| |
| |||||||
Log-Analyse und Auswertung: fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2013, 22:00
| #1 |
 |  fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? Mein Problem ist folgendes: Ich hatte einen Remote Access Trojaner auf dem Rechner und bin so vorgegangen: 1. Combofix laufen lassen - hat in den temporären Dateien eine server.exe gelöscht. 2. Malwarebytes laufen lassen - nichts gefunden 3. Eset Nod32 und Avast laufen lassen - nichts gefunden 4. Mit GMER beim Neustart geprüft - beim ersten Scan fand er den Prozess svchost.exe zweimal als Rootkit/Malware. Also hab ich den Prozess gesucht und in den Threads waren dann zwei Fragezeichen untereinander. Die ntdll.dll wird recht häufig angezeigt? 5. Beim zweiten Scan fand er svchost.exe nicht mehr. Nach einem Neustart sind sie aber wieder da. 6. Habe einen Log mit GMER erstellt 7. Mit MBAR gescannt aber nichts gefunden 8. Wenn ich das Programm Autoruns ausführe findet er in den Treibern immer fxldqkow.sys, diese war auch in den temporären Dateien gespeichert, wurde aber gelöscht. Wenn ich es aus den Autostarts rausnehme und neustarte, ist es wieder aktiviert. 9. Habe einen HijackThis-Log erstellt 10. Brauche bitte eure Hilfe, da ihr euch auskennt  Die Logfiles hab ich als ZIP-Archiv angehängt Bilder von GMER und Autoruns:    Geändert von dr_ckshacker (15.02.2013 um 22:06 Uhr) |
|
16.02.2013, 01:33
| #2 |
| /// Malware-holic   |  fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? hi
__________________alle Logs sind nicht hier, was ist zb mit Combofix? die logdatei mit Funden fehlt. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
16.02.2013, 03:09
| #3 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 2/16/2013 2:25:11 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 84.55% Memory free 8.00 Gb Paging File | 7.47 Gb Available in Paging File | 93.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298.08 Gb Total Space | 92.78 Gb Free Space | 31.13% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 41.35 Gb Free Space | 4.44% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 26.54 Gb Free Space | 11.39% Space Free | Partition Type: NTFS Drive F: | 232.88 Gb Total Space | 85.65 Gb Free Space | 36.78% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/16 01:52:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/10/30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2011/04/07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:64bit: - [2010/09/07 21:34:29 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2013/02/08 02:15:19 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/01/24 12:52:00 | 002,074,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/01/02 22:37:28 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/09/07 21:34:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/08/18 00:00:56 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/08/17 16:25:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service) SRV - [2010/08/17 16:25:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/19 16:52:44 | 000,166,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2008/03/19 16:52:38 | 000,051,816 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2006/06/05 13:32:34 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SecurWall\SWService.exe -- (SWService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter) DRV:64bit: - [2013/02/13 16:05:03 | 000,045,368 | ---- | M] (Zemana Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/10/30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/10/30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012/10/30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/10/26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/10/03 17:28:52 | 000,030,720 | ---- | M] (Panda Security, S.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prot6flt.sys -- (Prot6Flt) DRV:64bit: - [2012/09/21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/04/23 12:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/03/14 07:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/17 00:07:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011/02/17 00:07:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2010/07/01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/04/27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/04/27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010/04/27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV:64bit: - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio) DRV:64bit: - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT) DRV:64bit: - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV:64bit: - [2006/11/08 08:59:36 | 000,602,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PA707UCM.SYS -- (PAC7311) DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/10 16:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2007/06/24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007/06/24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007/06/24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007/03/05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT) DRV - [2007/03/05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007/03/05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007/03/05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007/03/05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lobi-n-ger.bei-uns.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 C9 48 82 1B 59 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matthias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/10/03 21:13:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/14 15:36:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/10/03 21:13:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthias\AppData\Roaming\IDM\idmmzcc5 [2012/08/23 21:48:59 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Wajam (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Matthias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Adblock Plus = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: DoNotTrackMe = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\ CHR - Extension: AdBlock = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\ CHR - Extension: avast! WebRep = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Social Fixer for Facebook = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\7.501_0\ CHR - Extension: Forecastfox = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\ CHR - Extension: Wajam = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: Hover Zoom = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.11_0\ O1 HOSTS File: ([2013/02/11 01:20:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab (Creative Software AutoUpdate Support Package 1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45CED122-BDD9-49F5-A14F-68721DB39CBF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE472497-C90C-4D55-B013-530656FD91CC}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\AutorunsDisabled - No CLSID value found O18:64bit: - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/17 23:20:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/16 01:52:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2013/02/14 15:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2013/02/14 15:40:07 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/02/14 15:40:06 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/02/14 15:39:35 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2013/02/14 15:37:50 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2013/02/14 15:37:48 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/02/14 15:37:46 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/02/14 15:37:43 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2013/02/14 15:37:38 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/02/14 15:37:35 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/02/14 15:36:23 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys [2013/02/14 15:35:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/02/14 15:35:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013/02/14 15:03:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/14 14:55:46 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/14 13:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender [2013/02/13 16:05:03 | 000,045,368 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys [2013/02/13 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Zemana [2013/02/13 16:04:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529} [2013/02/13 16:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger [2013/02/13 16:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger [2013/02/13 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware [2013/02/13 15:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Zemana AntiMalware [2013/02/13 02:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2013/02/13 02:39:33 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Comodo [2013/02/13 02:39:26 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll [2013/02/13 02:39:26 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll [2013/02/13 02:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo [2013/02/12 02:25:47 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013/02/12 02:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013/02/12 01:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013/02/11 04:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/11 04:06:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Programs [2013/02/11 03:48:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes [2013/02/11 03:48:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/11 03:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/11 03:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/11 03:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/11 03:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/02/11 03:08:46 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/02/11 03:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/02/11 03:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/02/11 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/11 00:37:55 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Removal [2013/02/10 22:09:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Vitalwerks [2013/02/10 22:09:28 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC [2013/02/10 22:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/16 02:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/16 02:14:38 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2013/02/16 02:13:45 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/02/16 02:13:45 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/02/16 02:13:45 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx [2013/02/16 02:02:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/16 02:02:40 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/16 01:59:19 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/16 01:52:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2013/02/16 01:35:29 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001UA.job [2013/02/16 01:35:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140220441-261415344-3903074190-1001Core.job [2013/02/16 01:19:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/16 01:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/15 21:57:30 | 000,032,995 | ---- | M] () -- C:\Users\Matthias\Desktop\Logdateien.zip [2013/02/15 21:35:08 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013/02/15 18:10:53 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/15 18:10:53 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/15 18:10:53 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/15 02:43:31 | 000,085,504 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/14 15:37:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/02/14 15:10:57 | 007,706,908 | ---- | M] () -- C:\Users\Matthias\Documents\AutoRuns.arn [2013/02/13 16:33:44 | 003,065,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 16:05:03 | 000,045,368 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys [2013/02/13 05:29:08 | 647,040,826 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/02/13 02:39:26 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll [2013/02/13 02:39:26 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll [2013/02/12 03:14:32 | 000,000,017 | ---- | M] () -- C:\Users\Matthias\AppData\Local\resmon.resmoncfg [2013/02/12 02:13:52 | 003,319,110 | ---- | M] () -- C:\Users\Matthias\Documents\bookmarks_2_12_13.html [2013/02/11 03:11:07 | 000,002,279 | ---- | M] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/02/11 01:20:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/01/26 22:32:50 | 002,370,461 | ---- | M] () -- C:\Users\Matthias\Desktop\Der_Wille_zur_Kraft.pdf [2013/01/22 01:30:04 | 000,020,874 | ---- | M] () -- C:\Users\Matthias\Desktop\Kai Greene.xspf [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/15 21:57:30 | 000,032,995 | ---- | C] () -- C:\Users\Matthias\Desktop\Logdateien.zip [2013/02/14 15:40:09 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013/02/12 03:14:32 | 000,000,017 | ---- | C] () -- C:\Users\Matthias\AppData\Local\resmon.resmoncfg [2013/02/12 02:13:51 | 003,319,110 | ---- | C] () -- C:\Users\Matthias\Documents\bookmarks_2_12_13.html [2013/02/11 14:00:03 | 007,706,908 | ---- | C] () -- C:\Users\Matthias\Documents\AutoRuns.arn [2013/02/11 04:17:45 | 647,040,826 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/02/11 03:10:36 | 000,002,279 | ---- | C] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/02/11 03:09:02 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/11 03:09:00 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/11 03:08:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013/01/26 23:24:38 | 002,370,461 | ---- | C] () -- C:\Users\Matthias\Desktop\Der_Wille_zur_Kraft.pdf [2013/01/26 22:46:54 | 004,119,594 | ---- | C] () -- C:\Users\Matthias\Desktop\Chris_Aceto_-_Championship_Bodybuilding.pdf [2013/01/22 01:30:04 | 000,020,874 | ---- | C] () -- C:\Users\Matthias\Desktop\Kai Greene.xspf [2013/01/20 02:17:12 | 000,050,844 | ---- | C] () -- C:\Users\Matthias\Documents\dolan pls6 dost thou even hoist.jpg [2013/01/20 02:17:12 | 000,040,533 | ---- | C] () -- C:\Users\Matthias\Documents\Okay dolan.png [2013/01/20 02:17:12 | 000,035,609 | ---- | C] () -- C:\Users\Matthias\Documents\why so serious dolan.jpg [2013/01/20 02:17:12 | 000,024,920 | ---- | C] () -- C:\Users\Matthias\Documents\dolan pls come at me bro.jpg [2013/01/20 02:17:12 | 000,014,476 | ---- | C] () -- C:\Users\Matthias\Documents\scumbag dolan.png [2011/05/09 20:34:54 | 000,000,218 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel [2011/04/13 20:26:31 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011/02/25 22:25:36 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011/02/25 22:25:34 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011/02/25 22:25:34 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/02/17 01:34:29 | 000,011,125 | ---- | C] () -- C:\Users\Matthias\gsview64.ini [2011/02/17 01:26:46 | 000,001,515 | ---- | C] () -- C:\Users\Matthias\gsview32.ini [2010/11/12 00:32:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/08/18 18:43:04 | 000,085,504 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/22 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\.visualvm [2010/08/20 23:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ableton [2012/12/28 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon [2011/10/04 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft [2013/01/09 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avnex [2010/09/11 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Bump Technologies, Inc [2010/10/14 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Deckadance [2013/02/16 02:13:29 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DMCache [2010/10/14 19:23:06 | 000,000,000 | -H-D | M] -- C:\Users\Matthias\AppData\Roaming\FDBTemp [2010/08/17 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FlashFXP [2013/02/14 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2013/02/10 01:20:28 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IDM [2012/12/26 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\iPumper [2010/09/28 14:17:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010/10/14 18:08:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\phonostar GmbH [2011/01/04 23:35:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\RouterControl [2012/12/28 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung [2010/08/17 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Shark007 [2010/11/12 02:48:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TrojanHunter [2012/10/02 22:44:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay [2013/01/06 00:06:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ts3overlay_hook_win64 ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/16/2013 2:25:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 3.38 Gb Available Physical Memory | 84.55% Memory free
8.00 Gb Paging File | 7.47 Gb Available in Paging File | 93.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 92.78 Gb Free Space | 31.13% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 41.35 Gb Free Space | 4.44% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 26.54 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 85.65 Gb Free Space | 36.78% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C01ED9D-A8F8-4A7F-B240-927C76423FC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{308B1E42-0A9C-4603-9AEE-BB241B9332E0}" = lport=139 | protocol=6 | dir=in | app=system |
"{3214967B-8806-4BF9-A88E-173C2CFDF8BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3A5F6588-08B5-4991-A205-B0F61584A1B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{444B7ADA-FF8A-4AFC-842C-401FD622CC98}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{44929747-5538-4888-80A8-DF1BF0159F00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4BE64E88-10D7-421B-82B0-EB85125FA824}" = lport=137 | protocol=17 | dir=in | app=system |
"{4C40BEA4-56EF-4AF7-85B4-A4D85E6B3E78}" = rport=139 | protocol=6 | dir=out | app=system |
"{614B3614-EAA2-4F27-9677-F30B90C1387F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{62CF851F-F915-430D-AA2C-4539481D5E99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76DA96BB-2751-416C-B8C9-EB0F42C6AC03}" = rport=138 | protocol=17 | dir=out | app=system |
"{79CCDD93-3FE1-471D-8F40-70A7BCA907D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F1CBD4-1179-4AA6-95FF-AD128534C594}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B438F17-C432-4B87-AADB-FDAB28F48507}" = lport=445 | protocol=6 | dir=in | app=system |
"{8007C5C1-D167-4DCD-B008-83F0CF73D61E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83649496-3C0C-4FAA-82C0-28911153DB35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83C94C05-42B8-417A-BD54-7231939AAD4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8D557B80-99AD-4CF7-A9F3-DA065DA8D8B1}" = rport=445 | protocol=6 | dir=out | app=system |
"{925A3220-CB78-40D6-A882-19EF3DB7DFF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{955E1871-7A3E-47E1-8A51-6DBC6430B055}" = lport=138 | protocol=17 | dir=in | app=system |
"{B86CDE5A-CC7A-43B8-B3F8-BD2008206BBD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA72AD2E-BD62-4AB0-8F2E-4D96F3FDB37C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2DEDFE1-337A-4191-A21D-0FABB9A90003}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D58D25C4-77E9-4327-8986-E2E768D4F9A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5CF0BF5-06EF-494F-9732-8E99DA5F4F39}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFBFE8F2-33DF-41C0-8482-E52076189011}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF114374-EE27-4450-8E72-CAB0E7B79C3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00489E2B-E747-4949-ADAC-C32041FFAE89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{00E495B2-E345-4A41-BE29-9288C300E3CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{02F2C00C-01FD-42B4-9B42-01EF3B2F7602}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{0539F33F-7C16-4D59-B813-E3964D44BF33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0933007F-6E19-4FA4-B54E-326136F543E3}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{0C999DF0-AD07-4026-BFD2-CAF1F44D00CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0DFE99DA-C425-4111-9A93-6EA53736F5C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1C2DAB61-2DA9-4F2F-8B48-013FA5BB046C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{21F2790D-799B-4602-ABAA-A623E4205BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{2883C7DF-B342-4A1B-AFEA-671974DEFD9F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F104665-2E4B-4086-895A-511F4CC8CEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{31D1E290-4EB2-4EE0-927A-2725222861C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33DF270C-7BF5-416D-9154-41AD6B553538}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{346FFD43-91CB-4357-90E7-88F13501101E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{376B44FB-8CF1-4A61-9E6A-3DB9AD1ED828}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3EDE8534-B31F-4E62-8339-E59A03207AC2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe |
"{3F39ED13-9251-48A9-A221-2782C8E48ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4667A036-245E-42E1-B18A-0E5198DC9C58}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{495896D0-B71A-4CEF-A361-F30403402F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C727BEC-42BA-497C-9280-0B06D6F5DDC1}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{502C1DE8-4716-4F49-8D72-DD668180FD09}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{53A99386-FE2C-4BA9-9BD8-4D59486A46F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{591D31F6-280A-4E83-8D66-9F51029B3693}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{5BE35FE3-9D3D-4954-822D-12E45D1981A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{5C23F47C-0AE6-4046-8282-7C188568A126}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{61679743-203D-44A5-83DB-5858484F34B1}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{6196174B-523B-4117-AEF3-D47BDF4341A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6BC9D432-87C7-4C0E-95AA-05D49DCCF119}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{6C0A4FA3-37D4-4416-9E14-29A01D93B14C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74BE9CC4-9B59-4184-A6FC-0CA576C739AD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{7531484B-D116-40C2-B656-E283983E4438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7D14D186-907E-4FF6-942B-63DF132DDC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{81A95FCA-160E-4076-A739-607449465BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{84A9BDC5-C4E8-41B7-A305-7B9F5EFEF409}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 client\ts3client_win64.exe |
"{8574BA6B-FB5C-497A-A7F1-F22C7F204417}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{874C16C3-4D28-4186-A91A-E012832EAC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8C63E70A-7CE0-4638-AD88-6FAB48E15F32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{8EDC0D92-9EEC-41FC-8EFC-4634B62D4FF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9819A37A-42EB-49F1-ACA9-16066EC35FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{9867861D-61B0-45FA-A6B0-6ED729EAEE87}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{99E9A571-CF7F-4335-B69B-3EB1843434EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gamer_tm_ger\counter-strike source\hl2.exe |
"{9B521F36-B04D-4718-A349-0C874C852139}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B9A1E5A-3422-4E22-BC2E-BD09A43829E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{9F5F22BB-7A16-472F-B96D-A1EE9CFE6EA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A10AA53B-0A50-4D57-995F-E6E63907EC6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{A8CEF28E-E982-47DD-BBE0-52030E1CB16C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{AAB099D4-72A6-4EF2-BA98-9BA1D67B90F3}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{B19DE333-CD49-4985-BBD7-DA129C27DB59}" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"{B5B41F9B-59BA-47D7-960E-2BFD97E726CB}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{BC0B6B78-E913-4DA0-BBD6-B1E0E1804E3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE2BB99B-4940-43E5-8F32-948F13E3469F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{BF1BEC85-55DF-4BB5-8C79-B629484E62B8}" = dir=in | app=c:\users\matthias\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{C7EE13D4-BF09-4060-9DED-CFA7D538ACA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D735B421-1A04-462B-9157-54E42B507C22}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{DAD3B541-3844-4115-AA59-23ABA3BC22C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DC1E0A32-527E-4CE1-8168-1DD82D12935A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{E11A6793-9D6E-4629-8F3D-FDBDEF01C167}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E89130D6-99E3-4D78-9D64-0DC2F161C624}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EAB52413-1F4C-40BB-8EED-A72C971ADA3F}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{EB49F344-7F3E-4E11-AD12-844160C23BBA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F85A7F83-A8E5-49AC-907C-7F2A31523F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"{F9DD2B10-0B2A-4F9C-B119-6F72A0391678}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{0AD30EB8-3D1F-41F3-A462-3400580561EB}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{14A179D3-2255-40B4-A3BC-5B0C4B17E583}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"TCP Query User{16A052A4-78CD-4F86-8BA3-592D101F9AC6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{4856034E-5293-4A2C-859E-9A05ECFAF688}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"TCP Query User{61D09912-6118-438A-9EA8-B73027A297BF}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{B97E66D0-836F-410B-A324-7502A88AD500}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"TCP Query User{BFF0AEDB-00DA-424F-95DF-353A95FD5127}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"TCP Query User{C435D892-27E9-49CE-ADE1-63FE45C7E02D}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"TCP Query User{C62408C4-B732-42B0-A051-A7F5139AD9CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0CA28F9C-7953-4B48-B338-9A09EE1C26B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{0D7BE103-49EC-48D2-9226-8B58F37C7639}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
"UDP Query User{11CBF97D-C502-424D-A0A7-C848B74C1C14}C:\program files (x86)\teamspeak 3 server\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamspeak 3 server\ts3server_win64.exe |
"UDP Query User{2B11E244-77F0-4BE5-871F-9643351F43D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{42A71C00-08FE-43CA-89F1-199B1A504DA4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4B523CCD-F2EA-4246-8011-ACB130CE7CFD}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"UDP Query User{86D0EF58-F211-4CA7-9C6E-452F7EEA069F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8E949DBC-20B4-446B-93B4-11A0063D6E5F}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"UDP Query User{F9EC08AD-291B-4997-B828-F7EF27BBC0E0}C:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda internet security 2011\apvxdwin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9641237-252F-467E-88FB-5CAB9E42583E}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR archiver
"x64 Components_is1" = x64 Components v2.6.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB5A44CB-3045-43E2-BEB0-B64E477D4633}" = EZXFunkmasters
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED8D44F-CEBB-4298-8D0E-E01AF6AC0663}" = EZXJazz
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"0630-0716-3135-7887" = JDownloader 2
"3DMIDI" = Creative 3DMIDI Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AntiLogger" = AntiLogger
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Internet Security
"Comodo Dragon" = Comodo Dragon
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Deckadance" = Deckadance
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IL Download Manager" = IL Download Manager
"InstallShield_{0082631F-BEA0-4346-8BBC-E9054300E73D}" = PC VGA Camera
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Live 8.1.1" = Live 8.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 730" = Counter-Strike: Global Offensive
"UltraISO_is1" = UltraISO Premium V9.35
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
Error - 2/15/2013 9:07:10 PM | Computer Name = Matthias-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 2/15/2013 9:07:46 PM | Computer Name = Matthias-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 2/15/2013 9:09:40 PM | Computer Name = Matthias-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 13dc Start Time:
01ce0be213ef3fd2 Termination Time: 0 Application Path: C:\Users\Matthias\Desktop\OTL.exe
Report
Id: 880c47de-77d5-11e2-8c49-b7652d46020b
Error - 2/15/2013 9:13:05 PM | Computer Name = Matthias-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 11a8 Start Time:
01ce0be24c77529b Termination Time: 0 Application Path: C:\Users\Matthias\Desktop\OTL.exe
Report
Id: 022a1446-77d6-11e2-8c49-b7652d46020b
[ System Events ]
Error - 2/15/2013 9:15:13 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 2/15/2013 9:15:15 PM | Computer Name = Matthias-PC | Source = DCOM | ID = 10005
Description =
Error - 2/15/2013 9:15:16 PM | Computer Name = Matthias-PC | Source = DCOM | ID = 10005
Description =
Error - 2/15/2013 9:15:16 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 2/15/2013 9:15:17 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 2/15/2013 9:15:21 PM | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
< End of report >
Der Combofix-Log wurde leider gelöscht als ich das Programm deinstalliert hab. Danke für deine schnelle Antwort Geändert von dr_ckshacker (16.02.2013 um 03:26 Uhr) |
|
18.02.2013, 18:00
| #4 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? Hi, [OTLFIX]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 17:40
| #5 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? Hi OTL nochmal laufen lassen und auf FIX drücken oder wie? |
|
19.02.2013, 19:09
| #6 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? hi, sorry Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? |
|
19.02.2013, 20:02
| #7 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? ok, mach ich |
|
19.02.2013, 21:25
| #8 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? hi, lade den CCleaner standard: http://filepony.de/download-ccleaner/ falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 22:31
| #9 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? Addictive Drums 15.02.2013 notwendig Adobe Anchor Service x64 CS4 16.08.2010 unnötig Adobe CMaps x64 CS4 16.08.2010 unnötig Adobe CSI CS4 x64 16.08.2010 unnötig Adobe Drive CS4 x64 16.08.2010 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.02.2013 6,00 MB 11.5.502.149 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.02.2013 6,00 MB 11.5.502.149 unnötig Adobe Fonts All x64 16.08.2010 unnötig Adobe Linguistics CS4 x64 16.08.2010 unnötig Adobe PDF Library Files x64 CS4 16.08.2010 unnötig Adobe Photoshop CS4 Adobe Systems Incorporated 15.02.2013 1.926 MB 11.0 notwendig Adobe Photoshop CS4 (64 Bit) 16.08.2010 notwendig Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 19.10.2012 119,2 MB 9.5.2 notwendig Adobe Type Support x64 CS4 16.08.2010 unnötig Adobe WinSoft Linguistics Plugin x64 16.08.2010 unnötig Advanced Archive Password Recovery ElcomSoft Co. Ltd. 23.11.2012 4.53 notwendig AntiLogger Zemana Ltd. 15.02.2013 notwendig Any Video Converter 3.2.7 Any-Video-Converter.com 03.10.2011 91,5 MB notwendig Apple Application Support Apple Inc. 05.03.2011 51,0 MB 1.5.0 unnötig Apple Software Update Apple Inc. 26.11.2011 2,38 MB 2.1.3.127 unnötig Ashampoo Burning Studio 9.20 ashampoo GmbH & Co. KG 19.08.2010 9.2.0 notwendig ASIO4ALL 15.02.2013 notwendig ASUSUpdate 15.02.2013 notwendig avast! Internet Security AVAST Software 15.02.2013 7.0.1474.0 notwendig Battlefield: Bad Company 2 DICE 15.02.2013 notwendig Bluesoleil2.7.0.35 VoIP Release 080317 IVT Corporation 26.12.2010 13,4 MB 2.7.0.35 VoIP Release 080317 unnötig CBR Reader cbrreader.com 14.01.2012 2,67 MB notwendig CCleaner Piriform 25.11.2010 3.01 notwendig Comodo Dragon COMODO 15.02.2013 70,7 MB 24.2.0.0 unnötig Counter-Strike: Global Offensive 15.02.2013 notwendig Counter-Strike: Source Valve 15.02.2013 notwendig Creative 3DMIDI Player Creative Technology Limited 15.02.2013 1.11 notwendig Creative Audio-Systemsteuerung Creative Technology Limited 15.02.2013 3.00 notwendig Creative Konsole Starter Creative Technology Limited 15.02.2013 notwendig Creative Software AutoUpdate Creative Technology Limited 15.02.2013 1.40 notwendig Creative Sound Blaster Properties x64 Edition Creative Technology Limited 15.02.2013 1.02 notwendig Deckadance Image-Line bvba 15.02.2013 unnötig DivX-Setup DivX, Inc. 15.02.2013 2.1.2.2 unnötig Dolby Digital Live Pack Creative Technology Limited 15.02.2013 3.00 notwendig DTS Connect Pack Creative Technology Limited 15.02.2013 1.00 notwendig ESET NOD32 Antivirus ESET, spol. s r.o. 02.10.2012 71,1 MB 5.2.9.12 notwendig EVEREST Ultimate Edition v5.50 Lavalys, Inc. 24.02.2011 5.50 notwendig EZdrummer Toontrack 24.11.2010 704 MB 1.1.6 notwendig EZXClaustrophobic Toontrack 24.11.2010 1.146 MB 1.0 notwendig EZXCocktail Toontrack 24.11.2010 175,0 MB 1.0 notwendig EZXDfh Toontrack 24.11.2010 620 MB 1.0 notwendig EZXFunkmasters Toontrack 24.11.2010 643 MB 1.0.0 notwendig EZXJazz Toontrack 24.11.2010 621 MB 1.0.0 notwendig EZXNashville Toontrack 24.11.2010 980 MB 1.0 notwendig EZXPercussion Toontrack 24.11.2010 736 MB 1.0 notwendig EZXTwisted Toontrack 24.11.2010 845 MB 1.0 notwendig EZXVintage Toontrack 24.11.2010 720 MB 1.0 notwendig Facebook Video Calling 1.2.0.287 Skype Limited 23.10.2012 4,77 MB 1.2.287 unnötig FL Studio 9 Image-Line 15.02.2013 notwendig Free M4a to MP3 Converter 6.2 ManiacTools.com 24.09.2010 3,92 MB notwendig Google Chrome Google Inc. 10.02.2013 24.0.1312.57 notwendig Guitar Pro 5.2 Arobas Music 15.02.2013 notwendig HiJackThis Trend Micro 11.02.2013 0,36 MB 1.0.0 notwendig IL Download Manager Image-Line 15.02.2013 notwendig Image Line ToxicIII v1.41 VSTi 15.02.2013 notwendig Image-Line PoiZone v2.1 15.02.2013 notwendig Internet Download Manager 15.02.2013 notwendig IrfanView (remove only) Irfan Skiljan 15.02.2013 1,50 MB 4.27 notwendig iTunes Apple Inc. 05.03.2011 144,6 MB 10.2.0.34 notwendig Java 7 Update 13 Oracle 12.02.2013 129,0 MB 7.0.130 notwendig Java 7 Update 7 (64-bit) Oracle 21.12.2012 127,3 MB 7.0.70 unnötig Java SE Development Kit 7 Update 7 (64-bit) Oracle 21.12.2012 188,8 MB 1.7.0.70 unnötig Java(TM) 6 Update 21 (64-bit) Oracle 16.08.2010 90,5 MB 6.0.210 unnötig Java(TM) 6 Update 37 Oracle 10.10.2012 95,7 MB 6.0.370 unnötig JDownloader AppWork UG (haftungsbeschränkt) 15.02.2013 notwendig JDownloader 2 AppWork GmbH 15.02.2013 2 notwendig K-Lite Mega Codec Pack 5.4.4 21.12.2012 5.4.4 unnötig Live 8.1.1 15.02.2013 notwendig Logitech Gaming Software 7.00 Logitech Inc. 16.02.2011 28,5 MB 7.00.291 notwendig Macromedia Flash Player 8 Macromedia 13.10.2010 1,48 MB 8.0.22.0 notwendig Malwarebytes Anti-Malware version 1.70.0.1100 Malwarebytes Corporation 10.02.2013 18,5 MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.11.2010 38,8 MB 4.0.30319 notwendig Microsoft Flight 15.02.2013 unnötig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 16.02.2013 31,3 MB 3.5.92.0 unnötig Microsoft Games for Windows Marketplace Microsoft Corporation 16.02.2013 6,04 MB 3.5.50.0 unnötig Microsoft Office Enterprise 2007 Microsoft Corporation 15.02.2013 12.0.6612.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 20.09.2011 7,95 MB 14.0.5130.5003 notwendig Microsoft Silverlight Microsoft Corporation 08.05.2012 180,0 MB 4.1.10329.0 unnötig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.10.2010 1,70 MB 3.1.0000 unnötig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 08.12.2010 0,25 MB 8.0.50727.4053 unnötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29 MB 8.0.61001 unnötig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 20.08.2010 0,20 MB 9.0.30729.4148 unnötig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 02.05.2011 0,58 MB 9.0.30729.5570 unnötig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 01.10.2012 0,77 MB 9.0.30729 unnötig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 27.12.2012 0,77 MB 9.0.30729.6161 unnötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.08.2010 0,58 MB 9.0.30729 unnötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.02.2013 0,22 MB 9.0.30729.4148 unnötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,59 MB 9.0.30729.6161 unnötig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 16.02.2013 11,0 MB 10.0.30319 unnötig Morphine Image-Line bvba 15.02.2013 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2010 1,28 MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.11.2010 1,33 MB 4.20.9876.0 unbekannt Native Instruments Battery 3 15.02.2013 notwendig Native Instruments Battery 3 Native Instruments 16.12.2011 notwendig Native Instruments Controller Editor 15.02.2013 notwendig Native Instruments Controller Editor Native Instruments 17.12.2011 notwendig Native Instruments FM8 15.02.2013 notwendig Native Instruments FM8 Native Instruments 15.12.2011 notwendig Native Instruments Guitar Rig 5 15.02.2013 notwendig Native Instruments Guitar Rig 5 Native Instruments 17.12.2011 notwendig Native Instruments GuitarRig Mobile IO Driver 15.02.2013 notwendig Native Instruments GuitarRig Mobile IO Driver Native Instruments 14.10.2010 notwendig Native Instruments Kontakt 5 15.02.2013 notwendig Native Instruments Kontakt 5 Native Instruments 08.12.2012 notwendig Native Instruments Massive 15.02.2013 notwendig Native Instruments Massive Native Instruments 08.12.2012 notwendig Native Instruments Rig Kontrol 3 Driver 15.02.2013 notwendig Native Instruments Rig Kontrol 3 Driver Native Instruments 14.10.2010 notwendig Native Instruments Service Center 15.02.2013 notwendig Native Instruments Service Center Native Instruments 08.12.2012 notwendig Native Instruments Session IO Driver 15.02.2013 notwendig Native Instruments Session IO Driver Native Instruments 14.10.2010 notwendig Native Instruments Vokator 15.02.2013 notwendig No-IP DUC Vitalwerks Internet Solutions LLC 15.02.2013 0,18 MB 4.0.1 notwendig Nokia Connectivity Cable Driver Nokia 25.12.2010 3,51 MB 7.0.2.0 unnötig NVIDIA 3D Vision Controller Driver 314.07 NVIDIA Corporation 18.02.2013 314.07 notwendig NVIDIA 3D Vision Driver 314.07 NVIDIA Corporation 18.02.2013 314.07 notwendig NVIDIA Graphics Driver 314.07 NVIDIA Corporation 18.02.2013 314.07 notwendig NVIDIA PhysX System Software 9.12.1031 NVIDIA Corporation 18.02.2013 9.12.1031 notwendig NVIDIA Update 1.12.12 NVIDIA Corporation 18.02.2013 1.12.12 notwendig OpenAL 15.02.2013 notwendig Oracle VM VirtualBox 4.2.4 Oracle Corporation 16.12.2012 127,4 MB 4.2.4 notwendig PC VGA Camera Ihr Firmenname 12.04.2012 1.0.2.7 notwendig PeerBlock 1.1 (r518) PeerBlock, LLC 22.11.2010 3,27 MB 1.1.0.518 notwendig phonostar-Player Version 3.01.2 13.10.2010 unnötig Photoshop Camera Raw_x64 16.08.2010 unbekannt Pianoteq v2.3.0 15.02.2013 notwendig PlanetSide 2 Sony Online Entertainment 15.02.2013 notwendig Portal Valve 15.02.2013 notwendig PunkBuster Services Even Balance, Inc. 15.02.2013 0.988 notwendig QuickTime Apple Inc. 05.03.2011 73,7 MB 7.69.80.9 notwendig RaceRoom Racing Experience 16.02.2013 notwendig Rammfire 15.02.2013 notwendig reFX Nexus VSTi RTAS v2.2.0 13.10.2010 notwendig ReFX PlastiCZ VSTi v1.02 15.02.2013 notwendig reFX quadraSID 1.6.0 14.10.2010 notwendig reFX Vanguard 1.7.2 25.10.2010 notwendig RegAlyzer Safer-Networking Ltd. 15.02.2013 1.6.2.16 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 16.12.2012 35,5 MB 1.3.650.0 notwendig Sawer Image-Line 15.02.2013 notwendig Skype Click to Call Skype Technologies S.A. 08.02.2013 60,6 MB 6.6.11664 unnötig Skype™ 5.8 Skype Technologies S.A. 11.04.2012 19,0 MB 5.8.158 unnötig Snagit 9.1.1 TechSmith Corporation 14.02.2011 62,4 MB 9.1.1.113 notwendig Sound Blaster X-Fi 15.02.2013 1.0 notwendig Spybot - Search & Destroy Safer Networking Limited 15.02.2013 1.6.2 notwendig Superior Drummer Installer Toontrack 25.11.2010 22,3 MB 2.0.1 notwendig Team Fortress 2 Valve 15.02.2013 notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 05.01.2013 3.0.9.2 notwendig Tone2 Gladiator VSTi v2.2 25.10.2010 notwendig Toxic Biohazard Image-Line 15.02.2013 notwendig UltraISO Premium V9.35 16.08.2010 notwendig Unlocker 1.9.1-x64 Cedrick Collomb 03.01.2012 1.9.1 notwendig VLC media player 1.1.2 VideoLAN 15.02.2013 1.1.2 notwendig Waves Mercury Bundle Team AiR 15.02.2013 5.0 notwendig Win7codecs Shark007 16.08.2010 60,2 MB 2.6.1 unnötig Winamp Nullsoft, Inc 15.02.2013 5.572 notwendig Winamp Detector Plug-in Nullsoft, Inc 17.08.2010 0,12 MB 1.0.0.1 unnötig Windows Live Essentials Microsoft Corporation 26.10.2010 15.4.3502.0922 notwendig WinRAR archiver 16.08.2010 notwendig x64 Components v2.6.4 Shark007 16.08.2010 53,5 MB 2.6.4 unnötig Xvid 1.2.2 final uninstall Xvid team (Koepi) 15.02.2013 1.2 unnötig |
|
20.02.2013, 18:07
| #10 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? deinstaliere: Adobe CMaps Adobe CSI Adobe Fonts Adobe Linguistics Adobe PDF Library Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Type Adobe WinSoft Comodo Deckadance DivX avast: behalte entweder avast, oder eset, nicht 2 auf einmal das gibt probleme, teile mir mit, welches weg kommt. HiJackThis : weg damit, wird nicht mehr weiterentwickelt und führt unter neuen Systemen zu fehlerkennungen. Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: K-Lite Nokia phonostar Photoshop Spybot : ist unnötig, nur wenige updates im momat, blockt kaum ernstzunemene Malware, platz und resourcenverschwendung. Win7codecs Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.02.2013, 19:41
| #11 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? also, ich habe jetz alles erledigt, was du mir aufgelistet hast. Von die Anitvirusprogramme habe ich Avast gelöscht und Eset behalten, da ich Eset gekauft hatte. Avast war nur eine Testversion. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Logfile created 02/20/2013 at 19:35:49
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Matthias - MATTHIAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Matthias\Desktop\adwcleaner0.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Matthias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v24.0.1312.57
File : C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2746 octets] - [20/02/2013 19:35:49]
########## EOF - C:\AdwCleaner[S1].txt - [2806 octets] ##########
|
|
20.02.2013, 19:51
| #12 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? Hi, HitmanPro - Download - Filepony lade bitte Hitmanpro. Doppelklick, Lizenz, Testlizenz. Scan, nichts löschen. Weiter, Log als XML exportieren und posten, bzw packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.02.2013, 20:09
| #13 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?Code:
ATTFilter HitmanPro 3.7.2.188
www.hitmanpro.com
Computer name . . . . : MATTHIAS-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Matthias-PC\Matthias
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-02-20 19:58:43
Scan mode . . . . . . : Normal
Scan duration . . . . : 7m 34s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 21
Objects scanned . . . : 2.682.699
Files scanned . . . . : 78.409
Remnants scanned . . : 860.418 files / 1.743.872 keys
Suspicious files ____________________________________________________________
C:\Users\Matthias\AppData\Local\PunkBuster\BC2\pb\dll\wc002261.dll
Size . . . . . . . : 951.318 bytes
Age . . . . . . . : 786.7 days (2010-12-27 04:08:06)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Matthias\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
Size . . . . . . . : 951.318 bytes
Age . . . . . . . : 722.1 days (2011-03-01 16:57:18)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Matthias\AppData\Local\PunkBuster\BC2\pb\pbclold.dll
Size . . . . . . . : 951.318 bytes
Age . . . . . . . : 786.7 days (2010-12-27 03:55:22)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Matthias\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
Size . . . . . . . : 956.558 bytes
Age . . . . . . . : 780.8 days (2011-01-01 23:40:17)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Matthias\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
Size . . . . . . . : 956.558 bytes
Age . . . . . . . : 780.8 days (2011-01-01 23:40:17)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Matthias\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
Size . . . . . . . : 138.160 bytes
Age . . . . . . . : 774.8 days (2011-01-08 01:54:49)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Cookies _____________________________________________________________________
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:oms.122.2o7.net
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
|
|
20.02.2013, 21:26
| #14 |
| /// Malware-holic | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? ok, funde löschen, und testen, welche Probleme noch auftreten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.02.2013, 19:03
| #15 |
| | fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? ok, punkbuster ist ein anticheatsystem für onlinespiele. und die trackingcookies lassen sich nicht löschen |
|
| Themen zu fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ? |
| autoruns, autostart, avast, combofix, dateien, eset, eset nod32, folge, gmer, hijack, log, logfiles, malwarebytes, neustart, nod32, ntdll.dll, problem, programm, prozess, rechner, remote, remote access, scan, server.exe, svchost.exe, treiber, trojaner, trojaner svchost.exe ntdll.dll rat malware |
Linear-Darstellung
