu\Programs\free registry cleaner for vista\free registry cleaner for vista.lnk (Rogue.FreeRegistryCleanerForVista) -> No action taken. c:\programdata\microsoft\Windows\start menu\Programs\free registry cleaner for vista\uninstall free registry cleaner for vista.lnk (Rogue.FreeRegistryCleanerForVista) -> No action taken. |
|
22.11.2011, 13:47
| #4 |
| | 100 Tan Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2011 13:37:27 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\utti\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,83% Memory free 4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,00 Gb Total Space | 16,08 Gb Free Space | 13,51% Space Free | Partition Type: NTFS Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\utti\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Videoload Manager\ContentManager.exe (ACE GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Launch Manager\WButton.exe () PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Program Files\Launch Manager\LaunchAp.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\utti\AppData\Roaming\5045\components\AcroFF0458.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Launch Manager\WButton.exe () MOD - C:\Program Files\Launch Manager\LaunchAp.exe () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ContentMgrService) -- C:\Program Files\Videoload Manager\ContentManager.exe (ACE GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PSSDK42) -- C:\Windows\System32\drivers\pssdk42.sys (microOLAP Technologies LTD) DRV - (PSSDKLBF) -- C:\Windows\System32\drivers\pssdklbf.sys (microOLAP Technologies LTD) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows (R) Codename Longhorn DDK provider) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (w810obex) -- C:\Windows\System32\drivers\w810obex.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdm) -- C:\Windows\System32\drivers\w810mdm.sys (MCCI) DRV - (w810mdfl) -- C:\Windows\System32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\Windows\System32\drivers\w810bus.sys (MCCI) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = comdirect.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:80 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.comdirect.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPWMDRMWrapper: C:\Program Files\Common Files\mpDRM\NPWMDRMWrapper.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008.05.07 23:16:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 11:48:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 06:03:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\utti\AppData\Roaming\5045 [2011.11.21 12:38:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2009.07.07 09:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Extensions [2011.11.11 11:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions [2010.07.19 06:02:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 10:20:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.11 11:48:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.12.02 07:07:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\firefox@tvunetworks.com [2011.08.27 09:00:20 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\youtube2mp3@mondayx.de [2011.11.11 11:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.12.17 12:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.11.21 12:38:16 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\UTTI\APPDATA\ROAMING\5045 [2011.11.11 11:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.14 07:29:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.14 07:29:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.14 07:29:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.14 07:29:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.14 07:29:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.14 07:29:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.16 20:37:52 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{5DC3DC96-99A1-7F67-D792-706463EB81AC}] C:\Users\utti\AppData\Roaming\Babew\udlanoz.exe File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\utti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8889191D-50CE-4244-92A6-A164F2FAB58C}: DhcpNameServer = 10.129.32.1 10.111.81.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2538822-8FA8-4FB7-BABD-7A7E81D14206}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.21 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Malwarebytes [2011.11.21 20:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.21 20:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.21 20:26:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.21 20:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.21 12:38:15 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5045 [2011.11.20 14:48:36 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5044 [2011.11.19 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Yhawid [2011.11.19 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Babew [2011.11.18 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5043 [2011.11.18 19:54:54 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\xmldm [2011.11.18 19:54:51 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\kock [2011.11.17 20:51:22 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\webex [2011.11.17 20:48:42 | 000,000,000 | -HSD | C] -- C:\Users\utti\Documents\Documents\cache [2011.11.17 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx [2011.11.02 09:44:18 | 000,000,000 | ---D | C] -- C:\Users\utti\Documents\Documents\Videos [2011.11.02 09:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2011.11.02 09:44:06 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\KastorFreeVimeoDownloader [2011.11.02 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kastor Free Vimeo Downloader [2011.11.02 09:42:46 | 003,264,831 | ---- | C] (KastorSoft ) -- C:\Users\utti\Desktop\Setup_FreeVimeoDownloader.exe [2011.10.31 15:28:44 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2007.07.12 03:57:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\utti\AppData\Roaming\*.tmp files -> C:\Users\utti\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.22 13:40:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.22 13:40:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.22 13:36:46 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.22 13:36:46 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.22 13:36:46 | 000,131,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.22 13:36:46 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.22 13:32:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 13:32:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 13:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.21 20:39:13 | 000,000,072 | ---- | M] () -- C:\Users\utti\AppData\Roaming\blckdom.res [2011.11.21 20:26:29 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.11 22:58:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.02 09:52:52 | 000,086,528 | ---- | M] () -- C:\Users\utti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.02 09:44:09 | 000,000,963 | ---- | M] () -- C:\Users\utti\Desktop\Kastor Free Vimeo Downloader.lnk [2011.11.02 09:42:50 | 003,264,831 | ---- | M] (KastorSoft ) -- C:\Users\utti\Desktop\Setup_FreeVimeoDownloader.exe [2011.10.31 15:29:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2011.10.31 15:29:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\utti\AppData\Roaming\*.tmp files -> C:\Users\utti\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.21 20:26:29 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.18 19:55:15 | 000,000,072 | ---- | C] () -- C:\Users\utti\AppData\Roaming\blckdom.res [2011.11.02 09:44:09 | 000,000,963 | ---- | C] () -- C:\Users\utti\Desktop\Kastor Free Vimeo Downloader.lnk [2011.10.31 15:29:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2011.10.31 15:29:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.10.31 15:28:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2011.09.17 14:13:45 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI [2010.12.17 15:09:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.11.19 14:53:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.17 08:28:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 08:28:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll [2009.07.13 12:15:35 | 000,000,253 | ---- | C] () -- C:\Windows\tm.ini [2009.07.13 12:14:58 | 000,000,092 | ---- | C] () -- C:\Windows\d2hnav.ini [2009.07.13 12:14:03 | 000,000,027 | ---- | C] () -- C:\Windows\stwin05.ini [2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.06.14 21:18:20 | 000,097,992 | ---- | C] () -- C:\Windows\System32\canvidplayer8.dll [2008.10.29 06:25:20 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini [2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.08.29 07:38:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.03.17 08:14:36 | 000,000,121 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.09 15:59:42 | 000,000,020 | ---- | C] () -- C:\Windows\powerplayer.ini [2008.02.09 15:59:37 | 000,000,360 | ---- | C] () -- C:\Windows\psnetwork.ini [2008.01.02 08:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2007.12.11 06:54:39 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.19 17:39:25 | 000,086,528 | ---- | C] () -- C:\Users\utti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.06 12:49:50 | 000,000,092 | ---- | C] () -- C:\Users\utti\AppData\Local\fusioncache.dat [2007.08.24 11:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.07.12 03:57:45 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.09 16:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe [2007.07.06 06:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.07.06 06:39:06 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.07.06 06:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.07.06 05:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.06.20 12:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.06.20 12:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.06.11 13:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.06.11 13:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:33:31 | 000,642,258 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,678 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 003,790,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,607,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,108,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2011 13:37:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\utti\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,83% Memory free
4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 16,08 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C76EB6-E831-44A1-B4B0-2D1A2D22B96A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2867F7ED-FA52-410B-A877-DF22E172B3B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B22D65E-316A-4714-8EC5-DB2A037FFA9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{48967355-C636-4DE2-BB91-D2B6ED61D107}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6664D048-7C9E-430C-9435-4C3259E2E3B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81841874-7CDA-4D56-9DFA-A107BB703E71}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B274F027-A270-4B83-AC9E-9C738CAA4867}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B2B51264-FF2F-46F0-B2DF-939CE463B7A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0AF4C6B-8DBA-4800-88FF-43BF601C31EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F09F116-AC2C-4ECD-9777-79763B72BB06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E15F41C-02DC-4A45-9BE5-7066CAD5951C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{36B76DA6-35AA-479A-9C88-4392F01313B7}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{543241AE-5F0A-414E-9846-0E0B97F6AD1C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{604C467E-044F-407B-94FC-DA24AB18AC33}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{6DEF10A3-00DB-4498-910D-F6EBC09CE91B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{70867438-759E-41BB-A0B1-EDCB144792C7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{71A8B3AE-937B-4ACC-9CB5-D55CE267D92C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{897F9638-EA5B-4B3E-85B5-EA665D7A4E8D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{A3B07647-5382-4C13-A32D-48876A99E919}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{B5082DCF-FB59-457F-97A2-D63F8AE8DFAF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{CC16B03C-1C3C-4D5D-A13B-61466D38F45E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0816A2A-8DC9-4A94-8E09-C99DA8151398}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D2ECDC42-69B2-4015-B9AF-F39E37F3D98B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2054120-03FB-4BDB-B6A3-239DC189046A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{EBA3DB16-4CD8-4F78-BCA0-C3CACE637356}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8AE51FB-DFEF-4DE2-B06D-A47BCFBB0984}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"TCP Query User{1E290986-7261-4D82-B77F-D0CBC3583D84}C:\casino\casinoclub\casino.exe" = protocol=6 | dir=in | app=c:\casino\casinoclub\casino.exe |
"TCP Query User{272CE53E-8E56-46A5-9714-4BD6D6E86417}C:\program files\ppmate\ppmnet.exe" = protocol=6 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"TCP Query User{3579EF24-AD0B-449B-88A3-C87D19A483B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4619761E-D4FB-4D2F-8A1D-E59BBA74219C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{689F82ED-2A8F-45C5-9637-F220813E4DF6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B49E77BD-F341-4E45-B5B0-ADB4D1A77B55}C:\program files\sopcast\sopvod.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"TCP Query User{BE55E803-9152-47FA-8938-6A0969FE199C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D35764FD-3E4E-4E03-964D-D44504471817}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{D8BBAB34-4A15-43A5-9366-8C108715A8AB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DDDE2CB5-2A36-4994-BAA3-E6453AB3DFF7}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=6 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
"TCP Query User{E11B7525-6D36-405E-817E-562755C253E3}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EE9B2A86-04D4-404F-87F1-D90604E1007F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F7CE2338-5DE5-4DF3-AAFA-DAF5F28331F9}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{071EA504-ABD2-4578-967B-5D1AA4FA2675}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{139D2D4D-7CA1-4614-8276-15EE189AEE74}C:\casino\casinoclub\casino.exe" = protocol=17 | dir=in | app=c:\casino\casinoclub\casino.exe |
"UDP Query User{2D577611-DB7E-4FD0-9E2F-238CD12E4290}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{46096F92-E86A-4648-854F-BB60CF40C802}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{49DEE46F-3F92-4EC6-82CA-8BE5581B9994}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{6A55B53C-1E06-4892-BB00-C9689DB07E30}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6C032088-9F74-4EE9-BA41-79FDAD4A707A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7E74A7E0-0BF9-40F4-8275-D453687E2BDA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{89C0C0BB-6BCD-4ABC-ABF8-C9C28B3D7C88}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{97CDDE5F-9653-4476-A42B-7E79034773C7}C:\program files\ppmate\ppmnet.exe" = protocol=17 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"UDP Query User{A881B028-0AD1-4EC9-BE85-242607051691}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{ACF2BEAA-F31C-4A92-B2A2-970B9B58EE37}C:\program files\sopcast\sopvod.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"UDP Query User{FD7B0BA5-44A1-4D5D-81E4-E4840CB7911E}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=17 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF7480B8-0986-4D9A-8778-28F32BFC0AB0}" = AAVUpdateManager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Unternehmer 12.2.2.6665u" = ElsterFormular für Unternehmer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Erotic-Lounge Manager" = Erotic-Lounge Manager 1.0.1517
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5
"Free Video Dub_is1" = Free Video Dub version 1.8.10
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.18.305
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"JB Licon1 Updater" = JB Licon1 Updater
"Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.5
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"Videoload Manager" = Videoload Manager 1.0.1514
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinZip" = WinZip
"WordToPDF_is1" = WordToPDF 2.4
"Zero" = Zero-Buchhaltung
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.10.2011 16:46:03 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.10.2011 11:21:00 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
0x4c6a9898, fehlerhaftes Modul hpz2ku09.dll, Version 0.3.0.0, Zeitstempel 0x4097827f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00020009, Prozess-ID 0x710, Anwendungsstartzeit
01cc97dd63b26069.
Error - 09.11.2011 05:51:35 | Computer Name = utti-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 7.0.1.4288 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 13d8 Anfangszeit: 01cc9ec38406ef00 Zeitpunkt der Beendigung:
190
Error - 10.11.2011 12:39:21 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul Flash11c.ocx, Version 11.0.1.152, Zeitstempel 0x4e7d1782,
Ausnahmecode 0xc0000005, Fehleroffset 0x0040a620, Prozess-ID 0x151c, Anwendungsstartzeit
01cc9fc1f6513760.
Error - 15.11.2011 13:34:23 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x94667058, Prozess-ID 0x178c, Anwendungsstartzeit
01cca3af34c81590.
Error - 18.11.2011 15:02:07 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.11.2011 17:14:12 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel
0x4cd2e07b, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc, Prozess-ID 0xa8c, Anwendungsstartzeit
01cca6a40065f130.
Error - 21.11.2011 15:27:37 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.11.2011 15:27:39 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.11.2011 05:53:06 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 21.03.2011 03:10:06 | Computer Name = utti-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 24.02.2009 10:41:18 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19371
seconds with 12180 seconds of active time. This session ended with a crash.
Error - 07.07.2009 03:53:15 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:04 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:46 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 06:09:27 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:29:59 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:31:08 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.08.2009 16:33:24 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.12.2010 11:55:01 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 280
seconds with 240 seconds of active time. This session ended with a crash.
Error - 15.02.2011 06:31:12 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10466
seconds with 1500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.11.2011 16:12:49 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 22.11.2011 03:05:39 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 08:33:13 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
22.11.2011, 14:01
| #5 |
| | 100 Tan Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2011 13:37:27 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\utti\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,83% Memory free 4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,00 Gb Total Space | 16,08 Gb Free Space | 13,51% Space Free | Partition Type: NTFS Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\utti\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Videoload Manager\ContentManager.exe (ACE GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Launch Manager\WButton.exe () PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Program Files\Launch Manager\LaunchAp.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\utti\AppData\Roaming\5045\components\AcroFF0458.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Launch Manager\WButton.exe () MOD - C:\Program Files\Launch Manager\LaunchAp.exe () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ContentMgrService) -- C:\Program Files\Videoload Manager\ContentManager.exe (ACE GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PSSDK42) -- C:\Windows\System32\drivers\pssdk42.sys (microOLAP Technologies LTD) DRV - (PSSDKLBF) -- C:\Windows\System32\drivers\pssdklbf.sys (microOLAP Technologies LTD) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows (R) Codename Longhorn DDK provider) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (w810obex) -- C:\Windows\System32\drivers\w810obex.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdm) -- C:\Windows\System32\drivers\w810mdm.sys (MCCI) DRV - (w810mdfl) -- C:\Windows\System32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\Windows\System32\drivers\w810bus.sys (MCCI) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = comdirect.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:80 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.comdirect.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPWMDRMWrapper: C:\Program Files\Common Files\mpDRM\NPWMDRMWrapper.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008.05.07 23:16:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 11:48:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 06:03:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\utti\AppData\Roaming\5045 [2011.11.21 12:38:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2009.07.07 09:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Extensions [2011.11.11 11:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions [2010.07.19 06:02:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 10:20:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.11 11:48:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.12.02 07:07:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\firefox@tvunetworks.com [2011.08.27 09:00:20 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\youtube2mp3@mondayx.de [2011.11.11 11:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.12.17 12:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.11.21 12:38:16 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\UTTI\APPDATA\ROAMING\5045 [2011.11.11 11:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.14 07:29:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.14 07:29:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.14 07:29:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.14 07:29:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.14 07:29:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.14 07:29:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.16 20:37:52 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{5DC3DC96-99A1-7F67-D792-706463EB81AC}] C:\Users\utti\AppData\Roaming\Babew\udlanoz.exe File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\utti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8889191D-50CE-4244-92A6-A164F2FAB58C}: DhcpNameServer = 10.129.32.1 10.111.81.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2538822-8FA8-4FB7-BABD-7A7E81D14206}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.21 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Malwarebytes [2011.11.21 20:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.21 20:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.21 20:26:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.21 20:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.21 12:38:15 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5045 [2011.11.20 14:48:36 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5044 [2011.11.19 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Yhawid [2011.11.19 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Babew [2011.11.18 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5043 [2011.11.18 19:54:54 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\xmldm [2011.11.18 19:54:51 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\kock [2011.11.17 20:51:22 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\webex [2011.11.17 20:48:42 | 000,000,000 | -HSD | C] -- C:\Users\utti\Documents\Documents\cache [2011.11.17 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx [2011.11.02 09:44:18 | 000,000,000 | ---D | C] -- C:\Users\utti\Documents\Documents\Videos [2011.11.02 09:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2011.11.02 09:44:06 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\KastorFreeVimeoDownloader [2011.11.02 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kastor Free Vimeo Downloader [2011.11.02 09:42:46 | 003,264,831 | ---- | C] (KastorSoft ) -- C:\Users\utti\Desktop\Setup_FreeVimeoDownloader.exe [2011.10.31 15:28:44 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2007.07.12 03:57:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\utti\AppData\Roaming\*.tmp files -> C:\Users\utti\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.22 13:40:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.22 13:40:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.22 13:36:46 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.22 13:36:46 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.22 13:36:46 | 000,131,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.22 13:36:46 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.22 13:32:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 13:32:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 13:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.21 20:39:13 | 000,000,072 | ---- | M] () -- C:\Users\utti\AppData\Roaming\blckdom.res [2011.11.21 20:26:29 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.11 22:58:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.02 09:52:52 | 000,086,528 | ---- | M] () -- C:\Users\utti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.02 09:44:09 | 000,000,963 | ---- | M] () -- C:\Users\utti\Desktop\Kastor Free Vimeo Downloader.lnk [2011.11.02 09:42:50 | 003,264,831 | ---- | M] (KastorSoft ) -- C:\Users\utti\Desktop\Setup_FreeVimeoDownloader.exe [2011.10.31 15:29:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2011.10.31 15:29:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\utti\AppData\Roaming\*.tmp files -> C:\Users\utti\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.21 20:26:29 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.18 19:55:15 | 000,000,072 | ---- | C] () -- C:\Users\utti\AppData\Roaming\blckdom.res [2011.11.02 09:44:09 | 000,000,963 | ---- | C] () -- C:\Users\utti\Desktop\Kastor Free Vimeo Downloader.lnk [2011.10.31 15:29:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2011.10.31 15:29:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.10.31 15:28:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2011.09.17 14:13:45 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI [2010.12.17 15:09:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.11.19 14:53:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.17 08:28:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 08:28:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll [2009.07.13 12:15:35 | 000,000,253 | ---- | C] () -- C:\Windows\tm.ini [2009.07.13 12:14:58 | 000,000,092 | ---- | C] () -- C:\Windows\d2hnav.ini [2009.07.13 12:14:03 | 000,000,027 | ---- | C] () -- C:\Windows\stwin05.ini [2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.06.14 21:18:20 | 000,097,992 | ---- | C] () -- C:\Windows\System32\canvidplayer8.dll [2008.10.29 06:25:20 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini [2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.08.29 07:38:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.03.17 08:14:36 | 000,000,121 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.09 15:59:42 | 000,000,020 | ---- | C] () -- C:\Windows\powerplayer.ini [2008.02.09 15:59:37 | 000,000,360 | ---- | C] () -- C:\Windows\psnetwork.ini [2008.01.02 08:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2007.12.11 06:54:39 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.19 17:39:25 | 000,086,528 | ---- | C] () -- C:\Users\utti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.06 12:49:50 | 000,000,092 | ---- | C] () -- C:\Users\utti\AppData\Local\fusioncache.dat [2007.08.24 11:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.07.12 03:57:45 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.09 16:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe [2007.07.06 06:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.07.06 06:39:06 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.07.06 06:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.07.06 05:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.06.20 12:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.06.20 12:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.06.11 13:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.06.11 13:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:33:31 | 000,642,258 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,678 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 003,790,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,607,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,108,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2011 13:37:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\utti\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,83% Memory free
4,21 Gb Paging File | 3,06 Gb Available in Paging File | 72,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 16,08 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C76EB6-E831-44A1-B4B0-2D1A2D22B96A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2867F7ED-FA52-410B-A877-DF22E172B3B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B22D65E-316A-4714-8EC5-DB2A037FFA9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{48967355-C636-4DE2-BB91-D2B6ED61D107}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6664D048-7C9E-430C-9435-4C3259E2E3B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81841874-7CDA-4D56-9DFA-A107BB703E71}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B274F027-A270-4B83-AC9E-9C738CAA4867}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B2B51264-FF2F-46F0-B2DF-939CE463B7A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0AF4C6B-8DBA-4800-88FF-43BF601C31EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F09F116-AC2C-4ECD-9777-79763B72BB06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E15F41C-02DC-4A45-9BE5-7066CAD5951C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{36B76DA6-35AA-479A-9C88-4392F01313B7}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{543241AE-5F0A-414E-9846-0E0B97F6AD1C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{604C467E-044F-407B-94FC-DA24AB18AC33}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{6DEF10A3-00DB-4498-910D-F6EBC09CE91B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{70867438-759E-41BB-A0B1-EDCB144792C7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{71A8B3AE-937B-4ACC-9CB5-D55CE267D92C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{897F9638-EA5B-4B3E-85B5-EA665D7A4E8D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{A3B07647-5382-4C13-A32D-48876A99E919}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{B5082DCF-FB59-457F-97A2-D63F8AE8DFAF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{CC16B03C-1C3C-4D5D-A13B-61466D38F45E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0816A2A-8DC9-4A94-8E09-C99DA8151398}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D2ECDC42-69B2-4015-B9AF-F39E37F3D98B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2054120-03FB-4BDB-B6A3-239DC189046A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{EBA3DB16-4CD8-4F78-BCA0-C3CACE637356}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8AE51FB-DFEF-4DE2-B06D-A47BCFBB0984}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"TCP Query User{1E290986-7261-4D82-B77F-D0CBC3583D84}C:\casino\casinoclub\casino.exe" = protocol=6 | dir=in | app=c:\casino\casinoclub\casino.exe |
"TCP Query User{272CE53E-8E56-46A5-9714-4BD6D6E86417}C:\program files\ppmate\ppmnet.exe" = protocol=6 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"TCP Query User{3579EF24-AD0B-449B-88A3-C87D19A483B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4619761E-D4FB-4D2F-8A1D-E59BBA74219C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{689F82ED-2A8F-45C5-9637-F220813E4DF6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B49E77BD-F341-4E45-B5B0-ADB4D1A77B55}C:\program files\sopcast\sopvod.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"TCP Query User{BE55E803-9152-47FA-8938-6A0969FE199C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D35764FD-3E4E-4E03-964D-D44504471817}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{D8BBAB34-4A15-43A5-9366-8C108715A8AB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DDDE2CB5-2A36-4994-BAA3-E6453AB3DFF7}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=6 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
"TCP Query User{E11B7525-6D36-405E-817E-562755C253E3}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EE9B2A86-04D4-404F-87F1-D90604E1007F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F7CE2338-5DE5-4DF3-AAFA-DAF5F28331F9}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{071EA504-ABD2-4578-967B-5D1AA4FA2675}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{139D2D4D-7CA1-4614-8276-15EE189AEE74}C:\casino\casinoclub\casino.exe" = protocol=17 | dir=in | app=c:\casino\casinoclub\casino.exe |
"UDP Query User{2D577611-DB7E-4FD0-9E2F-238CD12E4290}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{46096F92-E86A-4648-854F-BB60CF40C802}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{49DEE46F-3F92-4EC6-82CA-8BE5581B9994}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{6A55B53C-1E06-4892-BB00-C9689DB07E30}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6C032088-9F74-4EE9-BA41-79FDAD4A707A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7E74A7E0-0BF9-40F4-8275-D453687E2BDA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{89C0C0BB-6BCD-4ABC-ABF8-C9C28B3D7C88}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{97CDDE5F-9653-4476-A42B-7E79034773C7}C:\program files\ppmate\ppmnet.exe" = protocol=17 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"UDP Query User{A881B028-0AD1-4EC9-BE85-242607051691}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{ACF2BEAA-F31C-4A92-B2A2-970B9B58EE37}C:\program files\sopcast\sopvod.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"UDP Query User{FD7B0BA5-44A1-4D5D-81E4-E4840CB7911E}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=17 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF7480B8-0986-4D9A-8778-28F32BFC0AB0}" = AAVUpdateManager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Unternehmer 12.2.2.6665u" = ElsterFormular für Unternehmer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Erotic-Lounge Manager" = Erotic-Lounge Manager 1.0.1517
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5
"Free Video Dub_is1" = Free Video Dub version 1.8.10
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.18.305
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"JB Licon1 Updater" = JB Licon1 Updater
"Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.5
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"Videoload Manager" = Videoload Manager 1.0.1514
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinZip" = WinZip
"WordToPDF_is1" = WordToPDF 2.4
"Zero" = Zero-Buchhaltung
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.10.2011 16:46:03 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 31.10.2011 11:21:00 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
0x4c6a9898, fehlerhaftes Modul hpz2ku09.dll, Version 0.3.0.0, Zeitstempel 0x4097827f,
Ausnahmecode 0xc0000005, Fehleroffset 0x00020009, Prozess-ID 0x710, Anwendungsstartzeit
01cc97dd63b26069.
Error - 09.11.2011 05:51:35 | Computer Name = utti-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 7.0.1.4288 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 13d8 Anfangszeit: 01cc9ec38406ef00 Zeitpunkt der Beendigung:
190
Error - 10.11.2011 12:39:21 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul Flash11c.ocx, Version 11.0.1.152, Zeitstempel 0x4e7d1782,
Ausnahmecode 0xc0000005, Fehleroffset 0x0040a620, Prozess-ID 0x151c, Anwendungsstartzeit
01cc9fc1f6513760.
Error - 15.11.2011 13:34:23 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x94667058, Prozess-ID 0x178c, Anwendungsstartzeit
01cca3af34c81590.
Error - 18.11.2011 15:02:07 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.11.2011 17:14:12 | Computer Name = utti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel
0x4cd2e07b, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc, Prozess-ID 0xa8c, Anwendungsstartzeit
01cca6a40065f130.
Error - 21.11.2011 15:27:37 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.11.2011 15:27:39 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.11.2011 05:53:06 | Computer Name = utti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 21.03.2011 03:10:06 | Computer Name = utti-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 24.02.2009 10:41:18 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19371
seconds with 12180 seconds of active time. This session ended with a crash.
Error - 07.07.2009 03:53:15 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:04 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:46 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 06:09:27 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:29:59 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:31:08 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.08.2009 16:33:24 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.12.2010 11:55:01 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 280
seconds with 240 seconds of active time. This session ended with a crash.
Error - 15.02.2011 06:31:12 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10466
seconds with 1500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.11.2011 16:12:49 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 22.11.2011 03:05:39 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 03:11:41 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 22.11.2011 08:33:13 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
22.11.2011, 14:05
| #6 |
| | 100 Tan Trojaner Der TDSS Scan ist auch durch, aber ich kann den Report nicht kopieren. Warum weiss ich nicht. Aber er hat soweit ich das sehe nichts gefunden. Detected objects count 0 auch bei den Detalis alle objects o.k.! |
|
22.11.2011, 19:20
| #7 |
| | 100 Tan Trojaner Hallo, da ist einiges auf Deinem Rechner los, bevor ich mich jetzt mit OTL verkünstele, bitte alle Funde von MAM löschen lassen (falls noch nicht erfolgt). Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\utti\AppData\Roaming\5045\components\AcroFF0458.dll
C:\Windows\System32\drivers\HOTKEY.sys
Im OTL-Log taucht noch ein bisschen was auf, daher: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
22.11.2011, 22:15
| #8 |
| | 100 Tan Trojaner File name: a129fee1e5e435af2e8bb5d791608454 Submission date: 2011-09-04 10:59:15 (UTC) Current status: finished Result: 33/43 (76.7%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.09.03.00 2011.09.03 Trojan/Win32.Vapsup AntiVir 7.11.14.90 2011.09.02 ADSPY/AdSpy.Gen Antiy-AVL 2.0.3.7 2011.09.04 - Avast 4.8.1351.0 2011.09.04 Win32:BHO-NN [Trj] Avast5 5.0.677.0 2011.09.04 Win32:BHO-NN [Trj] AVG 10.0.0.1190 2011.09.04 Downloader.Adload.HQ BitDefender 7.2 2011.09.04 Trojan.Zlob.16402 ByteHero 1.0.0.1 2011.08.22 - CAT-QuickHeal 11.00 2011.09.04 Trojan.Vapsup.exo ClamAV 0.97.0.0 2011.09.04 Trojan.Zlob-5045 Commtouch 5.3.2.6 2011.09.03 W32/Trojan2.BLJQ Comodo 9987 2011.09.04 TrojWare.Win32.Vapsup.ADW DrWeb 5.0.2.03300 2011.09.04 Trojan.Siggen2.18420 Emsisoft 5.1.0.11 2011.09.04 Trojan.Win32.Vapsup!IK eSafe 7.0.17.0 2011.09.01 - eTrust-Vet 36.1.8537 2011.09.02 Win32/Pripecs.AAX F-Prot 4.6.2.117 2011.09.03 W32/Trojan2.BLJQ F-Secure 9.0.16440.0 2011.09.03 Trojan.Zlob.16402 Fortinet 4.3.370.0 2011.09.04 W32/Vapsup.EXO!tr GData 22 2011.09.04 Trojan.Zlob.16402 Ikarus T3.1.1.107.0 2011.09.04 Trojan.Win32.Vapsup Jiangmin 13.0.900 2011.09.03 Trojan/Vapsup.hfl K7AntiVirus 9.111.5083 2011.09.02 Trojan Kaspersky 9.0.0.837 2011.09.04 Trojan.Win32.Vapsup.exo McAfee 5.400.0.1158 2011.09.04 AdClicker-FC McAfee-GW-Edition 2010.1D 2011.09.03 AdClicker-FC Microsoft 1.7604 2011.09.04 TrojanDownloader:Win32/Zlob.gen!DB NOD32 6434 2011.09.04 a variant of Win32/Adware.Vapsup.AS Norman 6.07.11 2011.09.03 - Panda 10.0.3.5 2011.09.03 Trj/CI.A PCTools 8.0.0.5 2011.09.04 Downloader.Zlob Prevx 3.0 2011.09.04 - Rising 23.73.01.03 2011.08.30 Trojan.Win32.Undef.int Sophos 4.69.0 2011.09.04 Mal/Zlob-Q SUPERAntiSpyware 4.40.0.1006 2011.09.03 - Symantec 20111.2.0.82 2011.09.04 Downloader.Zlob!gen.3 TheHacker 6.7.0.1.290 2011.09.03 Trojan/Vapsup.exo TrendMicro 9.500.0.1008 2011.09.03 - TrendMicro-HouseCall 9.500.0.1008 2011.09.04 - VBA32 None 2011.09.02 - VIPRE 10366 2011.09.04 Vapsup ViRobot 2011.9.3.4655 2011.09.03 - VirusBuster 14.0.200.0 2011.09.03 Trojan.Vapsup!/8NBCdu114o Additional information Show all MD5 : a129fee1e5e435af2e8bb5d791608454 SHA1 : 41f1c04915d94efb22a35e590ad0981e4f7a0e7f SHA256: 301379f6242e5ba5580b2c2d9e7e899e9950a997d88f4db0fa3c61c2fa94cdd1 VT Community User: BugBopperGuy Reputation: 5084 credits Comment date: 2010-09-14 13:22:55 (UTC) BugBopper identifies this file as W32/Vapsup.DIL More info: Site Not Available Tags: vapsup, zlob, 5045 |
|
22.11.2011, 22:16
| #9 |
| | 100 Tan Trojaner File name: smona131409525337216281716 Submission date: 2011-08-23 10:29:08 (UTC) Current status: finished Result: 34/43 (79.1%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.08.23.00 2011.08.23 - AntiVir 7.11.13.184 2011.08.23 HLLT-5045 Antiy-AVL 2.0.3.7 2011.08.23 Trojan/win32.agent Avast 4.8.1351.0 2011.08.22 HLLP-DirtyNazi-5045 Avast5 5.0.677.0 2011.08.22 HLLP-DirtyNazi-5045 AVG 10.0.0.1190 2011.08.23 Generic_c.BQVN BitDefender 7.2 2011.08.23 HLLP.5045 ByteHero 1.0.0.1 2011.08.22 - CAT-QuickHeal 11.00 2011.08.23 - ClamAV 0.97.0.0 2011.08.23 DOS.DNVG.5045 Commtouch 5.3.2.6 2011.08.23 HLLP.5045.A Comodo 9844 2011.08.23 Hll.5045 DrWeb 5.0.2.03300 2011.08.23 HLLP.Nazi.5045 Emsisoft 5.1.0.10 2011.08.23 Virus.DOS.HLLP.DNVG!IK eSafe 7.0.17.0 2011.08.22 Win32.Hllt eTrust-Vet 36.1.8516 2011.08.23 - F-Prot 4.6.2.117 2011.08.22 HLLP.5045.A F-Secure 9.0.16440.0 2011.08.23 HLLP.5045 Fortinet 4.2.257.0 2011.08.23 HLLP.5045 GData 22 2011.08.23 HLLP.5045 Ikarus T3.1.1.107.0 2011.08.23 Virus.DOS.HLLP.DNVG Jiangmin 13.0.900 2011.08.22 HLLP/DNVG.5045 K7AntiVirus 9.110.5042 2011.08.22 Virus Kaspersky 9.0.0.837 2011.08.23 Virus.DOS.HLLP.DNVG.5045.a McAfee 5.400.0.1158 2011.08.23 HLLT.DNazi.5045 McAfee-GW-Edition 2010.1D 2011.08.22 HLLT.DNazi.5045 Microsoft 1.7604 2011.08.23 Virus  OS/5045NOD32 6402 2011.08.23 Hll.5045 nProtect 2011-08-23.01 2011.08.23 - Panda 10.0.3.5 2011.08.22 HLL.Gen PCTools 8.0.0.5 2011.08.23 HLLT.5045 (1) Prevx 3.0 2011.08.23 - Rising 23.72.01.03 2011.08.23 Virus.Dos.HLLP.DNVG.5045.a Sophos 4.68.0 2011.08.23 HLLT/5045 SUPERAntiSpyware 4.40.0.1006 2011.08.23 - Symantec 20111.2.0.82 2011.08.23 HLLT.5045 (1) TheHacker 6.7.0.1.282 2011.08.22 HLLP.5045.A TrendMicro 9.500.0.1008 2011.08.23 HLLP.5045 TrendMicro-HouseCall 9.500.0.1008 2011.08.23 HLLP.5045 VBA32 3.12.16.4 2011.08.23 - VIPRE 10247 2011.08.23 - ViRobot 2011.8.23.4635 2011.08.23 Virus.DOS.S.HLLP.5045 VirusBuster 14.0.181.1 2011.08.22 HLLP.5045 Additional information Show all MD5 : e3b595019fb4198b567ee0cf601b086d SHA1 : 8058666db10d6d2dc2ffad6f33274bfe287fc796 SHA256: da454b81359acfe4ec5dbdaa11fe4e65cbc7eeefb81fd8113998b81a9b52798d VT Community User: BugBopperGuy Reputation: 5084 credits Comment date: 2010-09-20 10:39:23 (UTC) BugBopper identifies this file as Virus.DOS.HLLP.DNVG.5045.a More info: Site Not Available Tags: 5045, hllp, dnvg |
|
22.11.2011, 22:18
| #10 |
| | 100 Tan Trojaner File name: CD393403BF6BEC0AF1EA9951DA6D66C3 Submission date: 2011-08-28 19:35:05 (UTC) Current status: finished Result: 33/44 (75.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.08.27.01 2011.08.28 HLLP.5045 AntiVir 7.11.14.0 2011.08.26 DOS/HLLP.DNVG.5045 Antiy-AVL 2.0.3.7 2011.08.28 - Avast 4.8.1351.0 2011.08.28 HLLP-Nazi-5045 Avast5 5.0.677.0 2011.08.28 HLLP-Nazi-5045 AVG 10.0.0.1190 2011.08.28 Generic_c.BQEV BitDefender 7.2 2011.08.28 HLLP.DNVG.5045.B ByteHero 1.0.0.1 2011.08.22 - CAT-QuickHeal 11.00 2011.08.28 - ClamAV 0.97.0.0 2011.08.28 DOS.DNVG.5045 Commtouch 5.3.2.6 2011.08.28 HLLP.5045.B Comodo 9908 2011.08.28 UnclassifiedMalware DrWeb 5.0.2.03300 2011.08.28 HLLP.Nazi.5045 Emsisoft 5.1.0.10 2011.08.28 Hllp.5045.B!IK eSafe 7.0.17.0 2011.08.28 Win32.DOSHLLP.Dnvg eTrust-Vet 36.1.8525 2011.08.26 - F-Prot 4.6.2.117 2011.08.28 HLLP.5045.B F-Secure 9.0.16440.0 2011.08.28 HLLP.DNVG.5045.B Fortinet 4.2.257.0 2011.08.27 HLLP.5045 GData 22 2011.08.28 HLLP.DNVG.5045.B Ikarus T3.1.1.107.0 2011.08.28 Hllp.5045.B Jiangmin 13.0.900 2011.08.28 HLLP/DNVG.5045.b K7AntiVirus 9.111.5060 2011.08.26 Virus Kaspersky 9.0.0.837 2011.08.28 Virus.DOS.HLLP.DNVG.5045.b McAfee 5.400.0.1158 2011.08.28 HLLT.DNazi.5045 McAfee-GW-Edition 2010.1D 2011.08.28 HLLT.DNazi.5045 Microsoft 1.7604 2011.08.28 Virus OS/5045.BNOD32 6418 2011.08.28 HLLP/DNVG.5045.B Norman 6.07.10 2011.08.28 HLLP.DNVG.5045 nProtect 2011-08-28.01 2011.08.28 - Panda 10.0.3.5 2011.08.28 HLLO.Gen PCTools 8.0.0.5 2011.08.28 - Prevx 3.0 2011.08.28 - Rising 23.72.04.03 2011.08.26 Virus.Dos.HLLP.DNVG.5045.b Sophos 4.68.0 2011.08.28 Hlp Dnazi-5045 SUPERAntiSpyware 4.40.0.1006 2011.08.27 - Symantec 20111.2.0.82 2011.08.28 HLLT.5045 (1) TheHacker 6.7.0.1.286 2011.08.28 HLLP.5045.B TrendMicro 9.500.0.1008 2011.08.25 HLLP.5045 TrendMicro-HouseCall 9.500.0.1008 2011.08.28 HLLP.5045 VBA32 3.12.16.4 2011.08.26 - VIPRE 10298 2011.08.28 - ViRobot 2011.8.27.4643 2011.08.28 - VirusBuster 14.0.189.0 2011.08.28 HLLP.5045.B Additional information Show all MD5 : cd393403bf6bec0af1ea9951da6d66c3 SHA1 : 9982f911eea2c0ea4530c09377dbd41ec412be39 SHA256: 555295545e457274640fcaccf38ae911fc08321db8d97b7c6ce3e7b7b7360127 VT Community User: BugBopperGuy Reputation: 5084 credits Comment date: 2010-09-20 10:39:25 (UTC) BugBopper identifies this file as Virus.DOS.HLLP.DNVG.5045.b More info: Site Not Available Tags: 5045, hllp, dnvg |
|
22.11.2011, 22:20
| #11 |
| | 100 Tan Trojaner File name: E7F4492E71432C2D6B1322F02DAB90AA Submission date: 2011-07-27 11:28:04 (UTC) Current status: finished Result: 37/43 (86.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.07.27.00 2011.07.27 Win32/IRCBot.worm.variant AntiVir 7.11.12.133 2011.07.27 TR/Gendal.3730011.1 Antiy-AVL 2.0.3.7 2011.07.27 - Avast 4.8.1351.0 2011.07.27 Win32:CeeInject-I [Trj] Avast5 5.0.677.0 2011.07.27 Win32:CeeInject-I [Trj] AVG 10.0.0.1190 2011.07.27 BackDoor.Ircbot.ISR BitDefender 7.2 2011.07.27 Trojan.Generic.5993193 CAT-QuickHeal 11.00 2011.07.27 Backdoor.IRCBot.knb ClamAV 0.97.0.0 2011.07.27 - Commtouch 5.3.2.6 2011.07.27 W32/Trojan!471b Comodo 9524 2011.07.27 Backdoor.Win32.IRCBot.knc DrWeb 5.0.2.03300 2011.07.27 BackDoor.IRC.Sdbot.5255 Emsisoft 5.1.0.8 2011.07.27 Backdoor.Win32.IRCBot!IK eSafe 7.0.17.0 2011.07.26 Win32.VirToolCeeInje eTrust-Vet 36.1.8467 2011.07.27 - F-Prot 4.6.2.117 2011.07.27 W32/Trojan!471b F-Secure 9.0.16440.0 2011.07.27 Trojan.Generic.5993193 Fortinet 4.2.257.0 2011.07.27 - GData 22 2011.07.27 Trojan.Generic.5993193 Ikarus T3.1.1.104.0 2011.07.27 Backdoor.Win32.IRCBot Jiangmin 13.0.900 2011.07.26 Backdoor/IRCBot.gey K7AntiVirus 9.108.4950 2011.07.26 Trojan Kaspersky 9.0.0.837 2011.07.27 Backdoor.Win32.IRCBot.knc McAfee 5.400.0.1158 2011.07.27 W32/Spybot.worm!i McAfee-GW-Edition 2010.1D 2011.07.26 W32/Spybot.worm!i Microsoft 1.7104 2011.07.27 VirTool:Win32/CeeInject.gen!U NOD32 6328 2011.07.27 IRC/SdBot Norman 6.07.10 2011.07.27 W32/Spybot.DOHZ nProtect 2011-07-27.01 2011.07.27 Backdoor/W32.IRCBot.44594.B Panda 10.0.3.5 2011.07.26 Generic Malware PCTools 8.0.0.5 2011.07.27 Trojan.IRCBot!rem Prevx 3.0 2011.07.27 - Rising 23.68.02.03 2011.07.27 Worm.Win32.Undef.ho Sophos 4.67.0 2011.07.27 Mal/Generic-L SUPERAntiSpyware 4.40.0.1006 2011.07.27 - Symantec 20111.1.0.186 2011.07.27 W32.IRCBot TheHacker 6.7.0.1.263 2011.07.26 Backdoor/IRCBot.knb TrendMicro 9.200.0.1012 2011.07.27 Mal_DRPR-3 TrendMicro-HouseCall 9.200.0.1012 2011.07.27 Mal_DRPR-3 VBA32 3.12.16.4 2011.07.26 Backdoor.Win32.IRCBot.knt VIPRE 9979 2011.07.27 VirTool.Win32.Injector.gen!N (v) ViRobot 2011.7.27.4591 2011.07.27 Backdoor.Win32.IRCBot.45106.B VirusBuster 14.0.140.0 2011.07.26 VirTool.CeeInject!usyo+6u1lXg Additional information Show all MD5 : e7f4492e71432c2d6b1322f02dab90aa SHA1 : a714636185506255f8f7a9ae1423bca1d0786aa2 SHA256: 362b5a7de68946169f061a90b6563d01382f4d524eaaa04d94189e24f7b23ebc VT Community User: BugBopperGuy Reputation: 5084 credits Comment date: 2010-09-21 02:08:53 (UTC) BugBopper identifies this file as W32/Spybot.DOHZ More info: Site Not Available Tags: ircbot, spybot, 5045 |
|
22.11.2011, 23:54
| #12 |
| | 100 Tan Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-11-22.01 - utti 22.11.2011 23:00:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1134 [GMT 1:00]
ausgeführt von:: c:\users\utti\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\test.txt
c:\users\utti\AppData\Roaming\AcroIEHelpe.txt
c:\users\utti\AppData\Roaming\srvblck2.tmp
c:\users\utti\gsv49w32.exe
c:\windows\IsUn0407.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-22 bis 2011-11-22 ))))))))))))))))))))))))))))))
.
.
2011-11-22 22:13 . 2011-11-22 22:13 -------- d-----w- c:\users\madmax\AppData\Local\temp
2011-11-22 22:13 . 2011-11-22 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 21:52 . 2011-11-18 13:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-11-22 21:52 . 2011-11-18 13:13 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-11-22 21:52 . 2011-11-22 21:52 -------- d-----w- c:\users\utti\AppData\Roaming\TuneUp Software
2011-11-22 21:52 . 2011-11-22 21:52 -------- d-----w- c:\program files\TuneUp Utilities 2012
2011-11-22 21:51 . 2011-11-22 21:53 -------- d-----w- c:\programdata\TuneUp Software
2011-11-22 21:51 . 2011-11-22 21:51 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-11-22 12:58 . 2011-11-22 12:58 -------- d-----w- C:\TDSS
2011-11-21 19:26 . 2011-11-21 19:26 -------- d-----w- c:\users\utti\AppData\Roaming\Malwarebytes
2011-11-21 19:26 . 2011-11-21 19:26 -------- d-----w- c:\programdata\Malwarebytes
2011-11-21 19:26 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 19:26 . 2011-11-22 12:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 11:38 . 2011-11-21 11:38 -------- d-----w- c:\users\utti\AppData\Roaming\5045
2011-11-20 13:48 . 2011-11-20 13:48 -------- d-----w- c:\users\utti\AppData\Roaming\5044
2011-11-19 18:23 . 2011-11-21 19:38 -------- d-----w- c:\users\utti\AppData\Roaming\Babew
2011-11-19 18:23 . 2011-11-21 19:28 -------- d-----w- c:\users\utti\AppData\Roaming\Yhawid
2011-11-18 18:55 . 2011-11-18 18:55 -------- d-----w- c:\users\utti\AppData\Roaming\5043
2011-11-18 18:54 . 2011-11-19 14:17 -------- d-----w- c:\users\utti\AppData\Roaming\xmldm
2011-11-18 18:54 . 2011-11-18 18:54 -------- d-----w- c:\users\utti\AppData\Roaming\kock
2011-11-17 19:51 . 2011-11-17 19:51 -------- d-----w- c:\users\utti\AppData\Roaming\webex
2011-11-17 19:48 . 2011-11-17 19:48 -------- d-----w- c:\programdata\WebEx
2011-11-09 09:46 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 09:45 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:45 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-02 08:44 . 2011-11-02 08:44 -------- d-----w- c:\users\utti\AppData\Roaming\KastorFreeVimeoDownloader
2011-11-02 08:44 . 2011-11-02 08:44 -------- d-----w- c:\program files\Kastor Free Vimeo Downloader
2011-10-31 14:28 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-10-31 14:28 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-22 22:15 . 2011-11-22 22:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3925564-E284-4B42-A3B8-C555B6C0D1FD}\offreg.dll
2011-11-11 21:58 . 2011-05-17 19:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-17 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-17 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-17 04:55 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-07 03:48 . 2011-11-22 07:12 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3925564-E284-4B42-A3B8-C555B6C0D1FD}\mpengine.dll
2011-09-27 04:15 . 2011-09-27 04:15 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-27 04:15 . 2011-09-27 04:15 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-27 04:15 . 2011-09-27 04:15 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-27 04:15 . 2011-09-27 04:15 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-27 04:15 . 2011-09-27 04:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-27 04:15 . 2011-09-27 04:15 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-27 04:15 . 2011-09-27 04:15 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-27 04:15 . 2011-09-27 04:15 367104 ----a-w- c:\windows\system32\html.iec
2011-09-27 04:15 . 2011-09-27 04:15 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-27 04:15 . 2011-09-27 04:15 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-27 04:15 . 2011-09-27 04:15 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-27 04:15 . 2011-09-27 04:15 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-27 04:15 . 2011-09-27 04:15 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-27 04:15 . 2011-09-27 04:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-27 04:15 . 2011-09-27 04:15 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-27 04:15 . 2011-09-27 04:15 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-27 04:15 . 2011-09-27 04:15 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-27 04:15 . 2011-09-27 04:15 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-06 13:30 . 2011-10-13 03:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-14 06:09 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 06:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 06:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 16:15 . 2011-10-13 03:29 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 03:29 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-13 03:29 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-13 03:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-11 10:48 . 2011-09-09 05:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"TVBroadcast"="c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2007-05-08 790016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-11-27 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\divx\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 08:11 339312 ----a-w- c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-06-30 18912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-01-24 38976]
S1 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-01-24 53312]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ContentMgrService;Content Management Service;c:\program files\Videoload Manager\ContentManager.exe [2008-03-12 508928]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-11 65856]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-05-04 1600512]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 277504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-08 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 05:57]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 05:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.comdirect.de/
uInternet Settings,ProxyServer = 192.168.2.1:80
IE: Free YouTube to Mp3 Converter - c:\users\utti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comdirect.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
URLSearchHooks-{f4e6547e-325b-403c-a3bb-ad29ed37a92f} - (no file)
BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
HKCU-Run-{5DC3DC96-99A1-7F67-D792-706463EB81AC} - c:\users\utti\AppData\Roaming\Babew\udlanoz.exe
AddRemove-JB Licon1 Updater - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-22 23:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-22 23:30:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-22 22:30
.
Vor Suchlauf: 15 Verzeichnis(se), 17.986.486.272 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 17.115.623.424 Bytes frei
.
- - End Of File - - 20CAEFD69BBE942697097EB06FC82A20
|
|
23.11.2011, 08:39
| #13 |
| | 100 Tan Trojaner Hi, leider ist mir nicht klar, was zu welchem File gehört... Im schlimmsten Fall bleibt wieder was stehen (HotKey.sys, das gibt es in beiden Varianten, als Trojaner und "Systemdatei")... Falls es nicht positiv gestet wurde, die Zeile Code:
ATTFilter Driver::
Hotkey
Combofix scripten Den folgenden Text in den Editor (Start -> Zubehör -> Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop ablegen. Gib an "Alle Dateien" - Speichern: Code:
ATTFilter KillAll::
Folder::
c:\users\utti\AppData\Roaming\5045
c:\users\utti\AppData\Roaming\5044
c:\users\utti\AppData\Roaming\Babew
c:\users\utti\AppData\Roaming\Yhawid
c:\users\utti\AppData\Roaming\5043
c:\users\utti\AppData\Roaming\xmldm
c:\users\utti\AppData\Roaming\kock
File::
c:\users\utti\AppData\Roaming\Babew\udlanoz.exe
C:\Users\utti\AppData\Roaming\5045\components\AcroFF0458.dll
Driver::
Hotkey
Registry::
[-HKEY_CURRENT_USER\~\Browser Helper Objects\{F64C2181-0062-4ED8-B6B0-72BB47BA711C}]
[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Run]
"{5DC3DC96-99A1-7F67-D792-706463EB81AC}"=-
und per drag-and-drop auf das Combofix-Icon fallen lassen. Der sollte nun starten und das Script abarbeiten; Poste danach das Log von Combofix.  Bitte ein neues OTL-Log estellen und ebenfalls posten! Chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
23.11.2011, 10:59
| #14 |
| | 100 Tan Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2011 10:48:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\utti\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,91% Memory free
4,21 Gb Paging File | 2,80 Gb Available in Paging File | 66,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 14,68 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\utti\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Videoload Manager\ContentManager.exe (ACE GmbH)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\WButton.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Launch Manager\LaunchAp.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\utti\AppData\Roaming\5045\components\AcroFF0458.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll ()
MOD - C:\Program Files\Launch Manager\WButton.exe ()
MOD - C:\Program Files\Launch Manager\LaunchAp.exe ()
========== Win32 Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ContentMgrService) -- C:\Program Files\Videoload Manager\ContentManager.exe (ACE GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PSSDK42) -- C:\Windows\System32\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV - (PSSDKLBF) -- C:\Windows\System32\drivers\pssdklbf.sys (microOLAP Technologies LTD)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (w810obex) -- C:\Windows\System32\drivers\w810obex.sys (MCCI)
DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\w810mgmt.sys (MCCI)
DRV - (w810mdm) -- C:\Windows\System32\drivers\w810mdm.sys (MCCI)
DRV - (w810mdfl) -- C:\Windows\System32\drivers\w810mdfl.sys (MCCI)
DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\Windows\System32\drivers\w810bus.sys (MCCI)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = comdirect.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:80
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.comdirect.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPWMDRMWrapper: C:\Program Files\Common Files\mpDRM\NPWMDRMWrapper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008.05.07 23:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 11:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 06:03:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\utti\AppData\Roaming\5045 [2011.11.21 12:38:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
[2009.07.07 09:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Extensions
[2011.11.11 11:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions
[2010.07.19 06:02:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.28 10:20:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.11 11:48:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.02 07:07:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\firefox@tvunetworks.com
[2011.08.27 09:00:20 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\youtube2mp3@mondayx.de
[2011.11.11 11:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.17 12:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.11.21 12:38:16 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\UTTI\APPDATA\ROAMING\5045
[2011.11.11 11:48:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.14 07:29:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.14 07:29:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.14 07:29:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.14 07:29:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.14 07:29:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.14 07:29:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.04.16 20:37:52 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{5DC3DC96-99A1-7F67-D792-706463EB81AC}] C:\Users\utti\AppData\Roaming\Babew\udlanoz.exe File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\utti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8889191D-50CE-4244-92A6-A164F2FAB58C}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2538822-8FA8-4FB7-BABD-7A7E81D14206}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.11.23 10:24:57 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Local\Temp(12)
[2011.11.23 09:59:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.11.23 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Local\Temp(11)
[2011.11.22 23:30:43 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Local\Temp(6)
[2011.11.22 22:52:33 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\TuneUp Software
[2011.11.22 22:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.11.22 22:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.11.22 22:50:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.22 13:58:47 | 000,000,000 | ---D | C] -- C:\TDSS
[2011.11.21 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Malwarebytes
[2011.11.21 20:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.21 20:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.21 20:26:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.21 20:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.21 12:38:15 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5045
[2011.11.20 14:48:36 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5044
[2011.11.19 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Yhawid
[2011.11.19 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Babew
[2011.11.18 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\5043
[2011.11.18 19:54:54 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\xmldm
[2011.11.18 19:54:51 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\kock
[2011.11.17 20:51:22 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\webex
[2011.11.17 20:48:42 | 000,000,000 | -HSD | C] -- C:\Users\utti\Documents\Documents\cache
[2011.11.17 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2011.11.02 09:44:18 | 000,000,000 | ---D | C] -- C:\Users\utti\Documents\Documents\Videos
[2011.11.02 09:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader
[2011.11.02 09:44:06 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\KastorFreeVimeoDownloader
[2011.11.02 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kastor Free Vimeo Downloader
[2011.11.02 09:42:46 | 003,264,831 | ---- | C] (KastorSoft ) -- C:\Users\utti\Desktop\Setup_FreeVimeoDownloader.exe
[2011.10.31 15:28:44 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2007.07.12 03:57:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.23 10:45:51 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.23 10:45:51 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.23 10:45:51 | 000,131,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.23 10:45:51 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.23 10:40:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.23 10:39:09 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.23 10:38:31 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 10:38:31 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 10:38:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.21 20:39:13 | 000,000,072 | ---- | M] () -- C:\Users\utti\AppData\Roaming\blckdom.res
[2011.11.21 20:26:29 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.11 22:58:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.02 09:52:52 | 000,086,528 | ---- | M] () -- C:\Users\utti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.02 09:44:09 | 000,000,963 | ---- | M] () -- C:\Users\utti\Desktop\Kastor Free Vimeo Downloader.lnk
[2011.11.02 09:42:50 | 003,264,831 | ---- | M] (KastorSoft ) -- C:\Users\utti\Desktop\Setup_FreeVimeoDownloader.exe
[2011.10.31 15:29:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2011.10.31 15:29:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.21 20:26:29 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.18 19:55:15 | 000,000,072 | ---- | C] () -- C:\Users\utti\AppData\Roaming\blckdom.res
[2011.11.02 09:44:09 | 000,000,963 | ---- | C] () -- C:\Users\utti\Desktop\Kastor Free Vimeo Downloader.lnk
[2011.10.31 15:29:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2011.10.31 15:29:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.10.31 15:28:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.09.17 14:13:45 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI
[2010.12.17 15:09:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.11.19 14:53:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 08:28:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 08:28:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009.07.13 12:15:35 | 000,000,253 | ---- | C] () -- C:\Windows\tm.ini
[2009.07.13 12:14:58 | 000,000,092 | ---- | C] () -- C:\Windows\d2hnav.ini
[2009.07.13 12:14:03 | 000,000,027 | ---- | C] () -- C:\Windows\stwin05.ini
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.06.14 21:18:20 | 000,097,992 | ---- | C] () -- C:\Windows\System32\canvidplayer8.dll
[2008.10.29 06:25:20 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.08.29 07:38:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.03.17 08:14:36 | 000,000,121 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.02.09 15:59:42 | 000,000,020 | ---- | C] () -- C:\Windows\powerplayer.ini
[2008.02.09 15:59:37 | 000,000,360 | ---- | C] () -- C:\Windows\psnetwork.ini
[2008.01.02 08:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007.12.11 06:54:39 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.19 17:39:25 | 000,086,528 | ---- | C] () -- C:\Users\utti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.06 12:49:50 | 000,000,092 | ---- | C] () -- C:\Users\utti\AppData\Local\fusioncache.dat
[2007.08.24 11:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.07.12 03:57:45 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.07.09 16:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe
[2007.07.06 06:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.07.06 06:39:06 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.07.06 06:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.07.06 05:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.06.20 12:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.06.20 12:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.06.11 13:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.06.11 13:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,642,258 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,131,678 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 003,790,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,607,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C
< End of report >
|
|
23.11.2011, 11:01
| #15 |
| | 100 Tan Trojaner OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2011 10:48:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\utti\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,91% Memory free
4,21 Gb Paging File | 2,80 Gb Available in Paging File | 66,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 14,68 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C76EB6-E831-44A1-B4B0-2D1A2D22B96A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2867F7ED-FA52-410B-A877-DF22E172B3B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B22D65E-316A-4714-8EC5-DB2A037FFA9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{48967355-C636-4DE2-BB91-D2B6ED61D107}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6664D048-7C9E-430C-9435-4C3259E2E3B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81841874-7CDA-4D56-9DFA-A107BB703E71}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B274F027-A270-4B83-AC9E-9C738CAA4867}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B2B51264-FF2F-46F0-B2DF-939CE463B7A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0AF4C6B-8DBA-4800-88FF-43BF601C31EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F09F116-AC2C-4ECD-9777-79763B72BB06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E15F41C-02DC-4A45-9BE5-7066CAD5951C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{36B76DA6-35AA-479A-9C88-4392F01313B7}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{543241AE-5F0A-414E-9846-0E0B97F6AD1C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{604C467E-044F-407B-94FC-DA24AB18AC33}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{6DEF10A3-00DB-4498-910D-F6EBC09CE91B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{70867438-759E-41BB-A0B1-EDCB144792C7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{71A8B3AE-937B-4ACC-9CB5-D55CE267D92C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{897F9638-EA5B-4B3E-85B5-EA665D7A4E8D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{A3B07647-5382-4C13-A32D-48876A99E919}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{B5082DCF-FB59-457F-97A2-D63F8AE8DFAF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{CC16B03C-1C3C-4D5D-A13B-61466D38F45E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0816A2A-8DC9-4A94-8E09-C99DA8151398}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D2ECDC42-69B2-4015-B9AF-F39E37F3D98B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2054120-03FB-4BDB-B6A3-239DC189046A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{EBA3DB16-4CD8-4F78-BCA0-C3CACE637356}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8AE51FB-DFEF-4DE2-B06D-A47BCFBB0984}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"TCP Query User{1E290986-7261-4D82-B77F-D0CBC3583D84}C:\casino\casinoclub\casino.exe" = protocol=6 | dir=in | app=c:\casino\casinoclub\casino.exe |
"TCP Query User{272CE53E-8E56-46A5-9714-4BD6D6E86417}C:\program files\ppmate\ppmnet.exe" = protocol=6 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"TCP Query User{3579EF24-AD0B-449B-88A3-C87D19A483B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4619761E-D4FB-4D2F-8A1D-E59BBA74219C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{689F82ED-2A8F-45C5-9637-F220813E4DF6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B49E77BD-F341-4E45-B5B0-ADB4D1A77B55}C:\program files\sopcast\sopvod.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"TCP Query User{BE55E803-9152-47FA-8938-6A0969FE199C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D35764FD-3E4E-4E03-964D-D44504471817}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{D8BBAB34-4A15-43A5-9366-8C108715A8AB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DDDE2CB5-2A36-4994-BAA3-E6453AB3DFF7}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=6 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
"TCP Query User{E11B7525-6D36-405E-817E-562755C253E3}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EE9B2A86-04D4-404F-87F1-D90604E1007F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F7CE2338-5DE5-4DF3-AAFA-DAF5F28331F9}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{071EA504-ABD2-4578-967B-5D1AA4FA2675}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{139D2D4D-7CA1-4614-8276-15EE189AEE74}C:\casino\casinoclub\casino.exe" = protocol=17 | dir=in | app=c:\casino\casinoclub\casino.exe |
"UDP Query User{2D577611-DB7E-4FD0-9E2F-238CD12E4290}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{46096F92-E86A-4648-854F-BB60CF40C802}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{49DEE46F-3F92-4EC6-82CA-8BE5581B9994}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{6A55B53C-1E06-4892-BB00-C9689DB07E30}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6C032088-9F74-4EE9-BA41-79FDAD4A707A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7E74A7E0-0BF9-40F4-8275-D453687E2BDA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{89C0C0BB-6BCD-4ABC-ABF8-C9C28B3D7C88}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{97CDDE5F-9653-4476-A42B-7E79034773C7}C:\program files\ppmate\ppmnet.exe" = protocol=17 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"UDP Query User{A881B028-0AD1-4EC9-BE85-242607051691}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{ACF2BEAA-F31C-4A92-B2A2-970B9B58EE37}C:\program files\sopcast\sopvod.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"UDP Query User{FD7B0BA5-44A1-4D5D-81E4-E4840CB7911E}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=17 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF7480B8-0986-4D9A-8778-28F32BFC0AB0}" = AAVUpdateManager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Unternehmer 12.2.2.6665u" = ElsterFormular für Unternehmer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Erotic-Lounge Manager" = Erotic-Lounge Manager 1.0.1517
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5
"Free Video Dub_is1" = Free Video Dub version 1.8.10
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.18.305
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"JB Licon1 Updater" = JB Licon1 Updater
"Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.5
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"Videoload Manager" = Videoload Manager 1.0.1514
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinZip" = WinZip
"WordToPDF_is1" = WordToPDF 2.4
"Zero" = Zero-Buchhaltung
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2011 05:45:24 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:24 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:24 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:24 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:24 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:24 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:25 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:25 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:25 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2011 05:45:25 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 21.03.2011 03:10:06 | Computer Name = utti-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 24.02.2009 10:41:18 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19371
seconds with 12180 seconds of active time. This session ended with a crash.
Error - 07.07.2009 03:53:15 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:04 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:46 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 06:09:27 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:29:59 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:31:08 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.08.2009 16:33:24 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.12.2010 11:55:01 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 280
seconds with 240 seconds of active time. This session ended with a crash.
Error - 15.02.2011 06:31:12 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10466
seconds with 1500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.11.2011 05:16:24 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.11.2011 05:21:44 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 23.11.2011 05:40:07 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.11.2011 05:46:48 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 23.11.2011 05:46:48 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 23.11.2011 05:46:48 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 23.11.2011 05:46:48 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 23.11.2011 05:46:48 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 23.11.2011 05:46:48 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 23.11.2011 05:46:48 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
< End of report >
|
|
| Themen zu 100 Tan Trojaner |
| 0x00000001, 100 tan, acroiehelpe.dll, aufsetzen, avira, browser, crypt, dateien, detected, down, error, explorer, fatal error, frage, frame, helper, hotspot, icon, infizierte, löschen, malware.gen, microsoft, neu, neu aufsetzen, plug-in, popup, registry, registry cleaner, rogue.freeregistrycleanerforvista, secur, software, system, system neu, system neu aufsetzen, system32, tan, trojane, trojaner, virtual machine, vista |
Linear-Darstellung
