| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "ATRAPS.gen" und "ATRAPS.gen2" Trojaner FundWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.08.2012, 10:49
| #1 |
| |  "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund Hallo zusammen ich hoffe ihr könnt mir helfen siet heut Morgen tauchte plötzlich ein Virus Fund von Avira auf und meldete die Zwei Trojaner ATRAPS.gen und "".gen2. Ich hab gleich mal wie bei allen anderen Themen die Tests durchlaufen lassen sprich OTL und Malwarebytes. OTL.txt Code:
ATTFilter OTL logfile created on: 02.08.2012 11:31:49 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free 5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\TimTobias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\GbPlugin\gbpsv.exe ( ) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - c:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll () MOD - C:\Programme\Mozilla Firefox\js3250.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (GbpSv) -- C:\Programme\GbPlugin\gbpsv.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Driver Services (SafeList) ========== DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.145.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 19:45:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.06 16:56:36 | 000,000,000 | ---D | M] [2011.01.23 20:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Extensions [2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions [2011.01.23 20:09:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.18 22:02:49 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gabi\AppData\Roaming\mozilla\Firefox\Profiles\1glfvulm.default\extensions\battlefieldheroespatcher@ea.com [2012.07.18 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.07.18 21:59:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.12.28 19:41:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.06.06 16:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2010.11.12 12:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.12 12:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.12 12:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.12 12:45:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.01.16 02:03:23 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.01.13 00:00:37 | 000,000,000 | ---D | M] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0169DC82-20BB-43D7-9C30-B0DA25C3A568}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA7E0B6-A087-4954-92D6-2FA645EC1AF7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0E9E3E0-3468-44F4-8735-70FF3931833B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Programme\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\PermissionResearch [2012.07.28 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\THQ [2012.07.22 19:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.22 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012.07.18 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\Gabi\AppData\Local\PunkBuster [2012.07.18 23:28:19 | 000,000,000 | ---D | C] -- C:\Users\Gabi\Documents\Battlefield Heroes [2012.07.18 22:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012.07.12 09:38:41 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.12 09:35:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.12 09:35:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.12 09:35:10 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.12 09:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.12 09:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.12 09:35:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.12 09:35:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 19:08:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.10 20:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.07.10 20:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2010.11.03 10:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Gabi\AppData\Roaming\MinecraftSP.exe ========== Files - Modified Within 30 Days ========== [2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job [2012.08.02 10:55:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.02 10:49:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 10:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 10:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 10:48:57 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.02 10:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job [2012.07.22 19:20:28 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.07.18 23:48:36 | 000,139,080 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.18 23:48:27 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.07.18 22:53:04 | 000,138,056 | ---- | M] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys [2012.07.18 22:52:54 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.07.13 14:35:31 | 000,655,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.13 14:35:30 | 000,699,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.13 14:35:30 | 000,157,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.13 14:35:30 | 000,128,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.12 09:57:28 | 000,324,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.22 19:20:28 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.07.18 23:48:27 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2012.07.18 22:53:05 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.18 22:53:04 | 000,138,056 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\PnkBstrK.sys [2012.07.18 22:52:49 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.07.18 22:52:49 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.07.18 22:52:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.12.07 22:49:28 | 000,093,671 | ---- | C] () -- C:\Users\Gabi\AppData\Roaming\Uninstal.exe [2011.11.13 21:48:09 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.11.13 21:47:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.10.27 22:01:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011.09.26 21:53:01 | 000,000,639 | ---- | C] () -- C:\Windows\eReg.dat [2011.06.18 15:53:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.18 15:52:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.06 20:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.01.24 13:25:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.01.24 12:57:10 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.01.24 12:57:10 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.10.31 07:20:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.09.17 18:51:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.13 18:53:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.13 18:53:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.11 10:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.11 08:51:24 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.10.20 13:37:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.10.20 13:37:53 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008.10.20 13:37:52 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008.10.20 13:37:52 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.10.20 12:58:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.25 12:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 07:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 07:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 07:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 07:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 12:47:37 | 000,324,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 10:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 10:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.08.01 15:35:04 | 000,002,831 | ---- | C] () -- C:\Windows\wavemix.ini ========== LOP Check ========== [2011.12.15 18:55:55 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\.minecraft [2012.01.11 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\DAEMON Tools Lite [2011.11.12 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Easeware [2011.11.12 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\fltk.org [2011.09.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Leadertech [2012.07.03 10:21:30 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\LolClient [2012.05.04 06:51:51 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\Propellerhead Software [2012.06.17 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\uTorrent [2011.01.18 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\wxMozBrowserLib [2012.05.10 23:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gabi\AppData\Roaming\YoudaGames [2011.11.28 10:21:52 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job [2012.08.01 23:31:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001Core.job [2012.08.02 11:31:56 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-796801859-272985792-655912762-1001UA.job [2012.08.02 10:47:58 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\Windows\System32:EF87F1B4_Bb.gbp < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 11:31:49 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TimTobias\Desktop\Nette Progs\HiJackThis Hilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 57,52% Memory free
5,96 Gb Paging File | 4,70 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 14,21 Gb Free Space | 4,68% Space Free | Partition Type: NTFS
Drive D: | 152,92 Gb Total Space | 29,02 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
Computer Name: DERCOMPUTER | User Name: Gabi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1 -- [2012.01.13 00:00:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8B0B26-FFE6-4ECF-8298-FAA609342576}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1512EB15-60C0-49B2-9E99-C5E1AA49E3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F7D19CF-8C14-40C7-A8B5-10C7C64A6177}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31D7BAA4-BA38-4658-939E-7E44CA66549C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34D94C5E-6CF4-4FF0-8D74-34F4872A4F24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D8FAA36-EAEF-407B-ABF5-9DBB172149A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4ED82306-77B9-4275-95C5-F78AAE64573E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55CE7E2A-6A0B-419C-9AE4-49ECE309E4C1}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5809861F-42A1-4D62-B03B-5C1CA7879407}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B359E3A-DC14-4C0F-AE4A-3ED21DC60012}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66F66EC7-6B56-40A6-ABD2-1927E8AB473F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88DB133D-8FD7-49DD-9F0A-8CDE93EB9369}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{B384ACE6-62BC-4111-BDA0-8662B42B4C79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2DE4EAC-1C83-4399-A973-5D4E81CD1155}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D10EC664-C2B0-4AEF-913E-772EADC2E965}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D961EDCC-C6FB-41E4-AEAF-D1F7B3F36986}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E3FBDF1D-4938-4589-AA6F-3A9CB0A68757}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E44B06BF-5D13-4C1F-8818-73ED4E7CE463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F89769C0-96AA-4DF0-81D1-DE4010D76881}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F95014A7-6422-4E14-965E-9600C352B3C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FAB0312A-4B8E-40C9-9192-5F354BF378C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FB091B93-6B0A-4E9E-A130-DB813553F089}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ECDE24D-FC5B-4127-A1BB-D5D97E0F6588}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{161AAFC7-5028-49B7-BFE8-42B29BD054FF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{274A62D6-5858-4AA3-8E66-6C5D14DFC351}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{28C22EFD-DF7C-4CE4-884B-0ED50BD85229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29924917-17A2-4086-A372-BD4D22FA3FB0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A81C4F9-D67A-4F0A-8B80-BC674EC92AEA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2C9A92BB-EAE3-44CA-AB31-CA9AF3087FDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DBEEFB1-6993-499A-A374-C5D031758E19}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{4D856B98-6146-43A3-8702-F423D0F61367}" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"{4F5AFC8E-44FF-48ED-93AF-CB9D505C60F0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5011F880-A715-4C74-9062-B6F04E22E2E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{55DFB885-A669-4B23-85D5-E39A2C1B72B9}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{5A0D3E12-75DA-4732-9E75-033F069D7AAC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5A443BAE-2A02-46C5-9B42-3416730F594B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BF0AC86-618E-48E8-BA7D-4E3347A10C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0EBF5F-5327-41EC-ABB1-CDC7B988FC97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA39179-E25C-419C-8D61-FC4A7DF37E09}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{635C9861-3C11-4497-94AB-7B3D61FC1CB7}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{72988D27-8115-4873-9367-57CD44038BB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A3EEFA8-8744-4656-9A2E-F145A2315124}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDCF0C9-BE3E-4BDA-B01A-B47004D6A801}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{8146D948-5BAD-44A8-8F89-5D921176F3AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8295C084-2610-43BF-AFFD-BE99FBE775A0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8D2F7495-D886-4022-AD74-09AA63CCEDB5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8E01978C-70C5-4EA5-AF9B-EF5A6A17A573}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{94AA5E7B-33AF-44DA-8212-DBF26B972D90}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CDE3B11-F727-4C18-9302-9B59826E3936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3917432-99FA-4B0E-92BC-7B8F71451FE9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B6D80CBE-4FFC-468D-AFFB-43858CB40273}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B9365176-101D-40CE-99AA-C141EB26851E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BC0626C6-ADF7-4033-9716-38D818A32071}" = protocol=6 | dir=out | app=system |
"{BD485E64-E3A2-4EB6-8257-938669840A80}" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"{C156407D-1115-4D9A-A3F6-0EB939B27F61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C7B72D04-0138-4F32-BF9B-F20C7FBCAD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF964DCC-3BFA-444B-91E8-22F1EAE29226}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{D58B76A8-EFE8-4C00-A59C-9D86A21C3B7F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D69339DB-3F77-427C-9D96-43B00C439955}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D94EADB9-06ED-4F93-9F35-908C142D2828}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB0584F7-C39E-4C86-AD42-E42EBD26D245}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DBAA6259-CF4D-4E86-BFFC-A6119E16795D}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{E28C2411-862D-4615-88F7-CEA15B3F78CD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E39504C4-BE72-42C1-82D5-D3673723069A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0A94F50F-8626-47EF-B382-89BF7995ECDD}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"TCP Query User{0EF0ACD2-5DC4-4C48-96DD-3BB776C4C89F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3774265D-BC09-417E-9BAA-972C741048D8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{467DE04B-BD31-44EA-B53C-A1A9B9BF4E76}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{46BEB7B7-5F79-4691-98AF-03927CBEAA56}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe |
"TCP Query User{47BCE3A5-72D2-4509-85F0-E6E5E1EA5B6F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{50DA31AC-065B-462A-B086-EFF8CC7BAB2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{60DD221A-4AB9-47EA-A2FC-40D491336DB2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6C734ABE-0C82-405A-965D-16E1EE156A92}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{76C0570D-ADF4-4729-BAE3-3DC7C1ECF522}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{871A49B7-FAA2-45B9-8350-1937DFC80748}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{8D3A0D2C-9D55-49B7-904E-160FC09801E0}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"TCP Query User{966415D1-E67D-49CE-9FF9-096AEDF1D4B9}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"TCP Query User{9BAC6973-1E4E-4F34-A838-0F0368AFA828}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe |
"TCP Query User{9E53D579-4135-4F1E-A446-A515E6979189}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe |
"TCP Query User{A6BEB1A9-F5D0-4912-8C91-0C0B2350838A}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"TCP Query User{C275CBF3-3FAA-40F5-A5B7-2482859908F3}C:\program files\audiosurf\engine\questviewer.exe" = protocol=6 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"TCP Query User{E187C766-12E1-4648-B790-419B7715204E}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=6 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"TCP Query User{EF1E3FEA-F7DA-4E4E-96BE-96064B184907}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F891D6AA-6C19-4C89-BB4C-A2E2F5CC4FA3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FCCA50B1-05FD-4525-A783-55863C30DC0D}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=6 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{094577A3-94F8-418F-9838-D24E00679FB5}C:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\905deee008c840e0aba80974ef3b06cf\relicdownloader.exe |
"UDP Query User{1D60A1EA-A8E2-42F7-8461-B5F6240A8E3D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{28BABCA5-EC32-499B-9704-B390745551E7}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{3678918A-76CE-4FE8-9764-7DCC84D92EA0}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"UDP Query User{3682CD82-1806-4337-B253-4DE30352B0AA}C:\program files\audiosurf\engine\questviewer.exe" = protocol=17 | dir=in | app=c:\program files\audiosurf\engine\questviewer.exe |
"UDP Query User{4953406A-6C61-426B-ACB5-3CAC74284E09}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4A7D287B-F79F-4713-925C-7636F63E4F1B}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{4A900F4F-56E8-4C7F-9649-20F290F932F4}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4BBC645A-5C68-4F87-BDA3-CFB95F4C8E9F}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"UDP Query User{6896719B-28B5-4818-910C-31224730447A}D:\games\praetorians +mod\praetorians\praetorians.exe" = protocol=17 | dir=in | app=d:\games\praetorians +mod\praetorians\praetorians.exe |
"UDP Query User{78D224F1-8702-4044-AF40-8CDA759CAAD6}C:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\efda6c7eda5d424ea73d2df644900481\relicdownloader.exe |
"UDP Query User{9E21719A-0E5B-4722-9D31-0DBFE2420725}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A5CE583C-CCD0-4E9A-ACA9-4824083BE17C}C:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\roaming\icq\application\icq7.5\icq.exe |
"UDP Query User{BBE1723B-F277-4FE1-9737-9245C3EE3596}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{C72BAC74-9DB7-4AB1-A279-44876756F44A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DABD39E1-B7CD-406A-A7AC-EE408F466B10}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"UDP Query User{DBBE56E1-A8EC-459F-ADA1-5C6792770E0D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{DC2BEA43-F32C-4323-AF81-FE503FCA2A36}C:\users\timtobias\desktop\nette progs\utorrent.exe" = protocol=17 | dir=in | app=c:\users\timtobias\desktop\nette progs\utorrent.exe |
"UDP Query User{E8470E48-447E-4694-9F52-FEFF05E58A11}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E88A7570-C7EB-4F14-9DE9-1E382CABFF3C}C:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\temp\9f5671545fa140baae8736b640041bf2\relicdownloader.exe |
"UDP Query User{F4B34126-5377-48D1-8B08-81A08684C37B}C:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\timtobias\appdata\local\facebook\video\skype\facebookvideocalling.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C85B6A70-2ABB-4A31-8FD1-E183553A94F9}" = MoD ImperiaL v4.1
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D801B39E-CE01-409F-8E7C-B7976EA3C9DC}_is1" = Audiosurf
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DriverEasy_is1" = DriverEasy 3.11.0
"Eastern Front" = Eastern Front
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Minecraft 1.2.0_02" = Minecraft 1.2.0_02
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Picasa 3" = Picasa 3
"PONS Softwarekurs für Anfänger Portugiesisch" = PONS Softwarekurs für Anfänger Portugiesisch
"PunkBusterSvc" = PunkBuster Services
"Reason5_is1" = Reason 5.0
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Gabi)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.10.2011 01:19:50 | Computer Name = DERComputer | Source = System Restore | ID = 8193
Description =
Error - 03.10.2011 01:23:42 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05, Prozess-ID 0x1484, Anwendungsstartzeit
01cc818c9c11149d.
Error - 03.10.2011 01:24:06 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05, Prozess-ID 0x16cc, Anwendungsstartzeit
01cc818caacfa5ad.
Error - 03.10.2011 01:24:12 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mb_warband.exe, Version 1.0.0.0, Zeitstempel
0x4bb1ab6e, fehlerhaftes Modul mb_warband.exe, Version 1.0.0.0, Zeitstempel 0x4bb1ab6e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00200c05, Prozess-ID 0x750, Anwendungsstartzeit
01cc818cae3a6efd.
Error - 03.10.2011 02:04:43 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
Error - 03.10.2011 09:48:50 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
Error - 04.10.2011 12:47:14 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
Error - 04.10.2011 13:20:39 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
0xc0000005, Fehleroffset 0x0000fa77, Prozess-ID 0x484, Anwendungsstartzeit 01cc82b54fabe0a2.
Error - 04.10.2011 13:32:18 | Computer Name = DERComputer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung stdrt.exe, Version 3.0.239.0, Zeitstempel 0x4462f982,
fehlerhaftes Modul oggflt.sft, Version 1.0.1.0, Zeitstempel 0x4460ff48, Ausnahmecode
0xc0000005, Fehleroffset 0x00016300, Prozess-ID 0x1580, Anwendungsstartzeit 01cc82b9f6b96492.
Error - 05.10.2011 09:17:56 | Computer Name = DERComputer | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.08.2012 05:44:35 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 02.08.2012 05:46:14 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:46:29 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.6 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:46:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.7 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:49:42 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.8 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:49:51 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.08.2012 05:50:00 | Computer Name = DERComputer | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00238B55C2FD zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 02.08.2012 06:50:38 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7023
Description =
Error - 02.08.2012 06:51:43 | Computer Name = DERComputer | Source = Service Control Manager | ID = 7024
Description =
Error - 02.08.2012 07:10:04 | Computer Name = DERComputer | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
00238B55C2FD wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
< End of report >
Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 TimTobias :: DERCOMPUTER [limited] 02.08.2012 11:22:34 mbam-log-2012-08-02 (11-22-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 167506 Time elapsed: 5 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\PermissionResearch (Spyware.PermissionResearch) -> Delete on reboot. Files Detected: 4 C:\Program Files\PermissionResearch\prls.dll (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prls64.dll (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prmrsr64.exe (Spyware.PermissionResearch) -> Delete on reboot. C:\Program Files\PermissionResearch\prservice.exe (Spyware.PermissionResearch) -> Delete on reboot. (end) Ich hoffe es ist nichts schlimmes, wisst ihr was der ATRAPS Trojaner genau macht ?? Ich hab gesehen ihr hattet das Probelm ja schon öfter hier im Forum. Danke im vorraus schonmal und nen Lieben Gruß, Tim. |
| Themen zu "ATRAPS.gen" und "ATRAPS.gen2" Trojaner Fund |
| 7-zip, antivir, avira, bho, desktop, error, excel, firefox, flash player, helper, hijack, hijackthis, home, install.exe, jdownloader, league of legends, logfile, norman, object, office 2007, plug-in, realtek, registry, scan, security, senden, software, spyware.permissionresearch, svchost.exe, trojaner, virus, vista, visual studio |
Baum-Darstellung