Log-Analyse und Auswertung: GVU Trojaner 2.07 auf Windows VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.
GVU Trojaner 2.07 auf Windows Vista Hallo, auch ich habe mir leider einen GVU Trojaner eingefangen und möchte Euch um Hilfe bitten. Der Anleitung auf Trojaner Board bin ich gefolgt und habe die Log Files angehängt.OTL Logfile:
ATTFilter OTL logfile created on: 23.10.2012 21:10:30 - Run 4 OTL by OldTimer - Version Folder = C:\Users\Arian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,08% Memory free 4,23 Gb Paging File | 2,45 Gb Available in Paging File | 57,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,21 Gb Total Space | 8,59 Gb Free Space | 6,75% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,28 Gb Free Space | 62,84% Space Free | Partition Type: NTFS Drive G: | 11,75 Gb Total Space | 1,98 Gb Free Space | 16,87% Space Free | Partition Type: NTFS Computer Name: VW | User Name: Arian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe PRC - [2012.10.12 12:27:54 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012.10.11 22:15:43 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.23 15:16:44 | 001,193,176 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.08.08 21:04:06 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe PRC - [2007.01.12 10:51:28 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 22:15:52 | 002,111,456 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll MOD - [2012.10.11 22:15:50 | 000,157,664 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll MOD - [2012.10.11 22:15:50 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2012.09.22 19:24:34 | 000,008,704 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Thunderbird\Profiles\hayg3c5x.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll MOD - [2012.08.23 15:16:44 | 001,193,176 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2012.10.12 12:27:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.11 22:15:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.06 19:19:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.08.10 15:22:38 | 002,200,832 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe -- (acssrv) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.15 11:55:14 | 000,431,384 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.11.07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\pcouffin.sys -- (pcouffin) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arian\AppData\Local\Temp\fxldypow.sys -- (fxldypow) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 10:58:24 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.08.19 17:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.06.15 15:21:16 | 000,338,520 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore) DRV - [2011.06.15 15:21:12 | 000,084,312 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt) DRV - [2011.06.15 15:21:10 | 000,078,656 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt) DRV - [2011.06.15 15:21:04 | 000,764,880 | ---- | M] (Agnitum Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox) DRV - [2011.03.28 19:53:12 | 000,033,880 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw) DRV - [2011.02.02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT) DRV - [2011.01.14 20:11:15 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vaxscsi.sys -- (vaxscsi) DRV - [2011.01.05 21:18:25 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2011.01.05 21:18:25 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2011.01.05 21:18:07 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2011.01.05 21:17:56 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2010.12.02 23:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2010.09.28 13:03:09 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07) DRV - [2010.09.28 13:03:09 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06) DRV - [2010.09.28 13:03:09 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05) DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04) DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03) DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02) DRV - [2010.09.28 13:03:09 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01) DRV - [2010.02.19 17:56:18 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2010.02.19 17:56:18 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2009.09.02 15:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.04.23 11:42:08 | 000,564,088 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700) DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.02.17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2008.03.17 18:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX) DRV - [2007.10.04 22:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.02.08 07:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2006.12.08 14:02:50 | 000,275,072 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDvid.sys -- (APL531) DRV - [2006.11.20 21:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.20 21:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.20 21:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.16 16:01:42 | 000,024,192 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camfilt.sys -- (camfilt) DRV - [2006.11.12 01:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.10.30 19:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006.08.17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv) DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2004.09.29 12:45:08 | 000,026,356 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\I-magic.sys -- (TACXDEV) DRV - [2004.07.26 11:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070405 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&ie=UTF-8 IE - HKCU\..\SearchScopes,DefaultScope = {BD7AF474-87E6-4D84-91DB-6E20CABD2968} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60342 IE - HKCU\..\SearchScopes\{624F85FF-C226-4D55-BEDB-9947BC90BD07}: "URL" = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_deDE321 IE - HKCU\..\SearchScopes\{BD7AF474-87E6-4D84-91DB-6E20CABD2968}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Arian\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.26 14:38:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Arian\Program Files\DNA [2009.02.19 17:02:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M] [2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions [2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008.05.22 11:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.10.14 22:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions [2010.04.29 09:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.04 01:30:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.09.18 20:52:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2007.09.25 23:13:09 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2009.11.10 23:07:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\firefox@tvunetworks.com [2012.09.15 18:00:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\ich@maltegoetz.de [2011.11.24 19:57:12 | 000,079,365 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\anticontainer@downthemall.net.xpi [2012.10.14 22:41:15 | 000,340,281 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.10.11 15:02:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.30 14:38:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.15 17:11:04 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.10.14 22:37:03 | 000,000,944 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\searchplugins\icqplugin.xml [2012.10.12 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.10.12 16:07:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.10.12 16:07:15 | 000,000,000 | ---D | M] ("Yummy CONDUIT Player") -- C:\Program Files\Mozilla Firefox\extensions\YPlayer@yummy.net [2012.10.12 16:07:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.10.12 16:07:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 16:07:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2012.10.12 16:07:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.12 16:07:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.12 16:07:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.12 16:07:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe (Agnitum Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" File not found O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [TomTom] C:\Users\Arian\AppData\Roaming\E80161\E80161.exe () O4 - HKCU..\Run: [Xileobmyw] C:\Users\Arian\AppData\Roaming\Gybaz\dulik.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) F3 - HKCU WinNT: Load - (C:\Users\Arian\LOCALS~1\Temp\mswgqqq.com) - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAF018CD-C243-4E7B-B0DC-380877BB67CA}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00ED8B3-C96D-49B1-8E48-CCA13BA1D7AE}: DhcpNameServer = O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook.dll (Agnitum Ltd.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{67292b95-71da-11dc-b0aa-0019b96596e7}\Shell\AutoRun\command - "" = H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O33 - MountPoints2\{774f485d-1ef3-11de-bd00-0019b96596e7}\Shell - "" = AutoRun O33 - MountPoints2\{774f485d-1ef3-11de-bd00-0019b96596e7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{a174a8e7-10de-11dc-9ef3-0019b96596e7}\Shell\AutoRun\command - "" = .\Recycled\Driveinfo.exe O33 - MountPoints2\{a174a8e7-10de-11dc-9ef3-0019b96596e7}\Shell\Open\Command - "" = .\Recycled\Driveinfo.exe O33 - MountPoints2\{e7f5ca22-bfb1-11e0-966f-0019b96596e7}\Shell - "" = AutoRun O33 - MountPoints2\{e7f5ca22-bfb1-11e0-966f-0019b96596e7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SsiEfr.exe) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.22 19:41:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe [2012.10.16 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Malwarebytes [2012.10.16 21:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.16 21:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.16 21:42:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.16 21:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.16 21:01:43 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\CrashDumps [2012.10.16 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Rouvez [2012.10.16 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Gybaz [2012.10.16 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Eguc [2012.10.15 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Ubma [2012.10.15 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Qiyq [2012.10.15 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Qalium [2012.10.15 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Arian\Local Settings [2012.10.12 16:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.12 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\Arian\Desktop\Medizinbücher [2012.09.27 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Avira [2012.09.27 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.27 17:51:38 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.27 17:51:38 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.09.27 17:51:38 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.09.25 22:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2012.09.25 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch [2012.09.25 22:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink DE [2012.09.25 22:20:45 | 000,000,000 | ---D | C] -- C:\Users\Arian\Documents\Alcohol 120% [2012.09.25 22:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith [2012.09.25 22:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared [2012.09.25 22:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith [2012.09.24 22:13:09 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\TechSmith [2012.09.24 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\TechSmith [2012.09.24 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Arian\Documents\Camtasia Studio [2012.09.24 17:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2008.01.26 22:17:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Arian\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.23 21:11:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.23 21:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.23 20:51:16 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 20:51:16 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 20:42:32 | 000,302,592 | ---- | M] () -- C:\Users\Arian\Desktop\g59dx8n2.exe [2012.10.23 19:58:34 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.23 18:53:15 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.001 [2012.10.23 18:51:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.23 18:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe [2012.10.22 19:13:01 | 000,000,020 | ---- | M] () -- C:\Users\Arian\defogger_reenable [2012.10.22 19:10:57 | 000,050,477 | ---- | M] () -- C:\Users\Arian\Desktop\Defogger.exe [2012.10.17 19:27:35 | 000,213,504 | ---- | M] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.16 20:15:19 | 000,000,047 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\msconfig.ini [2012.10.09 22:34:56 | 000,304,389 | ---- | M] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf [2012.10.08 18:36:33 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.25 22:07:35 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk [2012.09.24 21:18:15 | 000,843,844 | ---- | M] () -- C:\Users\Arian\Desktop\bend_u.pdf [2012.09.24 16:45:30 | 000,060,864 | ---- | M] () -- C:\Users\Arian\g2mdlhlpx.exe [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.23 20:42:06 | 000,302,592 | ---- | C] () -- C:\Users\Arian\Desktop\g59dx8n2.exe [2012.10.22 19:12:02 | 000,000,020 | ---- | C] () -- C:\Users\Arian\defogger_reenable [2012.10.22 19:10:56 | 000,050,477 | ---- | C] () -- C:\Users\Arian\Desktop\Defogger.exe [2012.10.16 21:42:52 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 20:40:44 | 000,000,047 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\msconfig.ini [2012.10.09 22:34:51 | 000,304,389 | ---- | C] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf [2012.09.25 22:07:35 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk [2012.09.24 21:18:12 | 000,843,844 | ---- | C] () -- C:\Users\Arian\Desktop\bend_u.pdf [2012.09.23 10:14:33 | 000,060,864 | ---- | C] () -- C:\Users\Arian\g2mdlhlpx.exe [2012.02.05 11:32:53 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2012.02.05 11:32:06 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini [2012.02.05 11:29:49 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2012.02.05 11:29:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2012.02.05 11:29:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2012.02.05 11:29:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2012.01.11 09:54:41 | 000,097,792 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\msconfig.dat [2011.09.10 14:14:48 | 000,000,261 | ---- | C] () -- C:\ProgramData\lxdi [2011.06.17 18:09:28 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.05.17 21:45:15 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe [2011.04.12 20:21:56 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini [2010.08.04 16:45:55 | 000,019,456 | ---- | C] () -- C:\Users\Arian\AppData\Local\WebpageIcons.db [2009.12.22 18:11:09 | 000,000,701 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\init.dll [2009.12.22 18:11:09 | 000,000,006 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\SYSTEM32.dll [2009.12.22 18:11:06 | 000,000,701 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\sound.dll [2008.05.14 17:59:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.01.26 22:17:42 | 000,087,608 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\inst.exe [2008.01.26 22:17:42 | 000,007,887 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.cat [2008.01.26 22:17:42 | 000,001,144 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.inf [2008.01.23 19:26:12 | 000,000,093 | ---- | C] () -- C:\Users\Arian\AppData\Local\fusioncache.dat [2007.11.23 19:17:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.08.19 18:57:10 | 000,007,268 | ---- | C] () -- C:\Users\Arian\AppData\Local\d3d9caps.dat [2007.05.04 20:25:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.04.29 13:34:35 | 000,000,040 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\.zreglib [2007.04.29 11:27:33 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib [2007.04.27 21:41:09 | 000,022,869 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\UserTile.png [2007.04.24 21:43:52 | 000,000,020 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\anzds [2007.04.12 22:41:43 | 000,000,114 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\wklnhst.dat [2007.04.12 22:29:26 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.001 [2007.04.12 20:10:43 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat [2007.04.12 18:01:59 | 000,213,504 | ---- | C] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-2617123096-2108651821-2447131207-1000\$a0b26d9b9a24ea4ea452b72e1356577e\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.07.04 20:45:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\.pknowledge [2011.12.20 11:25:57 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Agnitum [2012.03.28 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Amazon [2010.12.28 01:10:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Armagetron [2011.12.09 10:36:04 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ASCOMP Software [2011.12.22 11:43:46 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ashampoo [2010.12.25 20:55:24 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Azureus [2010.12.25 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\BitTorrent [2012.09.18 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\BOM [2010.08.09 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Canneverbe Limited [2009.05.20 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ciclo [2011.12.22 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2007.05.12 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\concept design [2008.06.18 10:37:17 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Crossword Compiler Deutsch 8 [2011.12.25 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DAEMON Tools Lite [2010.12.09 10:00:07 | 000,000,000 | RHSD | M] -- C:\Users\Arian\AppData\Roaming\dll [2008.08.30 11:01:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DNA [2011.05.04 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Downloaded Installations [2008.05.01 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\drms [2012.10.17 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Dropbox [2010.04.28 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.02 17:57:31 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Dyyzy [2009.04.11 08:28:17 | 000,000,000 | -HSD | M] -- C:\Users\Arian\AppData\Roaming\E80161 [2012.10.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Eguc [2012.10.09 19:51:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\EndNote [2011.08.06 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\GHISLER [2010.06.28 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\GlarySoft [2008.01.26 23:44:11 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\gtk-2.0 [2012.10.22 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Gybaz [2010.02.08 10:20:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ICQ [2007.04.12 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ICQLite [2009.11.20 16:22:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ImgBurn [2011.12.25 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Leadertech [2011.10.01 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Lexmark Productivity Studio [2007.08.10 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\LimeWire [2011.12.14 19:04:12 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\LowRateVoip [2011.08.28 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\mkvtoolnix [2011.05.04 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Nitro PDF [2007.09.20 20:05:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\PeerNetworking [2012.10.15 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Qalium [2012.10.15 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Qiyq [2012.10.16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Rouvez [2011.03.19 23:23:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Rovio [2011.09.05 11:58:20 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\SanDisk [2011.05.15 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Simfy [2011.03.19 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Similarity [2007.04.29 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\SlySoft [2010.08.12 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Sports Interactive [2012.10.23 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Spotify [2010.03.11 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Tacx [2012.09.24 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TechSmith [2012.07.17 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Teleca [2007.04.26 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Template [2012.07.17 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TerraTec [2010.03.25 10:29:40 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TheFixerUpper [2010.06.30 10:35:02 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Thunderbird [2007.09.14 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TomTom [2010.08.11 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TS3Client [2007.04.22 10:57:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TuneUp Software [2012.10.15 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ubma [2011.11.18 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Unity [2008.01.26 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Vso [2011.02.14 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Windows Live Writer [2011.08.28 19:55:25 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\XMedia Recode [2010.03.25 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\XWindows Dock [2010.01.23 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\YCanPDF [2011.12.29 12:00:17 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Zavy ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Meine Projekte:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Hercules webcam:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Eigene Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C39E55C5 < End of report > Geändert von Horstmann (25.10.2012 um 15:17 Uhr) |
![]() | #2 | |
GVU Trojaner 2.07 auf Windows Vista
ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
![]() | #3 |
GVU Trojaner 2.07 auf Windows Vista Hallo Cosinus,
__________________ersteinmal vielen Dank für die schnelle Antwort und die Hilfe. Hier die Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-25.01 - Arian 25.10.2012 16:32:05.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1071 [GMT 2:00] ausgeführt von:: c:\users\Arian\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E} FW: Outpost Security Suite Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Outpost Security Suite Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\INSTALL.LOG c:\users\Arian\AppData\Roaming\dll c:\users\Arian\AppData\Roaming\init.dll c:\users\Arian\AppData\Roaming\inst.exe c:\users\Arian\AppData\Roaming\msconfig.dat c:\users\Arian\AppData\Roaming\msconfig.ini c:\users\Arian\AppData\Roaming\Qiyq c:\users\Arian\AppData\Roaming\Qiyq\beci.exe c:\users\Arian\AppData\Roaming\sound.dll c:\users\Arian\AppData\Roaming\SYSTEM32.dll c:\users\Arian\g2mdlhlpx.exe c:\windows\IsUn0407.exe c:\windows\iun6002.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\drivers\~GLH0014.TMP c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\unin0407.exe G:\Setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-25 bis 2012-10-25 )))))))))))))))))))))))))))))) . . 2012-10-25 14:54 . 2012-10-25 14:56 -------- d-----w- c:\users\Arian\AppData\Local\temp 2012-10-25 14:54 . 2012-10-25 14:54 -------- d-----w- c:\users\SVEN~2.FIE\AppData\Local\temp 2012-10-25 14:54 . 2012-10-25 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\users\Arian\AppData\Roaming\Malwarebytes 2012-10-16 19:42 . 2012-10-16 19:42 -------- d-----w- c:\programdata\Malwarebytes 2012-10-16 19:42 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-16 19:42 . 2012-10-23 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-16 19:01 . 2012-10-16 19:01 -------- d-----w- c:\users\Arian\AppData\Local\CrashDumps 2012-10-16 18:10 . 2012-10-16 18:10 -------- d-----w- c:\users\Arian\AppData\Roaming\Rouvez 2012-10-16 18:10 . 2012-10-22 17:02 -------- d-----w- c:\users\Arian\AppData\Roaming\Gybaz 2012-10-16 18:10 . 2012-10-22 16:54 -------- d-----w- c:\users\Arian\AppData\Roaming\Eguc 2012-10-15 18:40 . 2012-10-15 18:40 -------- d-----w- c:\users\Arian\AppData\Roaming\Ubma 2012-10-15 18:40 . 2012-10-15 18:40 -------- d-----w- c:\users\Arian\AppData\Roaming\Qalium 2012-10-11 13:14 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-11 13:14 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-11 13:14 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-11 13:14 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-11 13:14 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-11 13:13 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-11 13:13 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-09-27 16:06 . 2012-09-27 16:06 -------- d-----w- c:\users\Arian\AppData\Roaming\Avira 2012-09-27 15:51 . 2012-09-24 07:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-09-27 15:51 . 2012-09-13 08:58 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-09-27 15:51 . 2012-09-13 08:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-09-27 15:51 . 2012-09-27 15:51 -------- d-----w- c:\programdata\Avira 2012-09-27 15:51 . 2012-09-27 15:51 -------- d-----w- c:\program files\Avira 2012-09-25 20:30 . 2012-09-25 20:30 -------- d-----w- c:\programdata\DVD Shrink 2012-09-25 20:30 . 2012-09-25 20:30 -------- d-----w- c:\program files\DVD Shrink DE 2012-09-25 20:06 . 2012-09-25 20:06 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2012-09-25 20:06 . 2012-09-25 20:06 -------- d-----w- c:\program files\TechSmith . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 10:27 . 2012-04-09 09:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-12 10:27 . 2011-05-16 10:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-30 08:17 . 2012-09-25 11:05 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDBDF63C-A98C-4B67-9864-A66B56BBCCCD}\mpengine.dll 2012-08-24 06:59 . 2012-09-22 10:11 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-22 10:11 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-22 10:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 10:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 10:11 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-22 10:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-21 11:01 . 2012-09-18 18:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 11:01 . 2009-09-10 21:14 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-08-07 07:40 . 2012-08-07 07:40 231424 ----a-w- c:\windows\system32\tsc2_codec32.dll 2009-05-01 21:02 . 2012-10-12 14:07 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2012-10-12 14:07 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-10-12 14:07 . 2012-10-12 14:07 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost] @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}] 2011-07-13 20:22 287872 ----a-w- c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] "Spotify Web Helper"="c:\users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-14 68856] "TomTom"="c:\users\Arian\AppData\Roaming\E80161\E80161.exe" [2009-04-11 92160] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016] "SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-08-10 3138632] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-08-08 70656] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk] backup=c:\windows\pss\p6_19_erinnerung.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase6_Erinnerung.lnk] backup=c:\windows\pss\phase6_Erinnerung.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2009-06-15 09:55 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2009-06-15 11:29 906968 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2006-11-17 21:13 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nike+ Connect] 2012-08-08 19:04 70656 ----a-w- c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch] 2011-09-05 09:58 79872 ----a-w- c:\users\Arian\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-07-14 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2009-06-15 11:27 1352584 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "ehTray.exe"=c:\windows\ehome\ehTray.exe "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions "WinampAgent"="c:\program files\Winamp\winampa.exe" "USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [x] S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [x] S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [x] S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [x] S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - fxldypow . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache hpdevmgmt REG_MULTI_SZ hpqcxs08 . Inhalt des "geplante Tasks" Ordners . 2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:27] . 2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31] . 2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ig?hl=de&ie=UTF-8 uInternet Settings,ProxyOverride = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local TCP: DhcpNameServer = FF - ProfilePath - c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2012-09-02 20:03; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: !HIDDEN! 2007-04-22 14:44; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - ExtSQL: !HIDDEN! 2009-07-05 00:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file) HKCU-Run-Remote Control Editor - c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe HKCU-Run-Xileobmyw - c:\users\Arian\AppData\Roaming\Gybaz\dulik.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe MSConfigStartUp-mRouterConfig - c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe MSConfigStartUp-Remote Control Editor - c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-10-25 16:56 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\SecuROM\License information*] "datasecu"=hex:8f,48,ff,e8,bf,ef,28,69,cb,5d,1e,92,11,d8,4f,a3,4f,fe,7e,8c,3c, df,b9,13,69,53,0d,ff,f2,46,fc,cc,1e,35,f5,06,66,61,b1,b0,22,18,39,57,2d,47,\ "rkeysecu"=hex:5a,bd,20,c1,2b,f7,a8,c6,88,df,33,9c,e7,64,07,3f . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{294b689e-f136-4107-a481-4d9131633067}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07020054 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2c4c750b-fd49-42d1-9920-6ecc3333069c}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:15000000 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3532d115-b517-4df5-9124-b48af07f3135}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:15000000 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07001422 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a05ba2b6-9130-44de-977b-09ae3ee87fcf}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:12000000 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a33c83ec-42c0-475c-b5f5-a3ee94a74569}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:11000000 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{baf018cd-c243-4e7b-b0dc-380877bb67ca}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0c0019b9 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c16056d0-d12e-4856-8b23-01b144b2e453}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0c001372 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ddc2bfa1-eccc-4499-9ce7-237580558d16}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:10000000 "Dhcpv6State"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f00ed8b3-c96d-49b1-8e48-cca13ba1d7ae}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0a0019d2 "Dhcpv6State"=dword:00000000 "Dhcpv6InterfaceOptions"=hex:02,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,00, ff,ff,ff,7f,00,01,00,01,0d,d5,73,bd,00,16,e3,cf,3b,42,00,00,17,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:06001422 "Dhcpv6State"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(972) c:\progra~1\agnitum\outpos~1\wl_hook.dll . - - - - - - - > 'lsass.exe'(840) c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\windows\system32\relog_ap.dll . Zeit der Fertigstellung: 2012-10-25 17:03:41 ComboFix-quarantined-files.txt 2012-10-25 15:03 . Vor Suchlauf: Bytes frei Nach Suchlauf: 7.261.376.512 Bytes frei . - - End Of File - - C6ACADFED567141162E7A0EF650DBCAD |
![]() | #4 |
GVU Trojaner 2.07 auf Windows Vista Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.
ATTFilter Folder:: c:\users\Arian\AppData\Roaming\Rouvez c:\users\Arian\AppData\Roaming\Gybaz c:\users\Arian\AppData\Roaming\Eguc c:\users\Arian\AppData\Roaming\Ubma c:\users\Arian\AppData\Roaming\Qalium C:\Users\Arian\AppData\Roaming\E80161 C:\$Recycle.Bin\S-1-5-21-2617123096-2108651821-2447131207-1000\$a0b26d9b9a24ea4ea452b72e1356577e Registry:: [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] ""=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTom"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] "BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. ![]() 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #5 |
GVU Trojaner 2.07 auf Windows Vista Hallo Cosinus, vielen Dank für deine Zeit und Mühe. Nachfolgend die Log Datei, die ich nach deiner Anleitung erstellt habe: Combofix Logfile:
ATTFilter ComboFix 12-10-25.02 - Arian 26.10.2012 9:07.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1078 [GMT 2:00] ausgeführt von:: c:\users\Arian\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Arian\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E} FW: Outpost Security Suite Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Outpost Security Suite Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Arian\AppData\Roaming\E80161 c:\users\Arian\AppData\Roaming\E80161\E80161.exe c:\users\Arian\AppData\Roaming\Eguc c:\users\Arian\AppData\Roaming\Eguc\uteb.tmp c:\users\Arian\AppData\Roaming\Eguc\uteb.zyu c:\users\Arian\AppData\Roaming\Gybaz c:\users\Arian\AppData\Roaming\Qalium c:\users\Arian\AppData\Roaming\Qalium\fezu.oho c:\users\Arian\AppData\Roaming\Qalium\fezu.tmp c:\users\Arian\AppData\Roaming\Rouvez c:\users\Arian\AppData\Roaming\Rouvez\ofder.zue c:\users\Arian\AppData\Roaming\Ubma c:\users\Arian\AppData\Roaming\Ubma\yzgy.exd . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-26 bis 2012-10-26 )))))))))))))))))))))))))))))) . . 2012-10-26 07:25 . 2012-10-26 07:26 -------- d-----w- c:\users\Arian\AppData\Local\temp 2012-10-26 07:25 . 2012-10-26 07:25 -------- d-----w- c:\users\SVEN~2.FIE\AppData\Local\temp 2012-10-26 07:25 . 2012-10-26 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-16 19:44 . 2012-10-16 19:44 -------- d-----w- c:\users\Arian\AppData\Roaming\Malwarebytes 2012-10-16 19:42 . 2012-10-16 19:42 -------- d-----w- c:\programdata\Malwarebytes 2012-10-16 19:42 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-16 19:42 . 2012-10-23 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-16 19:01 . 2012-10-16 19:01 -------- d-----w- c:\users\Arian\AppData\Local\CrashDumps 2012-10-11 13:14 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-11 13:14 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-11 13:14 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-11 13:14 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-11 13:14 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-11 13:13 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-11 13:13 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-09-27 16:06 . 2012-09-27 16:06 -------- d-----w- c:\users\Arian\AppData\Roaming\Avira 2012-09-27 15:51 . 2012-09-24 07:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-09-27 15:51 . 2012-09-13 08:58 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-09-27 15:51 . 2012-09-13 08:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-09-27 15:51 . 2012-09-27 15:51 -------- d-----w- c:\programdata\Avira 2012-09-27 15:51 . 2012-09-27 15:51 -------- d-----w- c:\program files\Avira . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 10:27 . 2012-04-09 09:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-12 10:27 . 2011-05-16 10:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-30 08:17 . 2012-09-25 11:05 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDBDF63C-A98C-4B67-9864-A66B56BBCCCD}\mpengine.dll 2012-08-24 06:59 . 2012-09-22 10:11 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-22 10:11 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-22 10:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 10:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 10:11 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-22 10:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-21 11:01 . 2012-09-18 18:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 11:01 . 2009-09-10 21:14 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-08-07 07:40 . 2012-08-07 07:40 231424 ----a-w- c:\windows\system32\tsc2_codec32.dll 2009-05-01 21:02 . 2012-10-12 14:07 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2012-10-12 14:07 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-10-12 14:07 . 2012-10-12 14:07 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost] @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}] 2011-07-13 20:22 287872 ----a-w- c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] "Spotify Web Helper"="c:\users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-14 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016] "SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-08-10 3138632] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-08-08 70656] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0\0\0 . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk] backup=c:\windows\pss\p6_19_erinnerung.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase6_Erinnerung.lnk] backup=c:\windows\pss\phase6_Erinnerung.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2009-06-15 09:55 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2009-06-15 11:29 906968 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2006-11-17 21:13 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nike+ Connect] 2012-08-08 19:04 70656 ----a-w- c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch] 2011-09-05 09:58 79872 ----a-w- c:\users\Arian\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-07-14 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2009-06-15 11:27 1352584 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "ehTray.exe"=c:\windows\ehome\ehTray.exe "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions "WinampAgent"="c:\program files\Winamp\winampa.exe" "USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [x] S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [x] S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [x] S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [x] S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache hpdevmgmt REG_MULTI_SZ hpqcxs08 . Inhalt des "geplante Tasks" Ordners . 2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:27] . 2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31] . 2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ig?hl=de&ie=UTF-8 uInternet Settings,ProxyOverride = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local TCP: DhcpNameServer = FF - ProfilePath - c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2012-09-02 20:03; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: !HIDDEN! 2007-04-22 14:44; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - ExtSQL: !HIDDEN! 2009-07-05 00:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-10-26 09:26 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\SecuROM\License information*] "datasecu"=hex:8f,48,ff,e8,bf,ef,28,69,cb,5d,1e,92,11,d8,4f,a3,4f,fe,7e,8c,3c, df,b9,13,69,53,0d,ff,f2,46,fc,cc,1e,35,f5,06,66,61,b1,b0,22,18,39,57,2d,47,\ "rkeysecu"=hex:5a,bd,20,c1,2b,f7,a8,c6,88,df,33,9c,e7,64,07,3f . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(840) c:\windows\system32\relog_ap.dll . Zeit der Fertigstellung: 2012-10-26 09:31:39 ComboFix-quarantined-files.txt 2012-10-26 07:31 ComboFix2.txt 2012-10-25 15:03 . Vor Suchlauf: 6.841.143.296 Bytes frei Nach Suchlauf: 7.778.701.312 Bytes frei . - - End Of File - - D2EF88AC487D9770281053C1A476C480 |
![]() | #6 |
GVU Trojaner 2.07 auf Windows Vista
ATTFilter AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
__________________ --> GVU Trojaner 2.07 auf Windows Vista |
![]() | #7 |
GVU Trojaner 2.07 auf Windows Vista hallo, hab outpost gekickt. soll ich jetzt nochmal die logfile neu erstellen? vielen dank!!!
![]() | #8 |
GVU Trojaner 2.07 auf Windows Vista Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #9 |
GVU Trojaner 2.07 auf Windows Vista Hallo, hab alles so gemacht wie du gesagt hast.Anbei poste ich jetzt den Report des Tools: Vielen Dank!!! Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:56:53.0311 2276 ============================================================ 14:56:53.0311 2276 \Device\Harddisk0\DR0: 14:56:53.0521 2276 MBR partitions: 14:56:53.0521 2276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000 14:56:53.0521 2276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0xFE69800 14:56:53.0549 2276 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x112943C1, BlocksNum 0x178083F 14:56:53.0549 2276 ============================================================ 14:56:53.0751 2276 C: <-> \Device\Harddisk0\DR0\Partition2 14:56:53.0886 2276 D: <-> \Device\Harddisk0\DR0\Partition1 14:56:54.0224 2276 G: <-> \Device\Harddisk0\DR0\Partition3 14:56:54.0225 2276 ============================================================ 14:56:54.0225 2276 Initialize success 14:56:54.0225 2276 ============================================================ 14:58:22.0792 2560 ============================================================ 14:58:22.0792 2560 Scan started 14:58:22.0792 2560 Mode: Manual; SigCheck; TDLFS; 14:58:22.0792 2560 ============================================================ 14:58:27.0786 2560 ================ Scan system memory ======================== 14:58:27.0786 2560 System memory - ok 14:58:27.0788 2560 ================ Scan services ============================= 14:58:30.0283 2560 [ 9AD3AC19F5A9968DB4297C4319D7CDDB ] acedrv01 C:\Windows\system32\drivers\acedrv01.sys 14:58:30.0478 2560 acedrv01 ( UnsignedFile.Multi.Generic ) - warning 14:58:30.0478 2560 acedrv01 - detected UnsignedFile.Multi.Generic (1) 14:58:30.0568 2560 [ E00A398C09A6515769A4BC39E91064EB ] acedrv02 C:\Windows\system32\drivers\acedrv02.sys 14:58:30.0705 2560 acedrv02 ( UnsignedFile.Multi.Generic ) - warning 14:58:30.0705 2560 acedrv02 - detected UnsignedFile.Multi.Generic (1) 14:58:30.0724 2560 [ 903DE75450A5CC4B26C3D33E3A64FC58 ] acedrv03 C:\Windows\system32\drivers\acedrv03.sys 14:58:30.0784 2560 acedrv03 ( UnsignedFile.Multi.Generic ) - warning 14:58:30.0784 2560 acedrv03 - detected UnsignedFile.Multi.Generic (1) 14:58:30.0792 2560 [ 2D838D7CE9B7CDAFDEC7ED43CC99FA1E ] acedrv04 C:\Windows\system32\drivers\acedrv04.sys 14:58:30.0883 2560 acedrv04 ( UnsignedFile.Multi.Generic ) - warning 14:58:30.0884 2560 acedrv04 - detected UnsignedFile.Multi.Generic (1) 14:58:30.0918 2560 [ 0A1E97197609F92D2425B67DA0BB0A7F ] acedrv05 C:\Windows\system32\drivers\acedrv05.sys 14:58:30.0951 2560 acedrv05 ( UnsignedFile.Multi.Generic ) - warning 14:58:30.0951 2560 acedrv05 - detected UnsignedFile.Multi.Generic (1) 14:58:30.0981 2560 [ 44010948BDE6ADE50DD1386657C73E83 ] acedrv06 C:\Windows\system32\drivers\acedrv06.sys 14:58:31.0059 2560 acedrv06 ( UnsignedFile.Multi.Generic ) - warning 14:58:31.0059 2560 acedrv06 - detected UnsignedFile.Multi.Generic (1) 14:58:31.0136 2560 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] acedrv07 C:\Windows\system32\drivers\acedrv07.sys 14:58:31.0235 2560 acedrv07 ( UnsignedFile.Multi.Generic ) - warning 14:58:31.0235 2560 acedrv07 - detected UnsignedFile.Multi.Generic (1) 14:58:31.0496 2560 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:58:31.0564 2560 ACPI - ok 14:58:33.0031 2560 [ 24A72A954F5686C522E18F7E70A59BCE ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 14:58:33.0249 2560 AcrSch2Svc - ok 14:58:33.0486 2560 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 14:58:33.0548 2560 AdobeARMservice - ok 14:58:33.0934 2560 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:58:34.0007 2560 AdobeFlashPlayerUpdateSvc - ok 14:58:34.0150 2560 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:58:34.0201 2560 adp94xx - ok 14:58:34.0262 2560 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:58:34.0330 2560 adpahci - ok 14:58:34.0392 2560 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:58:34.0408 2560 adpu160m - ok 14:58:34.0422 2560 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:58:34.0440 2560 adpu320 - ok 14:58:34.0638 2560 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:58:34.0813 2560 AeLookupSvc - ok 14:58:34.0962 2560 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 14:58:35.0093 2560 AFD - ok 14:58:35.0221 2560 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:58:35.0287 2560 agp440 - ok 14:58:35.0342 2560 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:58:35.0357 2560 aic78xx - ok 14:58:35.0465 2560 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 14:58:35.0670 2560 ALG - ok 14:58:35.0719 2560 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys 14:58:35.0780 2560 aliide - ok 14:58:35.0858 2560 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys 14:58:35.0872 2560 amdagp - ok 14:58:35.0903 2560 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys 14:58:35.0917 2560 amdide - ok 14:58:36.0016 2560 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 14:58:36.0268 2560 AmdK7 - ok 14:58:36.0305 2560 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:58:36.0435 2560 AmdK8 - ok 14:58:36.0892 2560 [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 14:58:36.0960 2560 AntiVirSchedulerService - ok 14:58:37.0045 2560 [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 14:58:37.0104 2560 AntiVirService - ok 14:58:37.0194 2560 [ 64F24088DBB1D68EE9963F66F8EB68CF ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys 14:58:37.0259 2560 AnyDVD - ok 14:58:37.0437 2560 [ 29C537D74694DE38B07B8D0C37BC25C5 ] APL531 C:\Windows\system32\Drivers\HDvid.sys 14:58:37.0579 2560 APL531 ( UnsignedFile.Multi.Generic ) - warning 14:58:37.0579 2560 APL531 - detected UnsignedFile.Multi.Generic (1) 14:58:37.0679 2560 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 14:58:37.0797 2560 Appinfo - ok 14:58:38.0196 2560 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:58:38.0252 2560 Apple Mobile Device - ok 14:58:38.0426 2560 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 14:58:38.0441 2560 arc - ok 14:58:38.0668 2560 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:58:38.0735 2560 arcsas - ok 14:58:38.0900 2560 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:58:38.0990 2560 AsyncMac - ok 14:58:39.0063 2560 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 14:58:39.0078 2560 atapi - ok 14:58:39.0193 2560 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:58:39.0289 2560 AudioEndpointBuilder - ok 14:58:39.0297 2560 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:58:39.0325 2560 Audiosrv - ok 14:58:39.0404 2560 [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 14:58:39.0467 2560 avgntflt - ok 14:58:39.0552 2560 [ C499333D8915597FE415F0058EFFD7D2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 14:58:39.0569 2560 avipbb - ok 14:58:39.0678 2560 [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 14:58:39.0743 2560 avkmgr - ok 14:58:39.0907 2560 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys 14:58:40.0025 2560 bcm4sbxp - ok 14:58:40.0163 2560 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 14:58:40.0272 2560 Beep - ok 14:58:40.0387 2560 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 14:58:40.0524 2560 BFE - ok 14:58:40.0917 2560 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 14:58:41.0167 2560 BITS - ok 14:58:41.0173 2560 blbdrive - ok 14:58:41.0520 2560 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 14:58:41.0837 2560 Bonjour Service - ok 14:58:41.0963 2560 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:58:42.0035 2560 bowser - ok 14:58:42.0262 2560 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:58:42.0295 2560 BrFiltLo - ok 14:58:42.0318 2560 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:58:42.0364 2560 BrFiltUp - ok 14:58:42.0488 2560 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 14:58:42.0612 2560 Browser - ok 14:58:42.0725 2560 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 14:58:42.0873 2560 Brserid - ok 14:58:42.0964 2560 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:58:43.0060 2560 BrSerWdm - ok 14:58:43.0194 2560 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:58:43.0309 2560 BrUsbMdm - ok 14:58:43.0346 2560 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:58:43.0471 2560 BrUsbSer - ok 14:58:43.0551 2560 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:58:43.0641 2560 BTHMODEM - ok 14:58:43.0776 2560 [ E156C353FCBC05DB5DEE57BE0592F2D4 ] camfilt C:\Windows\system32\Drivers\camfilt.sys 14:58:43.0930 2560 camfilt ( UnsignedFile.Multi.Generic ) - warning 14:58:43.0930 2560 camfilt - detected UnsignedFile.Multi.Generic (1) 14:58:44.0574 2560 catchme - ok 14:58:44.0701 2560 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:58:44.0805 2560 cdfs - ok 14:58:44.0917 2560 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:58:45.0007 2560 cdrom - ok 14:58:45.0105 2560 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 14:58:45.0217 2560 CertPropSvc - ok 14:58:45.0333 2560 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 14:58:45.0425 2560 circlass - ok 14:58:45.0500 2560 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 14:58:45.0562 2560 CLFS - ok 14:58:46.0167 2560 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:58:46.0232 2560 clr_optimization_v2.0.50727_32 - ok 14:58:46.0937 2560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:58:47.0167 2560 clr_optimization_v4.0.30319_32 - ok 14:58:47.0246 2560 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:58:47.0332 2560 CmBatt - ok 14:58:47.0446 2560 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:58:47.0501 2560 cmdide - ok 14:58:47.0562 2560 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:58:47.0624 2560 Compbatt - ok 14:58:47.0630 2560 COMSysApp - ok 14:58:47.0677 2560 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:58:47.0741 2560 crcdisk - ok 14:58:47.0797 2560 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 14:58:47.0909 2560 Crusoe - ok 14:58:47.0990 2560 Crypkey License - ok 14:58:48.0067 2560 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:58:48.0179 2560 CryptSvc - ok 14:58:48.0291 2560 [ 310C5EC0B4278211089F0A5E915D025F ] cvintdrv C:\Windows\system32\drivers\cvintdrv.sys 14:58:48.0373 2560 cvintdrv ( UnsignedFile.Multi.Generic ) - warning 14:58:48.0373 2560 cvintdrv - detected UnsignedFile.Multi.Generic (1) 14:58:48.0801 2560 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:58:48.0989 2560 DcomLaunch - ok 14:58:49.0082 2560 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:58:49.0161 2560 DfsC - ok 14:58:50.0078 2560 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 14:58:50.0347 2560 DFSR - ok 14:58:50.0488 2560 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:58:50.0544 2560 Dhcp - ok 14:58:50.0652 2560 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 14:58:50.0675 2560 disk - ok 14:58:50.0783 2560 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:58:50.0859 2560 Dnscache - ok 14:58:50.0982 2560 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:58:51.0047 2560 dot3svc - ok 14:58:51.0159 2560 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 14:58:51.0191 2560 DPS - ok 14:58:51.0304 2560 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:58:51.0360 2560 drmkaud - ok 14:58:51.0526 2560 [ 01D5B95D0A12A916BBDC258629113258 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe 14:58:51.0570 2560 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning 14:58:51.0570 2560 DSBrokerService - detected UnsignedFile.Multi.Generic (1) 14:58:51.0679 2560 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 14:58:51.0790 2560 DSproct ( UnsignedFile.Multi.Generic ) - warning 14:58:51.0790 2560 DSproct - detected UnsignedFile.Multi.Generic (1) 14:58:51.0868 2560 [ 64FA28C15DD71A80BEF3527E1EF07DF6 ] dsunidrv C:\Program Files\DellSupport\Drivers\dsunidrv.sys 14:58:51.0915 2560 dsunidrv ( UnsignedFile.Multi.Generic ) - warning 14:58:51.0915 2560 dsunidrv - detected UnsignedFile.Multi.Generic (1) 14:58:52.0115 2560 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:58:52.0161 2560 DXGKrnl - ok 14:58:52.0394 2560 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys 14:58:52.0482 2560 e1express - ok 14:58:52.0602 2560 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 14:58:52.0658 2560 E1G60 - ok 14:58:52.0782 2560 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 14:58:52.0846 2560 EapHost - ok 14:58:53.0032 2560 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 14:58:53.0052 2560 Ecache - ok 14:58:53.0219 2560 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:58:53.0311 2560 ehRecvr - ok 14:58:53.0344 2560 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 14:58:53.0635 2560 ehSched - ok 14:58:53.0650 2560 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 14:58:53.0693 2560 ehstart - ok 14:58:53.0785 2560 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 14:58:53.0864 2560 ElbyCDIO - ok 14:58:54.0126 2560 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:58:54.0196 2560 elxstor - ok 14:58:54.0579 2560 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:58:54.0706 2560 EMDMgmt - ok 14:58:54.0862 2560 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 14:58:54.0918 2560 EventSystem - ok 14:58:55.0081 2560 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 14:58:55.0217 2560 exfat - ok 14:58:55.0377 2560 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:58:55.0491 2560 fastfat - ok 14:58:55.0602 2560 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:58:55.0678 2560 fdc - ok 14:58:55.0794 2560 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 14:58:55.0874 2560 fdPHost - ok 14:58:55.0925 2560 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 14:58:55.0994 2560 FDResPub - ok 14:58:56.0109 2560 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:58:56.0135 2560 FileInfo - ok 14:58:56.0166 2560 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:58:56.0223 2560 Filetrace - ok 14:58:56.0272 2560 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:58:56.0350 2560 flpydisk - ok 14:58:56.0469 2560 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:58:56.0489 2560 FltMgr - ok 14:58:56.0662 2560 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 14:58:56.0792 2560 FontCache - ok 14:58:56.0905 2560 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:58:56.0919 2560 FontCache3.0.0.0 - ok 14:58:57.0023 2560 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:58:57.0125 2560 Fs_Rec - ok 14:58:57.0261 2560 [ 7C17235845D5AE3FB33EAD47B5881521 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys 14:58:57.0274 2560 FTDIBUS - ok 14:58:57.0302 2560 [ 23220A4709CC5785F9633BA71416145C ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys 14:58:57.0314 2560 FTSER2K - ok 14:58:57.0345 2560 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:58:57.0360 2560 gagp30kx - ok 14:58:57.0467 2560 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys 14:58:57.0493 2560 GEARAspiWDM - ok 14:58:57.0613 2560 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 14:58:57.0722 2560 gpsvc - ok 14:58:58.0042 2560 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b1767bde6700 C:\Program Files\Google\Update\GoogleUpdate.exe 14:58:58.0055 2560 gupdate1c9b1767bde6700 - ok 14:58:58.0108 2560 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 14:58:58.0121 2560 gupdatem - ok 14:58:58.0268 2560 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 14:58:58.0281 2560 gusvc - ok 14:58:58.0407 2560 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 14:58:58.0439 2560 hamachi - ok 14:58:58.0514 2560 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:58:58.0626 2560 HdAudAddService - ok 14:58:58.0895 2560 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:58:59.0013 2560 HDAudBus - ok 14:58:59.0072 2560 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:58:59.0194 2560 HidBth - ok 14:58:59.0211 2560 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 14:58:59.0306 2560 HidIr - ok 14:58:59.0434 2560 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 14:58:59.0496 2560 hidserv - ok 14:58:59.0675 2560 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:58:59.0751 2560 HidUsb - ok 14:58:59.0828 2560 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:58:59.0896 2560 hkmsvc - ok 14:58:59.0951 2560 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:58:59.0971 2560 HpCISSs - ok 14:59:00.0494 2560 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 14:59:00.0614 2560 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 14:59:00.0614 2560 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 14:59:00.0949 2560 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 14:59:01.0124 2560 HSF_DPV - ok 14:59:01.0189 2560 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 14:59:01.0264 2560 HSXHWAZL - ok 14:59:01.0455 2560 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:59:01.0555 2560 HTTP - ok 14:59:01.0633 2560 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:59:01.0667 2560 i2omp - ok 14:59:01.0799 2560 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:59:02.0013 2560 i8042prt - ok 14:59:02.0073 2560 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:59:02.0109 2560 iaStorV - ok 14:59:02.0356 2560 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 14:59:02.0399 2560 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:59:02.0399 2560 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:59:02.0648 2560 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:59:02.0721 2560 idsvc - ok 14:59:02.0737 2560 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:59:02.0751 2560 iirsp - ok 14:59:02.0963 2560 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 14:59:03.0058 2560 IKEEXT - ok 14:59:03.0158 2560 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 14:59:03.0173 2560 intelide - ok 14:59:03.0271 2560 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:59:03.0299 2560 intelppm - ok 14:59:03.0399 2560 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:59:03.0454 2560 IPBusEnum - ok 14:59:03.0479 2560 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:59:03.0517 2560 IpFilterDriver - ok 14:59:03.0610 2560 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:59:03.0688 2560 iphlpsvc - ok 14:59:03.0694 2560 IpInIp - ok 14:59:03.0729 2560 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:59:03.0787 2560 IPMIDRV - ok 14:59:03.0887 2560 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:59:03.0956 2560 IPNAT - ok 14:59:04.0183 2560 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:59:04.0229 2560 iPod Service - ok 14:59:04.0331 2560 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:59:04.0414 2560 IRENUM - ok 14:59:04.0480 2560 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:59:04.0497 2560 isapnp - ok 14:59:04.0637 2560 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:59:04.0655 2560 iScsiPrt - ok 14:59:04.0675 2560 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:59:04.0698 2560 iteatapi - ok 14:59:04.0805 2560 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:59:04.0863 2560 iteraid - ok 14:59:04.0915 2560 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:59:04.0932 2560 kbdclass - ok 14:59:05.0026 2560 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:59:05.0081 2560 kbdhid - ok 14:59:05.0192 2560 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 14:59:05.0270 2560 KeyIso - ok 14:59:05.0500 2560 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:59:05.0556 2560 KSecDD - ok 14:59:05.0749 2560 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 14:59:05.0945 2560 KtmRm - ok 14:59:06.0025 2560 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 14:59:06.0121 2560 LanmanServer - ok 14:59:06.0229 2560 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:59:06.0336 2560 LanmanWorkstation - ok 14:59:06.0382 2560 Lbd - ok 14:59:06.0762 2560 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 14:59:06.0782 2560 LBTServ - ok 14:59:06.0914 2560 [ 70035567754BED4E6AD353CA3F175127 ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys 14:59:06.0963 2560 LEqdUsb - ok 14:59:07.0050 2560 [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys 14:59:07.0073 2560 LHidEqd - ok 14:59:07.0165 2560 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 14:59:07.0188 2560 LHidFilt - ok 14:59:07.0273 2560 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:59:07.0352 2560 lltdio - ok 14:59:07.0403 2560 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:59:07.0461 2560 lltdsvc - ok 14:59:07.0528 2560 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:59:07.0580 2560 lmhosts - ok 14:59:07.0682 2560 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 14:59:07.0739 2560 LMouFilt - ok 14:59:07.0837 2560 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:59:07.0874 2560 LSI_FC - ok 14:59:07.0890 2560 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:59:07.0906 2560 LSI_SAS - ok 14:59:08.0011 2560 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:59:08.0033 2560 LSI_SCSI - ok 14:59:08.0153 2560 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 14:59:08.0225 2560 luafv - ok 14:59:08.0324 2560 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys 14:59:08.0446 2560 MarvinBus ( UnsignedFile.Multi.Generic ) - warning 14:59:08.0446 2560 MarvinBus - detected UnsignedFile.Multi.Generic (1) 14:59:08.0473 2560 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 14:59:08.0488 2560 MBAMProtector - ok 14:59:08.0643 2560 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 14:59:08.0772 2560 MBAMScheduler - ok 14:59:08.0994 2560 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 14:59:09.0126 2560 MBAMService - ok 14:59:09.0213 2560 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:59:09.0279 2560 Mcx2Svc - ok 14:59:09.0357 2560 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 14:59:09.0394 2560 mdmxsdk - ok 14:59:09.0489 2560 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 14:59:09.0513 2560 megasas - ok 14:59:09.0902 2560 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 14:59:09.0923 2560 Microsoft Office Groove Audit Service - ok 14:59:10.0019 2560 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 14:59:10.0086 2560 MMCSS - ok 14:59:10.0257 2560 [ D7780974883D255548A5EBB07F2D0EEC ] mod7700 C:\Windows\system32\DRIVERS\dvb7700all.sys 14:59:10.0333 2560 mod7700 - ok 14:59:10.0356 2560 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 14:59:10.0385 2560 Modem - ok 14:59:10.0488 2560 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:59:10.0550 2560 monitor - ok 14:59:10.0568 2560 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:59:10.0584 2560 mouclass - ok 14:59:10.0630 2560 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:59:10.0681 2560 mouhid - ok 14:59:10.0824 2560 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:59:10.0849 2560 MountMgr - ok 14:59:11.0030 2560 [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 14:59:11.0100 2560 MozillaMaintenance - ok 14:59:11.0330 2560 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 14:59:11.0404 2560 mpio - ok 14:59:11.0474 2560 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:59:11.0671 2560 mpsdrv - ok 14:59:11.0827 2560 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 14:59:11.0899 2560 MpsSvc - ok 14:59:11.0954 2560 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:59:11.0979 2560 Mraid35x - ok 14:59:12.0073 2560 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:59:12.0105 2560 MRxDAV - ok 14:59:12.0196 2560 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:59:12.0271 2560 mrxsmb - ok 14:59:12.0395 2560 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:59:12.0447 2560 mrxsmb10 - ok 14:59:12.0479 2560 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:59:12.0512 2560 mrxsmb20 - ok 14:59:12.0545 2560 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys 14:59:12.0558 2560 msahci - ok 14:59:12.0573 2560 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:59:12.0589 2560 msdsm - ok 14:59:12.0699 2560 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 14:59:12.0780 2560 MSDTC - ok 14:59:12.0873 2560 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:59:12.0944 2560 Msfs - ok 14:59:13.0042 2560 [ 956741C67ABAA78B19AADC5474936842 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys 14:59:13.0165 2560 MSHUSBVideo - ok 14:59:13.0276 2560 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:59:13.0291 2560 msisadrv - ok 14:59:13.0396 2560 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:59:13.0460 2560 MSiSCSI - ok 14:59:13.0497 2560 msiserver - ok 14:59:13.0565 2560 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:59:13.0659 2560 MSKSSRV - ok 14:59:13.0754 2560 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:59:13.0845 2560 MSPCLOCK - ok 14:59:13.0900 2560 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:59:13.0943 2560 MSPQM - ok 14:59:14.0050 2560 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:59:14.0078 2560 MsRPC - ok 14:59:14.0169 2560 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:59:14.0184 2560 mssmbios - ok 14:59:14.0266 2560 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:59:14.0331 2560 MSTEE - ok 14:59:14.0414 2560 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 14:59:14.0435 2560 Mup - ok 14:59:14.0555 2560 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 14:59:14.0640 2560 napagent - ok 14:59:14.0728 2560 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:59:14.0748 2560 NativeWifiP - ok 14:59:14.0859 2560 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:59:14.0906 2560 NDIS - ok 14:59:15.0017 2560 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:59:15.0054 2560 NdisTapi - ok 14:59:15.0151 2560 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:59:15.0192 2560 Ndisuio - ok 14:59:15.0289 2560 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:59:15.0325 2560 NdisWan - ok 14:59:15.0419 2560 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:59:15.0529 2560 NDProxy - ok 14:59:15.0612 2560 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:59:15.0673 2560 NetBIOS - ok 14:59:15.0777 2560 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:59:15.0837 2560 netbt - ok 14:59:15.0893 2560 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 14:59:15.0909 2560 Netlogon - ok 14:59:16.0108 2560 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 14:59:16.0236 2560 Netman - ok 14:59:16.0395 2560 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 14:59:16.0428 2560 netprofm - ok 14:59:16.0536 2560 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:59:16.0590 2560 NetTcpPortSharing - ok 14:59:17.0507 2560 [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 14:59:17.0778 2560 NETw3v32 - ok 14:59:18.0629 2560 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys 14:59:18.0950 2560 NETw4v32 - ok 14:59:19.0061 2560 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\Windows\system32\ckldrv.sys 14:59:19.0138 2560 NetworkX ( UnsignedFile.Multi.Generic ) - warning 14:59:19.0138 2560 NetworkX - detected UnsignedFile.Multi.Generic (1) 14:59:19.0167 2560 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:59:19.0181 2560 nfrd960 - ok 14:59:19.0293 2560 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:59:19.0367 2560 NlaSvc - ok 14:59:19.0517 2560 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:59:19.0543 2560 Npfs - ok 14:59:19.0646 2560 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 14:59:19.0716 2560 nsi - ok 14:59:19.0768 2560 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:59:19.0835 2560 nsiproxy - ok 14:59:19.0841 2560 ntcdrdrv - ok 14:59:20.0204 2560 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:59:20.0401 2560 Ntfs - ok 14:59:20.0462 2560 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 14:59:20.0554 2560 ntrigdigi - ok 14:59:20.0643 2560 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 14:59:20.0703 2560 Null - ok 14:59:21.0563 2560 [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:59:22.0887 2560 nvlddmkm - ok 14:59:23.0248 2560 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:59:23.0264 2560 nvraid - ok 14:59:23.0350 2560 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:59:23.0365 2560 nvstor - ok 14:59:23.0389 2560 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:59:23.0405 2560 nv_agp - ok 14:59:23.0411 2560 NwlnkFlt - ok 14:59:23.0419 2560 NwlnkFwd - ok 14:59:23.0812 2560 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:59:23.0863 2560 odserv - ok 14:59:23.0967 2560 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:59:24.0023 2560 ohci1394 - ok 14:59:24.0150 2560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:59:24.0179 2560 ose - ok 14:59:24.0301 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:59:24.0448 2560 p2pimsvc - ok 14:59:24.0734 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 14:59:24.0812 2560 p2psvc - ok 14:59:24.0932 2560 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 14:59:24.0991 2560 Parport - ok 14:59:25.0115 2560 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:59:25.0132 2560 partmgr - ok 14:59:25.0142 2560 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 14:59:25.0213 2560 Parvdm - ok 14:59:25.0315 2560 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 14:59:25.0415 2560 PcaSvc - ok 14:59:25.0549 2560 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 14:59:25.0599 2560 pci - ok 14:59:25.0713 2560 [ 20B869152448F80AC49CF10264E91F5E ] pciide C:\Windows\system32\DRIVERS\pciide.sys 14:59:25.0726 2560 pciide - ok 14:59:25.0752 2560 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:59:25.0770 2560 pcmcia - ok 14:59:25.0912 2560 pcouffin - ok 14:59:26.0138 2560 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:59:26.0285 2560 PEAUTH - ok 14:59:26.0482 2560 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 14:59:26.0692 2560 pla - ok 14:59:26.0823 2560 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:59:26.0887 2560 PlugPlay - ok 14:59:27.0076 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:59:27.0136 2560 PNRPAutoReg - ok 14:59:27.0298 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:59:27.0383 2560 PNRPsvc - ok 14:59:27.0501 2560 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:59:27.0618 2560 PolicyAgent - Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
![]() | ![]() GVU Trojaner 2.07 auf Windows Vista Hallo hab den scan durchgeführt! Anbei die logfile! Vielen Dank für deine Mühe! aswMBR version Copyright(c) 2011 AVAST Software Run date: 2012-10-26 15:23:57 ----------------------------- 15:23:57.475 OS Version: Windows 6.0.6002 Service Pack 2 15:23:57.475 Number of processors: 2 586 0xF06 15:23:57.476 ComputerName: VW UserName: 15:23:59.126 Initialize success 15:24:08.473 AVAST engine defs: 12102600 15:24:19.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 15:24:19.760 Disk 0 Vendor: ST9160821AS 3.CDD Size: 152627MB BusType: 3 15:24:19.855 Disk 0 MBR read successfully 15:24:19.858 Disk 0 MBR scan 15:24:19.920 Disk 0 Windows XP default MBR code 15:24:19.943 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63 15:24:19.950 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792 15:24:20.049 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 130259 MB offset 21133312 15:24:20.055 Disk 0 Partition - 00 0F Extended LBA 12033 MB offset 287916930 15:24:20.140 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 12033 MB offset 287916993 15:24:20.159 Disk 0 scanning sectors +312560640 15:24:20.438 Disk 0 scanning C:\Windows\system32\drivers 15:25:00.615 Service scanning 15:26:02.280 Modules scanning 15:27:08.145 Disk 0 trace - called modules: 15:27:08.170 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 15:27:08.176 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8984aac8] 15:27:08.182 3 CLASSPNP.SYS[8bfa98b3] -> nt!IofCallDriver -> [0x88e0a860] 15:27:08.187 5 acpi.sys[8ba986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x88dddb98] 15:27:10.426 AVAST engine scan C:\Windows 15:27:38.201 AVAST engine scan C:\Windows\system32 15:34:02.320 AVAST engine scan C:\Windows\system32\drivers 15:34:30.522 AVAST engine scan C:\Users\Arian 15:49:17.562 Disk 0 MBR has been saved successfully to "C:\Users\Arian\Desktop\MBR.dat" 15:49:17.570 The log file has been saved successfully to "C:\Users\Arian\Desktop\aswMBR.txt" |
Sieht auch gut aus Ok, eine Kontrolle bitte:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
![]() | ![]() GVU Trojaner 2.07 auf Windows Vista Das freut mich, wenn du das so siehst....vielen Dank, dass du dir so viel Zeit nimmst! OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.10.2012 17:11:02 - Run 5 OTL by OldTimer - Version Folder = C:\Users\Arian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,44% Memory free 4,23 Gb Paging File | 2,98 Gb Available in Paging File | 70,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,21 Gb Total Space | 8,17 Gb Free Space | 6,42% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,28 Gb Free Space | 62,84% Space Free | Partition Type: NTFS Drive G: | 11,75 Gb Total Space | 1,98 Gb Free Space | 16,88% Space Free | Partition Type: NTFS Drive H: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: VW | User Name: Arian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\Windows\sttray.exe (SigmaTel, Inc.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Modules (No Company Name) ========== MOD - C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\RocketDock\RocketDock.exe () MOD - C:\Program Files\RocketDock\RocketDock.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (StarOpen) -- File not found DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found DRV - (pcouffin) -- System32\Drivers\pcouffin.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (ntcdrdrv) -- system32\DRIVERS\ntcdrdrv.sys File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Arian\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (vaxscsi) -- C:\Windows\System32\drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis) DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation) DRV - (acedrv07) -- C:\Windows\System32\drivers\acedrv07.sys (Protect Software GmbH) DRV - (acedrv06) -- C:\Windows\System32\drivers\acedrv06.sys (Protect Software GmbH) DRV - (acedrv05) -- C:\Windows\System32\drivers\acedrv05.sys (Protect Software GmbH) DRV - (acedrv04) -- C:\Windows\System32\drivers\acedrv04.sys (Protect Software GmbH) DRV - (acedrv03) -- C:\Windows\System32\drivers\acedrv03.sys (ACE GmbH) DRV - (acedrv02) -- C:\Windows\System32\drivers\acedrv02.sys (ACE GmbH) DRV - (acedrv01) -- C:\Windows\System32\drivers\acedrv01.sys (ACE GmbH) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.) DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (APL531) -- C:\Windows\System32\drivers\HDvid.sys (Guillemont Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (camfilt) -- C:\Windows\System32\drivers\camfilt.sys (Guillemot Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (TACXDEV) -- C:\Windows\System32\drivers\I-magic.sys () DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&ie=UTF-8 IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes,DefaultScope = {BD7AF474-87E6-4D84-91DB-6E20CABD2968} IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60342 IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{624F85FF-C226-4D55-BEDB-9947BC90BD07}: "URL" = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_deDE321 IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{BD7AF474-87E6-4D84-91DB-6E20CABD2968}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Arian\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.26 14:38:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Arian\Program Files\DNA [2009.02.19 17:02:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M] [2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions [2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008.05.22 11:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.10.26 10:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions [2010.04.29 09:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.04 01:30:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.09.18 20:52:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2007.09.25 23:13:09 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2009.11.10 23:07:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\firefox@tvunetworks.com [2012.09.15 18:00:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\ich@maltegoetz.de [2011.11.24 19:57:12 | 000,079,365 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\anticontainer@downthemall.net.xpi [2012.10.14 22:41:15 | 000,340,281 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.10.11 15:02:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.30 14:38:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.15 17:11:04 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.10.26 10:08:56 | 000,000,944 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\searchplugins\icqplugin.xml [2012.10.12 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.10.12 16:07:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.10.12 16:07:15 | 000,000,000 | ---D | M] ("Yummy CONDUIT Player") -- C:\Program Files\Mozilla Firefox\extensions\YPlayer@yummy.net [2012.10.12 16:07:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.10.12 16:07:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 16:07:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2012.10.12 16:07:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.12 16:07:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.12 16:07:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.12 16:07:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: Gmail = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.26 09:25:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O3 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000..\Run: [Spotify Web Helper] C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAF018CD-C243-4E7B-B0DC-380877BB67CA}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00ED8B3-C96D-49B1-8E48-CCA13BA1D7AE}: DhcpNameServer = O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (a) O34 - HKLM BootExecute: (u) O34 - HKLM BootExecute: (t) O34 - HKLM BootExecute: (o) O34 - HKLM BootExecute: (c) O34 - HKLM BootExecute: (h) O34 - HKLM BootExecute: (e) O34 - HKLM BootExecute: (c) O34 - HKLM BootExecute: (k) O34 - HKLM BootExecute: (a) O34 - HKLM BootExecute: (u) O34 - HKLM BootExecute: (t) O34 - HKLM BootExecute: (o) O34 - HKLM BootExecute: (c) O34 - HKLM BootExecute: (h) O34 - HKLM BootExecute: (k) O34 - HKLM BootExecute: (*) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.26 15:20:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Arian\Desktop\aswMBR.exe [2012.10.26 14:42:49 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Arian\Desktop\tdsskiller.exe [2012.10.26 09:31:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.26 09:31:43 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.26 09:31:43 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\temp [2012.10.26 09:01:57 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.25 16:27:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.25 16:27:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.25 16:27:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.25 16:27:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.25 16:26:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.25 16:19:12 | 004,988,534 | R--- | C] (Swearware) -- C:\Users\Arian\Desktop\ComboFix.exe [2012.10.22 19:41:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe [2012.10.16 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Malwarebytes [2012.10.16 21:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.16 21:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.16 21:42:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.16 21:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.16 21:01:43 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\CrashDumps [2012.10.15 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Arian\Local Settings [2012.10.12 16:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.12 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\Arian\Desktop\Medizinbücher [2012.10.11 15:14:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.11 15:13:36 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.11 15:13:35 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.27 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Avira [2012.09.27 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.27 17:51:38 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.27 17:51:38 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.09.27 17:51:38 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2008.01.26 22:17:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Arian\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.26 17:11:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.26 17:11:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.26 17:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.26 17:02:44 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.001 [2012.10.26 17:01:29 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 17:01:28 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 17:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.26 15:49:17 | 000,000,512 | ---- | M] () -- C:\Users\Arian\Desktop\MBR.dat [2012.10.26 15:20:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Arian\Desktop\aswMBR.exe [2012.10.26 14:42:50 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Arian\Desktop\tdsskiller.exe [2012.10.26 13:39:55 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.26 13:39:55 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.26 13:39:55 | 000,131,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.26 13:39:55 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.26 09:25:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.26 08:59:12 | 004,988,534 | R--- | M] (Swearware) -- C:\Users\Arian\Desktop\ComboFix.exe [2012.10.23 20:42:32 | 000,302,592 | ---- | M] () -- C:\Users\Arian\Desktop\g59dx8n2.exe [2012.10.23 19:58:34 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe [2012.10.22 19:13:01 | 000,000,020 | ---- | M] () -- C:\Users\Arian\defogger_reenable [2012.10.22 19:10:57 | 000,050,477 | ---- | M] () -- C:\Users\Arian\Desktop\Defogger.exe [2012.10.17 19:27:35 | 000,213,504 | ---- | M] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.12 12:27:54 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.12 12:27:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.09 22:34:56 | 000,304,389 | ---- | M] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf [2012.10.08 18:36:33 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.26 15:49:17 | 000,000,512 | ---- | C] () -- C:\Users\Arian\Desktop\MBR.dat [2012.10.25 16:27:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.25 16:27:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.25 16:27:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.25 16:27:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.25 16:27:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.23 20:42:06 | 000,302,592 | ---- | C] () -- C:\Users\Arian\Desktop\g59dx8n2.exe [2012.10.22 19:12:02 | 000,000,020 | ---- | C] () -- C:\Users\Arian\defogger_reenable [2012.10.22 19:10:56 | 000,050,477 | ---- | C] () -- C:\Users\Arian\Desktop\Defogger.exe [2012.10.16 21:42:52 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 22:34:51 | 000,304,389 | ---- | C] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf [2012.02.05 11:32:53 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2012.02.05 11:32:06 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini [2012.02.05 11:29:49 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2012.02.05 11:29:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2012.02.05 11:29:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2012.02.05 11:29:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2011.09.10 14:14:48 | 000,000,261 | ---- | C] () -- C:\ProgramData\lxdi [2011.06.17 18:09:28 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.05.17 21:45:15 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe [2011.04.12 20:21:56 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini [2010.08.04 16:45:55 | 000,019,456 | ---- | C] () -- C:\Users\Arian\AppData\Local\WebpageIcons.db [2008.05.14 17:59:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.01.26 22:17:42 | 000,007,887 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.cat [2008.01.26 22:17:42 | 000,001,144 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.inf [2008.01.23 19:26:12 | 000,000,093 | ---- | C] () -- C:\Users\Arian\AppData\Local\fusioncache.dat [2007.11.23 19:17:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.08.19 18:57:10 | 000,007,268 | ---- | C] () -- C:\Users\Arian\AppData\Local\d3d9caps.dat [2007.05.04 20:25:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.04.29 13:34:35 | 000,000,040 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\.zreglib [2007.04.29 11:27:33 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib [2007.04.27 21:41:09 | 000,022,869 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\UserTile.png [2007.04.24 21:43:52 | 000,000,020 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\anzds [2007.04.12 22:41:43 | 000,000,114 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\wklnhst.dat [2007.04.12 22:29:26 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.001 [2007.04.12 20:10:43 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat [2007.04.12 18:01:59 | 000,213,504 | ---- | C] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Meine Projekte:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Hercules webcam:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Eigene Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C39E55C5 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.10.2012 17:11:02 - Run 5 OTL by OldTimer - Version Folder = C:\Users\Arian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,44% Memory free 4,23 Gb Paging File | 2,98 Gb Available in Paging File | 70,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,21 Gb Total Space | 8,17 Gb Free Space | 6,42% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,28 Gb Free Space | 62,84% Space Free | Partition Type: NTFS Drive G: | 11,75 Gb Total Space | 1,98 Gb Free Space | 16,88% Space Free | Partition Type: NTFS Drive H: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: VW | User Name: Arian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .cmd [@ = cmdfile] -- Reg Error: Key error. File not found .com [@ = ComFile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .pif [@ = piffile] -- Reg Error: Key error. File not found .vbs [@ = VBSFile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{021CE6B5-29E7-47E9-B4F0-8082C1D13564}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{049FB088-F756-433C-BDDA-A78DAF3ACDD3}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{0513F805-EE41-4481-8F9B-D709BBD97390}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{09FFAF7E-960D-4ABA-A045-85BDA089DFE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0A8DFADB-D503-412D-B3C0-E114A47EA519}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{0BDF2BEC-847F-49FD-8EAC-B3C672CADC8F}" = rport=5358 | protocol=6 | dir=out | app=system | "{0E04FB00-3695-455E-A0B4-4C8C301A10C6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{13977CDB-7542-4BA7-AF1D-7C320EC8F41C}" = lport=5357 | protocol=6 | dir=in | app=system | "{1E923DC5-5E46-40F5-903D-BB6BC1653C3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1F229CA4-592B-4054-B9D7-F69A200C032A}" = lport=2869 | protocol=6 | dir=in | app=system | "{2723FCC0-B8E0-4F43-89F4-61081BF2C3A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2FB6931A-54B5-4C68-B55E-81F1552F27D3}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{33FC821B-6B63-4E2E-B682-3EBBB0AF2BE5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{3A80DED8-DABC-4C36-8670-880373201E43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{429F39BA-EE00-407D-842A-A95A8D80E097}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{513EE075-DB1A-474E-8EDF-AC41FC6694EE}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{543848BB-5E2E-4133-AEFD-6926FC0BE268}" = rport=5357 | protocol=6 | dir=out | app=system | "{5F31737F-F58E-46F2-B252-613905BBCE2A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{6A1C3FD5-6C5C-4B6C-9B40-7892168EAE26}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B89AA1D-E8D8-419B-9F81-AF3CD086D79C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{718B4142-DE4D-4759-BF2C-F363A88804C5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{86E67164-CA97-436B-8BA6-8E5F29E10533}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{94B89420-A642-4E02-BA7A-E1973445CA5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9B021B77-8070-477A-9CFF-5D4CFDB6D5B4}" = rport=10243 | protocol=6 | dir=out | app=system | "{A17F10E9-A40D-416E-B5FE-0DDDEF5DE9D8}" = lport=10243 | protocol=6 | dir=in | app=system | "{A3433567-8BBF-4F91-B6AD-B0CF80C01A85}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA50E7E7-AE3E-4222-840F-BAD77794FA91}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{ABE23920-0CFA-4345-81EA-9DE9A753EFD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACE20BE8-225E-40FE-B543-70BE4536A494}" = lport=5358 | protocol=6 | dir=in | app=system | "{ADA203EE-DFF7-44EB-A15C-E4E1C338A511}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{B55BF4EB-4ABA-4261-A308-BB18A77B19DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C18E8273-483E-4780-A5D0-C531A2D45EEE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{D2CC04D7-842D-4546-B770-65F3DF9334A7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{EF22441F-6214-4540-B3DA-DD8A121512AF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{F3F8D745-A110-479D-99BE-66241F422013}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{F6E9DCA2-3075-4997-99DD-69E6D415EA62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FC7FFC37-308B-4CDF-9B67-9294A2D8F0A0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{FE5A3DB0-FD7C-46E2-9847-5F6721223DD9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0382256D-1651-4C96-9933-38590899D06D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{052F2719-8293-430F-A620-269562DCA924}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{063E21C7-01AE-4209-BE5B-B7084278F60C}" = protocol=6 | dir=out | app=system | "{06BB7ECA-77EF-459D-8224-E6B2991F31DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{0A80D270-C23A-492E-B53D-B70EBE0E0853}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | "{0B7E23F5-814F-44B8-9571-8AAEAE2154C4}" = protocol=6 | dir=in | app=c:\users\arian\appdata\local\temp\{37e0e4c5-eb61-4713-8aaf-2cb47f67d7f3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{128B0756-6B7D-49E5-A21F-0096DC8661AF}" = protocol=17 | dir=in | app=e:\alicesetup.exe | "{16A3FB3B-95EB-4B37-8CD7-FBE36D432A6D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{187333D2-F05F-42D8-84E4-CBA2FB8000EF}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{1DFBC355-1D44-4B06-BE7E-39503376E234}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{1E98B140-97D8-47A4-BE32-EFB1CCF3191D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{205E2994-96F9-49C2-A5D7-337A263F636D}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "{20E91D0D-2674-4021-97A3-8FAF206B5E71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{2131FBCE-22EC-4B6C-9C77-539DB8FC827C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2B21D0BF-276A-4F89-B937-0684F1A1BBEB}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | "{2B4356B2-6329-4A9C-89DB-CF0080D42E36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2B8E7C39-C7B1-45CE-83E5-4ACB8A474C28}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe | "{31286402-279E-4980-AE6E-FD9287BF6A2D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{32D4D9B2-49A8-4C8F-84B3-922A76B97631}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{3335D37B-3BD3-49BD-86A0-6AF1DD67E392}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe | "{34BE37AE-DF5F-46DD-86C3-7592AEA24CD5}" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\spsswinwrapide.exe | "{34ECF6AF-41F4-4818-8C71-F9B46B2AC8EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{35323808-4BB9-4A62-8B8C-5E0E8CCE19B6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{37055D18-A6A1-40A7-A880-6BF2B622EF11}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{378AA7DF-33F1-4684-83B4-D58B7742B4F1}" = protocol=6 | dir=in | app=e:\alicesetup.exe | "{3AD8C74E-B84B-4A77-BF1A-11FAA57C4FFE}" = protocol=6 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | "{44C0FD9E-7945-4F36-812C-E322CBD90EDA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | "{455708D8-2C26-4B4A-A244-D0754A468C30}" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\statistics.com | "{4576091A-667D-4DB8-A8D1-DFEB6F2CDA32}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{4798BFF9-1525-4EB8-9248-0ABB0A76AC49}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | "{48671982-DCFE-46A3-B4F1-224A96A73034}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | "{4A1D79D2-B736-4AC6-AB2D-592133C27182}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | "{50575455-377E-4577-9737-0ACED7B66C0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | "{50EFE315-D74B-4556-ABD0-91D6995D4FA3}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | "{56DFAB51-737A-484D-B637-30AD4AAD94FB}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{5D28380B-A0B8-4EA0-ACE6-1757E5CCB0A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5D65BC8D-FA54-433A-A51F-00C0009F63EE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{63469CA6-5805-4A4B-ACE4-09BBB89EA872}" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "{63826B34-3562-4A0A-BADD-A36B5F72249C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{64ABB2D4-F1C6-4625-879B-BC6824C5DD7D}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{66F445CC-68A3-4126-A7E8-CF242C303DC4}" = protocol=17 | dir=in | app=c:\users\arian\appdata\roaming\dropbox\bin\dropbox.exe | "{69824F82-AD9A-4D68-BBB3-F5BC3FB0AD3D}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{6AFB49BB-5BD7-485F-B98C-E85D4E42F8B0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | "{6C5A802F-D4AC-4B6A-B128-74C1072C9A03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D8655CE-FD8C-4A41-8F80-4E483D347BBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F5BD54B-212C-40EB-B6CE-85E7EA407A26}" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "{6FA38E9B-B034-4B01-9CD8-87499689049E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{72291701-964D-4EA8-B956-CFF2A7B15C2E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{73A8AF21-F2AF-4E8E-88DB-3FE5C403635A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{7514CA3C-5F94-4745-AFE6-66F67882AD52}" = dir=in | app=c:\program files\itunes\itunes.exe | "{7974B2F1-7B19-490E-9738-F802059AFFFA}" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\statistics.com | "{80E01EC6-F8BF-4991-A9BF-16CA3271F760}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{8664A34B-E1BC-4794-9CC1-666B6C90BCB8}" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 3\onlinetv.exe | "{892EEE45-DBD7-4518-9838-6D1BDBC0B914}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{8AA2F4E9-4AB5-4066-B16F-A579F78800C5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | "{8F038E99-7581-438F-95DA-5D2878F01B17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{906C9B10-7EC0-4CAD-9B17-805197678255}" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe | "{92293D3B-7FC8-4782-BB14-E43FAAF0DB01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{93A4C150-75F4-408F-B18F-D1F5E480942D}" = protocol=17 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | "{9A694649-8380-410E-89E0-F784B3190E38}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{9AF02751-3175-4CAB-B566-9D18999E0018}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{9BFAC798-200D-420D-827F-D3909F7350CC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{9E289384-BB9A-4F63-AB2B-9173BFE97A42}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{A0B338EC-6151-40C0-A018-E48F8B4CBA22}" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\spsswinwrapide.exe | "{A15B92D9-1421-4504-BDB9-2B9ECF3F0352}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{A1DB9AC2-458F-4381-84E4-9B8119D36113}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{A2B5C049-1130-4672-AC2E-D3D9DF58812E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{A3417207-337B-411B-AF4B-FB2F709B1D8B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A5CEFA79-F005-477F-B5B5-0E34A5CD21F3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{A68C80CD-84CD-4411-AD0E-C214079B7596}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | "{A9329D06-F6D7-4880-8886-31D681131760}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A963DFC3-2F03-43C9-B758-45D4EF582E02}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{B04714C5-E93C-4779-BAC5-95DE3B0BC24B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{B068F8CE-E89F-4971-ADF4-0D1C59A7B0DA}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{B132A689-FFD3-4693-842D-8CC7CA853E0C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{B274D054-5526-4362-BD58-E7EE041CB031}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{B3435E08-F493-4719-8A65-3276B7F309F1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{B44FC895-6EF0-42C8-9DF5-280C235A6268}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{BC714F0F-F477-49CC-B44F-D697B5625C4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{BCB8F71E-F5A9-4FDE-8501-CC45419DE5D2}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{BE98DBBA-BB40-4C32-8EB2-02D9762BA1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C01C611B-1047-4C2A-A60D-505806E6B697}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C068D891-1178-4FE7-BB4D-3A6FCBA9D592}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{C21742DC-ACB8-4CBE-822A-87626D18D9CC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | "{C40F7A58-92EA-438B-8D91-138E312F75DD}" = protocol=6 | dir=in | app=c:\users\arian\appdata\roaming\dropbox\bin\dropbox.exe | "{C42C1F48-F00B-4BDB-A28E-474E4D1BCD9A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{CB70BA9B-54B3-4F96-9912-D0B556933042}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{CCBCDB22-FB0B-4A58-9B40-DD0E363EC5C9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{CEA9CE3C-E7C6-403E-BE80-2BE8296C827D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CEEBCF99-B45C-419A-9DE3-F50CE8CBC830}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{D209A119-5D58-45F9-BE83-12115021EE0E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe | "{D4D031A4-8B7B-456D-A4ED-99625DAAB39D}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{D5446439-65F8-428C-98C0-D1079F4FA5B2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{D5E0CB67-06EA-4159-A962-2A0B6341A060}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{DA8222DE-D7FC-4368-898B-31345A44528C}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{DBA73136-CC06-4A11-A0EC-7337114D1E88}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DC6B3B3D-EA45-4166-8257-395DEEB52A3F}" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe | "{DE4C368E-7930-424D-9188-C8B2AF0AEE77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E2D6DD53-024D-42C0-A94D-8EB4D2E32584}" = protocol=17 | dir=in | app=c:\users\arian\appdata\local\temp\{37e0e4c5-eb61-4713-8aaf-2cb47f67d7f3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{E2E2DB10-AD3B-47B8-BFE7-D9D75D6A06D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E6F85A16-4448-4C76-B9F4-3DC8BB484E10}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | "{E8132F37-B18B-49BA-80D3-B795756FD44E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{EBEDA74B-6B17-431D-9360-85477B23B19E}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe | "{EC118054-DA1D-46EF-9BDE-58EA7E133E9E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "{F03AD1DE-8DCF-4A1E-BCC9-5567F4262A35}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{F1CFE3F4-98A5-4D41-9202-0B96AD3523A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5DF856C-FB73-4D9B-B6B3-996257ED6285}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | "{F6BB4F71-5528-4071-9E49-1E2ED1A549F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{F7DC54EC-7365-459C-99EC-11370E75463D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | "{FE4A99DE-6776-41C3-9718-DF384A402887}" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 3\onlinetv.exe | "TCP Query User{02D915B3-A094-4F99-9E52-3947AB6454FD}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | "TCP Query User{0643E886-A505-4B23-8930-28DE396436AA}C:\westwood\ar2\game.exe" = protocol=6 | dir=in | app=c:\westwood\ar2\game.exe | "TCP Query User{08BABBB3-F08B-4C3A-938D-1E4D4BCD1F32}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{0A209357-6A28-4E1D-B3B1-D0D3CD96AE09}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | "TCP Query User{1149F54B-5A76-4ED7-BDEA-AB85BED2C165}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{124D616D-BA1D-456C-A7FE-02FE0BABFCD0}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{1DCF370E-E346-4C7D-9A95-13F2CD800EA5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{2234A992-2466-4788-B3E7-419803A1B696}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | "TCP Query User{2BC616F3-CE1A-4F8A-964A-B9644EB84CFC}C:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe" = protocol=6 | dir=in | app=c:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe | "TCP Query User{2F66581C-28B5-48BA-B889-D6AD139C01D8}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | "TCP Query User{32616573-4D71-4E09-A62A-7C105EF2242D}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | "TCP Query User{33624005-6040-48CE-9C3F-92451AFF910E}C:\program files\anno 1602 königs-edition\1602.exe" = protocol=6 | dir=in | app=c:\program files\anno 1602 königs-edition\1602.exe | "TCP Query User{34070CD4-9F9E-45F0-B360-494B5199BBB6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{3B3E930C-6F70-40E2-A426-E8FEAC8C0CBC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{3B99CD4A-0807-43CF-A5B5-8F7A15D22512}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{3C7914E5-6400-4839-A7A8-813ADE792FF7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{3CE24E1F-76D6-4FD1-90B7-6F0FCFAFE608}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | "TCP Query User{3E9640C9-5524-4F47-8394-D7C228346015}C:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe" = protocol=6 | dir=in | app=c:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe | "TCP Query User{3FB9675A-6D74-4A00-8DA2-4A1762CD8760}C:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe | "TCP Query User{4312E7C1-D3B0-4B07-ABBF-C6787A2C0525}C:\users\arian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\arian\program files\dna\btdna.exe | "TCP Query User{4A83E954-E830-48F7-A299-15720E31C98E}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{4BA33F9A-3F7D-4EFD-9E99-1E1FC33E405D}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | "TCP Query User{4CBFFA5B-0CE9-4A61-B99B-9384247EC56E}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | "TCP Query User{4CCAEABA-280D-435C-9E68-6CD1B83D59E6}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{4E4B110C-7D35-4204-9442-88B2BFE29BBA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{5671C86F-EFC7-40BC-A163-DC3E677ACC3D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{568A9489-E821-4ABF-AFF8-BCA5F901EEE1}C:\program files\langenscheidt t1 7_0\aborttranslation.exe" = protocol=6 | dir=in | app=c:\program files\langenscheidt t1 7_0\aborttranslation.exe | "TCP Query User{5919162A-E744-4C0F-A0FC-24A1BBAF9CE3}J:\spiele\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=j:\spiele\age of empires ii\empires2.exe | "TCP Query User{599BA2C9-B34A-48A0-9C88-A4B0C3348FFA}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | "TCP Query User{5A61E940-F9F5-46CB-B578-D622FE7E74B5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{5AE4B6AD-05D3-4C9A-870D-66D945EEA8E6}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "TCP Query User{63C11F43-F545-4F62-A0CB-86B6FF6B5E23}C:\users\arian\stronghold\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\arian\stronghold\stronghold crusader.exe | "TCP Query User{668A0ED0-CF47-4513-BA25-0DFA806E35F7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{69942273-68CF-4E72-BC2C-810EF19B5313}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{6A1A9746-5F27-4116-9A83-FEC36F834C8D}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | "TCP Query User{6A7CE717-A242-402D-9789-5F9A2FF0E534}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | "TCP Query User{6D7382D7-560D-4B6E-837C-1602438F16B1}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | "TCP Query User{6F2E7F77-B9FB-47AB-A85B-63465F97D5F8}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | "TCP Query User{704AABC4-6D0F-4A77-A9D6-F462A88B95FB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{716219F3-FE4E-406A-BF90-26AF7BF65F65}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | "TCP Query User{734F1E92-2A06-4657-84E3-9D2B6EAA1D02}C:\users\arian\desktop\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\soldat\soldat.exe | "TCP Query User{73902273-9B85-4039-83EB-5E36E3FF9190}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{75C4F7F8-EC65-4D50-9B11-F0E712CF8B20}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "TCP Query User{84AC6EA1-5EBD-4562-B04F-D3585E541199}C:\program files\adac\accf2008_1\adac_browser.exe" = protocol=6 | dir=in | app=c:\program files\adac\accf2008_1\adac_browser.exe | "TCP Query User{8CA04C31-02D7-4956-A6F4-9F683CCC10ED}C:\westwood\ar2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ar2\gamemd.exe | "TCP Query User{8D86CCF2-D579-4FA7-BA76-02178D2F3FE5}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | "TCP Query User{90483ED8-BFBD-4BBB-BA16-C4F8D040C93A}J:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=j:\spiele\soldat\soldat.exe | "TCP Query User{99F567FB-9DFA-4ECA-B646-44BB75C9EC1E}C:\users\arian\desktop\dvd\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\soldat\soldat.exe | "TCP Query User{9D92CEDD-C003-4BB7-AF74-FBAD922BB495}C:\users\arian\desktop\dvd\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\flatout\flatout.exe | "TCP Query User{9E5F2389-3249-430D-8FA9-1621718C5498}C:\program files\lowratevoip\lowratevoip.exe" = protocol=6 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | "TCP Query User{A46F0E3C-5EFD-47DE-9F80-D45C80C0E47C}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "TCP Query User{A6921ED4-C45C-43E3-A0A4-307931B51B74}C:\users\arian\appdata\local\temp\rarsfx0\wwp.exe" = protocol=6 | dir=in | app=c:\users\arian\appdata\local\temp\rarsfx0\wwp.exe | "TCP Query User{A71916ED-297C-48E5-B1B7-88993BDF2EDF}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe | "TCP Query User{B23749B6-AAB2-45C5-96C4-2EB7B48841EA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{BBEC21EA-48CE-43A6-9233-71EF3FB4746D}C:\users\arian\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\age of empires ii\empires2.exe | "TCP Query User{BC83967B-398D-42C0-A258-1EBE9DB90431}I:\gedöhns\flatout\flatout.exe" = protocol=6 | dir=in | app=i:\gedöhns\flatout\flatout.exe | "TCP Query User{BE3AA8E4-47D9-41C0-BA56-34EBDD401AFD}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{BEEA3E62-A12E-41C7-9C1F-DB6F61636CB3}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "TCP Query User{C0EED9DA-80C5-4E2B-B775-DCD33ED1A6CE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "TCP Query User{C14C1D09-6051-4C2F-B27F-A01A42B97C01}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{C5CF81DA-22C5-4D1E-B92F-829E011407AA}C:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe | "TCP Query User{C85A5620-CE07-468C-8436-558A91C77C30}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{CC95269B-7CE3-43BE-AA52-116376B6CFA7}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | "TCP Query User{CD031F30-55EE-4689-944A-7EA7BC1E6857}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{CD57761A-2295-4362-A1F1-137D336C8638}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{CD6CCEFB-4C63-47A3-A1B8-B9E9743D9B65}C:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe | "TCP Query User{CE2ED6D6-FF79-4631-98EF-C4BF47E9F596}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D0E9315A-575B-4574-94E1-B83BFF4A97F4}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe | "TCP Query User{D18AE4D5-2845-4440-9772-8D816477147A}C:\bluebyte\siedler3\s3.exe" = protocol=6 | dir=in | app=c:\bluebyte\siedler3\s3.exe | "TCP Query User{D3EBAD0D-9DC0-4F82-8612-1C3C47D9DB10}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{DD7A9CBB-99DD-47F9-AA46-288BFFA7259F}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "TCP Query User{DD93E360-10D4-4AE1-8530-B37090B36FAF}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{E24CA77A-70CB-468F-B390-672F5E895BF2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{E443FA98-DF61-488B-B7F9-5C3A828D66F2}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "TCP Query User{F0E91746-7AC0-4933-B414-169F29576BCE}C:\users\arian\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\users\arian\soldat\soldat.exe | "TCP Query User{F726E091-6E6C-4377-ACB8-5359C216E94C}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | "TCP Query User{F8C24041-C40F-41C6-AB3B-A767B90F2945}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | "UDP Query User{042D5AF2-0257-4325-8EB3-EA6D54F73E92}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "UDP Query User{06559BB2-0592-4FDB-B500-791509BBD3E2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{0B1F1E02-463E-4300-B1AB-891A60B4E3CA}J:\spiele\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=j:\spiele\age of empires ii\empires2.exe | "UDP Query User{0BEE9CD1-110B-4192-AAFF-48211D6F2907}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | "UDP Query User{0C22C145-8C44-4875-A7F9-18DAE8EF5D82}C:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe" = protocol=17 | dir=in | app=c:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe | "UDP Query User{0E015D25-B2FB-4CDB-B353-19DC751E4844}C:\users\arian\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\users\arian\soldat\soldat.exe | "UDP Query User{1566EE6C-010A-438F-A3B9-DC5930A51272}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{17F5B8C9-07AC-4A4A-87B5-004A6548F95D}C:\users\arian\appdata\local\temp\rarsfx0\wwp.exe" = protocol=17 | dir=in | app=c:\users\arian\appdata\local\temp\rarsfx0\wwp.exe | "UDP Query User{185E5CCC-B18E-4C45-8B61-0E61A81D50A3}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | "UDP Query User{20B9A5DC-250A-49A6-B13E-BEBC41D6DB72}C:\program files\adac\accf2008_1\adac_browser.exe" = protocol=17 | dir=in | app=c:\program files\adac\accf2008_1\adac_browser.exe | "UDP Query User{20D3CAE9-BB50-4721-92AB-9E6DBBDF7BCF}I:\gedöhns\flatout\flatout.exe" = protocol=17 | dir=in | app=i:\gedöhns\flatout\flatout.exe | "UDP Query User{250935A6-7862-4401-BDA8-A7B152D5F17A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{297C18CB-555B-4CF0-9BF8-38B75A72016D}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | "UDP Query User{299C19F3-0ECA-46B7-9E4C-C89EC7DE55F2}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "UDP Query User{2AC3A7F5-AE81-4B7A-A582-0F06EEC52EF2}C:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe | "UDP Query User{2DE2400D-5AD4-483A-BE3B-7F69B037799B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{3527D317-6136-4554-91CA-E38F7DF706C4}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | "UDP Query User{357D63FF-7AE7-4E0C-9CC9-F07F2157BA55}C:\program files\langenscheidt t1 7_0\aborttranslation.exe" = protocol=17 | dir=in | app=c:\program files\langenscheidt t1 7_0\aborttranslation.exe | "UDP Query User{35A4E9F9-8B76-4277-81F3-DE5A023DB98A}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | "UDP Query User{36A43996-ED1A-4373-8D1A-7F67F57B1224}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | "UDP Query User{39BBEB38-D1C1-49ED-8BA9-7A6BA02FC2E5}C:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe | "UDP Query User{39CC69D7-7FA1-43C6-BE06-09F8F178519F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{3A5EE414-12F8-4602-A439-60CA26F71CAB}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | "UDP Query User{3EFF0E46-0DB3-4992-8171-39BDF40C4554}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{4121EAFB-ED15-4BE6-B80E-003AD41A673B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{41AB180B-5973-4961-A6A1-DA2FFC4F960D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{48151368-A4DA-4DF6-9A9F-0BA990F24602}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{4A18A766-B259-4793-8C2E-166A2E87D800}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4E58AAB5-813B-4A1B-8AB5-B31453935D8F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{5C6521DC-2854-43A3-ADFF-F6D0E0EB06D7}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | "UDP Query User{682A58DA-5D5D-4E0F-A89A-48079A821785}C:\users\arian\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\age of empires ii\empires2.exe | "UDP Query User{689C4798-0043-4D6F-8964-682B494A4132}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{6A4D68B2-0B06-4A8E-A76C-04E27F7ABB1B}C:\program files\lowratevoip\lowratevoip.exe" = protocol=17 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | "UDP Query User{6A88FC7F-58FD-400A-AE47-ACB23D620A06}C:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe | "UDP Query User{6B2E8521-1B32-4681-8F49-CE354FA98AE1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{75275D05-C34A-4FB9-B69B-3DCB5D0FE186}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7EC523E7-57E5-4996-B55D-F89B5B6152F8}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | "UDP Query User{83DC567A-2390-4779-8068-51C6FCE66F02}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{88804C8B-7BBE-49FC-AFD4-3DA5898B0F6F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{8BCB0D9B-0299-47C6-9A14-5507637D0E80}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{9101CE38-72F2-4E86-BB80-83B43FA6F51B}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | "UDP Query User{94F52F6B-E72C-4BAF-AE66-805C403AFA28}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | "UDP Query User{968D18E6-D78C-476C-B14C-233A067C0362}C:\users\arian\desktop\dvd\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\soldat\soldat.exe | "UDP Query User{9E8B6A95-F584-4855-B8E4-34194BF9BD35}C:\users\arian\stronghold\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\arian\stronghold\stronghold crusader.exe | "UDP Query User{A1240E19-BD6A-456B-8903-094FA3E17C25}C:\users\arian\desktop\dvd\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\flatout\flatout.exe | "UDP Query User{A1B68938-13FF-4443-AF8B-D4253138037B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A4856D1E-6983-40A0-A4AC-89411FB0D738}C:\bluebyte\siedler3\s3.exe" = protocol=17 | dir=in | app=c:\bluebyte\siedler3\s3.exe | "UDP Query User{A7F9A935-C31A-4716-A4DE-54B7B0AFB5D0}J:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=j:\spiele\soldat\soldat.exe | "UDP Query User{AD228DBF-82F3-48D1-8793-04EC7C4FE284}C:\westwood\ar2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ar2\gamemd.exe | "UDP Query User{AD89952D-3211-4281-9053-D1B5A1F6FE5C}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | "UDP Query User{AF5AA539-295D-4966-8BFC-8EE87AA24104}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | "UDP Query User{B0B722E5-0272-44F4-93DA-5517564CC870}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | "UDP Query User{B60C3133-36F4-45C9-A6EF-86F3233713A6}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | "UDP Query User{B722E867-629C-42BA-946E-271A296F483B}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{B9661A1B-1536-42BD-9321-2D0A0D18944E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{BA7CF065-D313-450A-BAC6-5BFD116B120F}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "UDP Query User{BD36C37C-88A0-43A8-BABA-5BE19E379C85}C:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe" = protocol=17 | dir=in | app=c:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe | "UDP Query User{BE755B45-B3F9-4F0F-84A8-9AFED3BCC27A}C:\users\arian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\arian\program files\dna\btdna.exe | "UDP Query User{BF12580F-0931-477E-8EE1-203CDC24D177}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{C29F36E3-680B-4A29-B986-46276014154A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{CB9B1820-0F85-4009-B12C-54ECA68E402F}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe | "UDP Query User{D77BA0B7-01A9-4A55-8578-3983D13CCC10}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | "UDP Query User{D84E6408-9F45-43B4-854C-A8412A75478A}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe | "UDP Query User{DE5B24BE-C358-4060-973F-BB8EA700D078}C:\program files\anno 1602 königs-edition\1602.exe" = protocol=17 | dir=in | app=c:\program files\anno 1602 königs-edition\1602.exe | "UDP Query User{DFCC2991-B6F7-4FCC-A9C7-4CB28F2D6EF4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{E3A2BCC9-9723-4DE1-AADB-4823A0CA5E6A}C:\westwood\ar2\game.exe" = protocol=17 | dir=in | app=c:\westwood\ar2\game.exe | "UDP Query User{E41111DE-94EA-4D42-B91F-8CE7201C3B24}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{EA375A9A-5176-451A-8D6F-4E0AF5DE2ED6}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | "UDP Query User{ECEE502A-A8CF-4A3B-91E3-DBA14E1FD16A}C:\users\arian\desktop\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\soldat\soldat.exe | "UDP Query User{EED2EFFC-82D3-48F2-B460-FCDE7CBE8A96}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{F2F6BDDD-9586-4101-AD0C-0395CD1A8415}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F56FC22B-8C39-4AC1-B6F1-FFE5BA20B20C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{F5757CB9-6BAE-4F0E-851C-5ABC3833B618}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | "UDP Query User{FA2DAADC-32C6-4024-89A1-83E6C5EA102B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{FAF1E669-B799-43D9-9CEB-B0BE45F6958D}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | "UDP Query User{FD0EB518-A3FC-4FC1-ABBF-B934CA60A1DE}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{FF6B6E86-CB0E-4322-B5C9-5835FF8634AC}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21 "{27E3BC84-8151-4F76-9D53-A810394CADAC}" = hpg3010 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5CFA9674-2EF7-464A-A0BE-E8208263C0BF}" = Hammerexamen 0411 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D40CBCF-8437-4CBD-88DF-A25927539486}" = Camtasia Studio 8 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96F0EF0A-5852-470D-94AD-6F39DD51C3D4}" = NI LabWindows/CVI 7.1 Run Time Engine "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C012BF9F-79EA-4601-9778-BFE9B3CE83A1}" = hpg3010QFolder "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis*True*Image*WD*Edition "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE10CFE5-FA4B-4D01-B587-7EBB77505C7E}" = 3M Littmann Introduction to Heart Sounds "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{E2A59F15-F731-4062-9BB7-3C99D8F15756}" = HP Scanjet G3010 "{E5967BD4-7519-47B9-AEB8-48EE4782FD2A}" = Tacx Trainer software "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.29 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0CFDC72-63D2-4086-A54F-1514494394A0}" = Hercules DualPix HD Webcam "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15 "Avira AntiVir Desktop" = Avira Free Antivirus "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8 "CCleaner" = CCleaner "CloneDVD2" = CloneDVD2 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch "ENTERPRISE" = Microsoft Office Enterprise 2007 "ffdshow_is1" = ffdshow [rev 610] [2006-12-01] "FLV Player" = FLV Player 2.0 (build 25) "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0 "FTDICOMM" = FTDI USB Serial Converter Drivers "Google Updater" = Google Updater "Hactronic_is1" = Hactronic 2.02 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "ImgBurn" = ImgBurn "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "LowRateVoip_is1" = LowRateVoip "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Mendeley Desktop" = Mendeley Desktop "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) "Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nike+ Connect" = Nike+ Connect "NVIDIA Drivers" = NVIDIA Drivers "RocketDock_is1" = RocketDock 1.3.5 "SopCast" = SopCast 3.4.7 "Steam App 34000" = Football Manager 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tacx Trainer software" = Tacx Trainer software "TomTom HOME" = TomTom HOME "Totalcmd" = Total Commander (Remove or Repair) "Veetle TV" = Veetle TV "VLC media player" = VLC media player 2.0.2 "Walter de Gruyter Pschyrembel" = Walter de Gruyter - Pschyrembel "WinRAR archiver" = WinRAR Archivierer ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Dropbox" = Dropbox "GoToMeeting" = GoToMeeting "Sansa Updater" = Sansa Updater "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.10.2012 06:01:47 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5263302 Error - 26.10.2012 06:01:47 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5263302 Error - 26.10.2012 06:01:48 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 26.10.2012 06:01:48 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5264379 Error - 26.10.2012 06:01:48 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5264379 Error - 26.10.2012 06:01:49 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 26.10.2012 06:01:49 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5265471 Error - 26.10.2012 06:01:49 | Computer Name = VW | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5265471 Error - 26.10.2012 08:36:38 | Computer Name = VW | Source = VSS | ID = 8194 Description = Error - 26.10.2012 09:51:39 | Computer Name = VW | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 12.0.6662.5003 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: eb4 Anfangszeit: 01cdb380c747b8b2 Zeitpunkt der Beendigung: 179 [ Media Center Events ] Error - 17.04.2008 13:20:50 | Computer Name = w | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 11.02.2012 03:45:37 | Computer Name = VW | Source = Recording | ID = 19 Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 02/11/2012 08:45:36 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen. [ OSession Events ] Error - 30.05.2008 13:25:34 | Computer Name = w | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. Error - 14.07.2009 12:40:53 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 69 seconds with 60 seconds of active time. This session ended with a crash. Error - 21.09.2009 06:04:26 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 146 seconds with 60 seconds of active time. This session ended with a crash. Error - 01.12.2009 09:09:43 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.01.2010 04:17:05 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 27.05.2010 05:57:06 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1186 seconds with 0 seconds of active time. This session ended with a crash. Error - 07.09.2010 14:07:56 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 296 seconds with 60 seconds of active time. This session ended with a crash. Error - 04.07.2011 04:34:06 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 590 seconds with 0 seconds of active time. This session ended with a crash. Error - 27.07.2011 15:40:28 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 90 seconds with 0 seconds of active time. This session ended with a crash. Error - 27.12.2011 06:26:41 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.10.2012 08:48:58 | Computer Name = VW | Source = Service Control Manager | ID = 7009 Description = Error - 26.10.2012 08:49:00 | Computer Name = VW | Source = Service Control Manager | ID = 7000 Description = Error - 26.10.2012 08:49:32 | Computer Name = VW | Source = DCOM | ID = 10005 Description = Error - 26.10.2012 08:49:47 | Computer Name = VW | Source = Service Control Manager | ID = 7009 Description = Error - 26.10.2012 08:52:19 | Computer Name = VW | Source = Service Control Manager | ID = 7009 Description = Error - 26.10.2012 11:01:52 | Computer Name = VW | Source = DCOM | ID = 10000 Description = Error - 26.10.2012 11:02:14 | Computer Name = VW | Source = Service Control Manager | ID = 7000 Description = Error - 26.10.2012 11:02:14 | Computer Name = VW | Source = Service Control Manager | ID = 7026 Description = Error - 26.10.2012 11:05:12 | Computer Name = VW | Source = Service Control Manager | ID = 7009 Description = Error - 26.10.2012 11:07:20 | Computer Name = VW | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease für die Netzwerkkarte mit der Netzwerkadresse 0019D2BC5471 wurde durch den DHCP-Server abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > |
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | ![]() GVU Trojaner 2.07 auf Windows Vista Hallo Cosinus, nochmals danke, dass du dir so viel Mühe gibst. Hab den Scan mit Malwarebytes gemacht und hänge das Logfile an. Der Scan mit ESET dauert aktuell noch an, weist aber schon 7 Funde auf, wohingegen bei Malwarebytes nix angezeigt wurde. Sobald der Scan abgeschlossen ist poste ich auch das Logfile vom ESET Online scanner! Code:
ATTFilter Malwarebytes Anti-Malware (Test) www.malwarebytes.org Datenbank Version: v2012.10.27.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Arian :: VW [Administrator] Schutz: Aktiviert 27.10.2012 09:42:08 mbam-log-2012-10-27 (09-42-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 241753 Laufzeit: 11 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=12 esets_scanner_update returned -1 esets_gle=12 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 |
acedrv05.sys, angehängt, anleitung, board, eingefangen, files, gefangen, gen, gvu trojaner, gvu trojaner 2.07, leitung, log, log files, plug-in, recycle.bin, remote control, spotify web helper, troja, trojaner, trojaner board, trojaner eingefangen, vista, windows, windows vista |