| |
| |||||||
Log-Analyse und Auswertung: Keylogger, WoW - Account gehackt :XWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.12.2009, 00:12
| #1 |
 |  Keylogger, WoW - Account gehackt :X Hallo erstmal! Ich hab heute schon ganz viel gemacht, da ich schon 2 mal! in einer Woche gehackt wurde. Antivir, AVG, Norton Security Scan (Hat was ausgespuckt, aber nur eine IluPak.exe, die ich entfernt hab (Log post ich aber noch). A-squared hat auch nix gefunden. Die Datei, die Norton gefunden hat, war unter: C:\Windows\MRLH\IluPak.exe Hier erstmal der Log von Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3355
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
14.12.2009 00:05:00
mbam-log-2009-12-14 (00-05-00).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|I:\|)
Durchsuchte Objekte: 267837
Laufzeit: 1 hour(s), 48 minute(s), 50 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-12-13 23:16:27
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Anti-Malware 4.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Batch Renamer 2.1.1 (uninstall)-->C:\Program Files\Batch Renamer\remove_batchRenamer.exe
Benutzerhandbuch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /X{D6771E19-1BB6-43B1-811E-ECC5A4613579}
Call of Duty: Modern Warfare 2 - Multiplayer-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10190
Call of Duty: Modern Warfare 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10180
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Glitchys MES-->"C:\Program Files\Glitchy's Model Editing Suite\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
I8kfanGUI V3.1-->"C:\Program Files\I8kfanGUI\uninstall.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Left 4 Dead 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/550
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Livestream Procaster-->MsiExec.exe /I{0E323ECF-FA5B-454A-B79C-508419AC2538}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x7 -cluninstall
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Application Compatibility Database-->C:\Windows\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NCsoft Launcher-->"C:\Program Files\InstallShield Installation Information\{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}\setup.exe" -runfromtemp -l0x0009 -removeonly
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SAMSUNG Android USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\Shrewsbury\SSADUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Download Driver Software-->C:\Windows\system32\Samsung_USB_Drivers\NXP_Driver\SSDUUninstall.exe
SAMSUNG Mobile USB Driver-->MsiExec.exe /I{7184F382-8A6C-4B85-A3AC-B63734B1E241}
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
Samsung Mobile USB Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7_681B\SECUUninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CB1BFD3-82B0-4C3E-A586-0A5472158E9E}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VirtualCom driver-->MsiExec.exe /I{1943A043-5C85-4A16-A0D0-D687B2C1A40F}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AS: Spybot - Search and Destroy (disabled)
AS: Windows-Defender (disabled)
======System event log======
Computer Name: ***-PC
Event Code: 10029
Message: DCOM hat den Dienst swprv mit den Argumenten "" gestartet, um den Server auszuführen:
{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Record Number: 47926
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090625082111.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 10029
Message: DCOM hat den Dienst VSS mit den Argumenten "" gestartet, um den Server auszuführen:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Record Number: 47925
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090625082111.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 47924
Source Name: Service Control Manager
Time Written: 20090625075039.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 47923
Source Name: Service Control Manager
Time Written: 20090625073614.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Startprogramm für Windows Media Center" befindet sich jetzt im Status "Beendet".
Record Number: 47922
Source Name: Service Control Manager
Time Written: 20090625073613.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: D95R2T2J
Event Code: 6001
Message: Der Winlogon-Benachrichtigungsabonnent <GPClient> ist bei einem Benachrichtigungsereignis fehlgeschlagen.
Record Number: 350
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070310105506.000000-000
Event Type: Warnung
User:
Computer Name: D95R2T2J
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 349
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070310105506.000000-000
Event Type: Informationen
User:
Computer Name: D95R2T2J
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0x40010004) abgebrochen.
Record Number: 348
Source Name: Desktop Window Manager
Time Written: 20070310105506.000000-000
Event Type: Informationen
User:
Computer Name: D95R2T2J
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.
Record Number: 347
Source Name: Microsoft-Windows-Search
Time Written: 20070310105450.000000-000
Event Type: Informationen
User:
Computer Name: D95R2T2J
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 346
Source Name: SecurityCenter
Time Written: 20070310105448.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: ***-PC
Event Code: 1101
Message: Überwachungsereignisse wurden vom Transport gelöscht. Die Echtzeit-Sicherungsdatei war beschädigt, da das System nicht ordnungsgemäß heruntergefahren wurde.
Record Number: 298
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090603153521.960910-000
Event Type: Überwachung erfolgreich
User:
Computer Name: D95R2T2J
Event Code: 4616
Message: Die Systemzeit wurde geändert.
Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: LOKALER DIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e5
Prozessinformationen:
Prozess-ID: 0x4ec
Name: C:\Windows\System32\svchost.exe
Vorherige Zeit: 10:55:20 10.03.2007
Neue Zeit: 10:55:20 10.03.2007
Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird.
Record Number: 297
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20070310105520.712400-000
Event Type: Überwachung erfolgreich
User:
Computer Name: D95R2T2J
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 296
Source Name: Microsoft-Windows-Eventlog
Time Written: 20070310105520.790400-000
Event Type: Überwachung erfolgreich
User:
Computer Name: D95R2T2J
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:
Antragsteller:
Sicherheits-ID: S-1-5-21-2754731202-3281619189-719602998-500
Kontoname: Administrator
Kontodomäne: D95R2T2J
Anmelde-ID: 0x50a95
Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 295
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20070310105506.282891-000
Event Type: Überwachung erfolgreich
User:
Computer Name: D95R2T2J
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-2754731202-3281619189-719602998-500
Kontoname: Administrator
Domänenname: D95R2T2J
Logon-ID: 0x50a95
Record Number: 294
Source Name: Microsoft-Windows-Eventlog
Time Written: 20070310105439.872091-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8
-----------------EOF-----------------
Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by ***at 2009-12-13 23:15:56 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 28 GB (28%) free of 102 GB Total RAM: 3326 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:22, on 13.12.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Trillian\trillian.exe C:\Users\***\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Program Files\Xfire\Xfire.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\***\Desktop\Aklog\aklog.exe C:\Users\***\Desktop\RSIT.exe C:\Users\***\Desktop\***.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [Livestream Procaster] "C:\Program Files\Livestream Procaster\Procaster.exe" -autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8739 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job C:\Windows\tasks\Norton Security Scan for ***.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-20 815104] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "NPSStartup"= [] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-30 13605408] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-30 92704] "NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-01-30 96800] "Livestream Procaster"=C:\Program Files\Livestream Procaster\Procaster.exe [2009-10-12 6415648] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920] "a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2009-11-05 3279192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=c:\program files\steam\steam.exe [2009-10-24 1217808] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064] "PlayNC Launcher"= [] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "Google Update"=C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\Program Files\ICQ6.5\ICQ.exe silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-11-03 703280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Trillian.lnk - C:\Program Files\Trillian\trillian.exe Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "EnableShellExecuteHooks"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}] shell\AutoRun\command - F:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-12-13 23:15:56 ----D---- C:\rsit 2009-12-13 22:15:12 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2009-12-13 22:15:06 ----D---- C:\ProgramData\Malwarebytes 2009-12-13 22:15:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-13 22:11:56 ----D---- C:\Program Files\CCleaner 2009-12-13 17:08:01 ----D---- C:\Program Files\a-squared Anti-Malware 2009-12-13 16:42:11 ----D---- C:\Windows\Internet Logs 2009-12-13 16:07:43 ----D---- C:\Users\***\AppData\Roaming\OnlineArmor 2009-12-13 16:07:43 ----D---- C:\ProgramData\OnlineArmor 2009-12-13 16:04:47 ----D---- C:\Program Files\Tall Emu 2009-12-13 16:00:49 ----D---- C:\ProgramData\Application Data 2009-12-13 15:54:32 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-12-13 15:48:08 ----D---- C:\ProgramData\Symantec 2009-12-13 15:48:08 ----D---- C:\ProgramData\Norton 2009-12-13 15:48:08 ----D---- C:\Program Files\Norton Security Scan 2009-12-13 15:48:04 ----D---- C:\ProgramData\NortonInstaller 2009-12-13 15:48:04 ----D---- C:\Program Files\NortonInstaller 2009-12-13 14:17:45 ----D---- C:\Program Files\KeyScrambler 2009-12-13 13:46:47 ----D---- C:\Users\***\AppData\Roaming\CheckPoint 2009-12-13 13:46:34 ----D---- C:\Program Files\CheckPoint 2009-12-13 13:44:18 ----D---- C:\ProgramData\CheckPoint 2009-12-13 13:29:33 ----D---- C:\Users\***\AppData\Roaming\Avira 2009-12-13 13:19:06 ----D---- C:\ProgramData\Avira 2009-12-13 13:19:06 ----D---- C:\Program Files\Avira 2009-12-13 12:48:35 ----D---- C:\Users\***\AppData\Roaming\QuickScan 2009-12-13 12:30:53 ----D---- C:\ProgramData\SecTaskMan 2009-12-13 12:30:48 ----D---- C:\Program Files\Security Task Manager 2009-12-10 23:51:08 ----D---- C:\cygwin 2009-12-10 23:13:25 ----D---- C:\Program Files\QuickTime 2009-12-10 23:05:17 ----D---- C:\ProgramData\Apple Computer 2009-12-10 23:05:17 ----D---- C:\Program Files\Safari 2009-12-10 23:03:21 ----D---- C:\ProgramData\Apple 2009-12-10 23:03:21 ----D---- C:\Program Files\Common Files\Apple 2009-12-09 15:37:15 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-09 15:37:14 ----A---- C:\Windows\system32\httpapi.dll 2009-12-09 15:22:48 ----A---- C:\Windows\system32\wininet.dll 2009-12-09 15:22:47 ----A---- C:\Windows\system32\urlmon.dll 2009-12-09 15:22:47 ----A---- C:\Windows\system32\mshtml.dll 2009-12-09 15:22:46 ----A---- C:\Windows\system32\ieframe.dll 2009-12-09 15:22:44 ----A---- C:\Windows\system32\ieui.dll 2009-12-09 15:22:43 ----A---- C:\Windows\system32\ieencode.dll 2009-12-09 15:22:42 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-09 15:22:39 ----A---- C:\Windows\system32\winhttp.dll 2009-12-09 15:20:55 ----A---- C:\Windows\system32\rastls.dll 2009-12-08 14:18:06 ----D---- C:\Program Files\AVG 2009-11-30 20:33:46 ----A---- C:\Windows\system32\xfcodec.dll 2009-11-29 19:24:35 ----D---- C:\Program Files\Haali 2009-11-28 01:34:29 ----A---- C:\tracert.txt 2009-11-28 00:27:42 ----D---- C:\Users\***\AppData\Roaming\Trillian 2009-11-28 00:27:10 ----D---- C:\Program Files\Trillian 2009-11-27 17:16:16 ----D---- C:\Users\***\AppData\Roaming\Safer Networking 2009-11-27 17:12:40 ----D---- C:\Program Files\Safer Networking 2009-11-27 17:11:24 ----D---- C:\Program Files\Trend Micro 2009-11-27 00:33:16 ----A---- C:\Windows\system32\msxml6.dll 2009-11-27 00:33:15 ----A---- C:\Windows\system32\msxml3.dll 2009-11-27 00:29:40 ----A---- C:\Windows\system32\tzres.dll 2009-11-27 00:29:12 ----D---- C:\Program Files\MSXML 4.0 2009-11-23 16:36:45 ----A---- C:\Windows\system32\devil.dll 2009-11-23 16:36:45 ----A---- C:\Windows\system32\avisynth.dll 2009-11-23 16:36:44 ----A---- C:\Windows\system32\yv12vfw.dll 2009-11-23 16:36:44 ----A---- C:\Windows\system32\i420vfw.dll 2009-11-23 16:36:44 ----A---- C:\Windows\system32\AVSredirect.dll 2009-11-23 16:36:43 ----D---- C:\Program Files\AviSynth 2.5 2009-11-22 14:01:44 ----A---- C:\Windows\system32\XAudio2_5.dll 2009-11-22 14:01:44 ----A---- C:\Windows\system32\xactengine3_5.dll 2009-11-22 14:01:44 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2009-11-22 14:01:43 ----A---- C:\Windows\system32\D3DX9_42.dll 2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dx11_42.dll 2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dx10_42.dll 2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dcsx_42.dll 2009-11-22 14:01:41 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2009-11-22 14:01:37 ----A---- C:\Windows\system32\XAudio2_2.dll 2009-11-22 14:01:37 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2009-11-22 14:01:37 ----A---- C:\Windows\system32\xactengine3_2.dll 2009-11-21 19:26:44 ----D---- C:\Users\***\AppData\Roaming\dvdcss 2009-11-21 19:23:07 ----D---- C:\Program Files\Alcohol Soft 2009-11-21 18:46:40 ----D---- C:\Users\***\AppData\Roaming\Any Video Converter 2009-11-20 21:23:59 ----D---- C:\Program Files\JDownloader 2009-11-20 14:38:50 ----A---- C:\Windows\system32\javaws.exe 2009-11-20 14:38:50 ----A---- C:\Windows\system32\javaw.exe 2009-11-20 14:38:50 ----A---- C:\Windows\system32\java.exe 2009-11-17 19:59:22 ----D---- C:\Program Files\World of Warcraft ======List of files/folders modified in the last 1 months====== 2009-12-13 23:16:05 ----D---- C:\Windows\Temp 2009-12-13 23:14:59 ----D---- C:\Users\***\AppData\Roaming\Skype 2009-12-13 22:56:58 ----D---- C:\Users\***\AppData\Roaming\Xfire 2009-12-13 22:40:24 ----D---- C:\Windows\MRLH 2009-12-13 22:26:23 ----D---- C:\Windows 2009-12-13 22:25:26 ----SHD---- C:\System Volume Information 2009-12-13 22:15:08 ----D---- C:\Windows\system32\drivers 2009-12-13 22:15:06 ----D---- C:\ProgramData 2009-12-13 22:15:05 ----D---- C:\Program Files 2009-12-13 22:14:07 ----D---- C:\Program Files\Mozilla Firefox 2009-12-13 22:13:59 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-12-13 22:13:28 ----D---- C:\Windows\Debug 2009-12-13 19:41:34 ----D---- C:\Program Files\Steam 2009-12-13 19:35:57 ----D---- C:\Windows\Logs 2009-12-13 16:40:20 ----D---- C:\Windows\System32 2009-12-13 16:06:57 ----D---- C:\Windows\inf 2009-12-13 16:05:35 ----D---- C:\Windows\system32\catroot2 2009-12-13 16:01:00 ----D---- C:\Windows\system32\catroot 2009-12-13 16:00:56 ----D---- C:\Users\***\AppData\Roaming\skypePM 2009-12-13 15:54:32 ----D---- C:\Program Files\Common Files 2009-12-13 15:48:11 ----D---- C:\Windows\Tasks 2009-12-13 15:48:11 ----D---- C:\Windows\system32\Tasks 2009-12-13 13:18:12 ----SHD---- C:\Windows\Installer 2009-12-13 12:35:45 ----D---- C:\Program Files\BAE 2009-12-12 16:32:24 ----DC---- C:\Windows\system32\DRVSTORE 2009-12-12 16:29:02 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-10 23:54:02 ----D---- C:\Users\***\AppData\Roaming\uTorrent 2009-12-10 23:15:31 ----D---- C:\Program Files\Bonjour 2009-12-10 23:07:57 ----D---- C:\Users\***\AppData\Roaming\Apple Computer 2009-12-10 14:29:07 ----D---- C:\ProgramData\Xfire 2009-12-09 16:13:16 ----D---- C:\Windows\rescache 2009-12-09 16:08:19 ----D---- C:\Windows\winsxs 2009-12-09 15:55:04 ----D---- C:\Windows\system32\de-DE 2009-12-09 15:55:04 ----D---- C:\Program Files\Windows Mail 2009-12-09 15:40:32 ----D---- C:\ProgramData\Microsoft Help 2009-12-09 15:37:04 ----RSD---- C:\Windows\assembly 2009-12-07 03:32:34 ----D---- C:\Users\***\AppData\Roaming\vlc 2009-12-02 17:14:39 ----D---- C:\Users\***\AppData\Roaming\teamspeak2 2009-12-02 14:57:18 ----D---- C:\Program Files\Xfire 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe 2009-11-27 23:33:24 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-11-23 16:36:41 ----RSD---- C:\Windows\Fonts 2009-11-22 11:28:45 ----D---- C:\Users\***\AppData\Roaming\DivX 2009-11-21 19:27:30 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-20 14:38:49 ----D---- C:\Program Files\Java 2009-11-18 00:15:17 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2009-11-16 00:10:12 ----A---- C:\Users\***\AppData\Roaming\MPQEditor.ini 2009-11-15 14:31:45 ----D---- C:\Windows\AppPatch ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 fanio;FanIO driver; \??\C:\Windows\system32\drivers\fanio.sys [2007-02-16 14464] R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2009-12-05 223312] R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2009-12-05 24656] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-30 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-13 56816] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-30 25888] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-12 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 8192] R3 b57nd60x;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2008-03-22 113896] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-30 7544832] R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2009-12-05 30800] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] S3 a0zmv1re;a0zmv1re; C:\Windows\system32\drivers\a0zmv1re.sys [] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704] S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-09-21 36608] S3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-01-29 61312] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-12 986624] S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-12 206848] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880] S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-12 659968] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144] R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296] R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-12 386560] S2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336] S3 BthServ;Bluetooth-Unterstützungsdienst; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-01 320760] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [] -----------------EOF----------------- Ich wäre euch verdammt dankbar, falls ihr mir irgendwie helfen könnt  |
|
14.12.2009, 00:58
| #2 |
| | Keylogger, WoW - Account gehackt :X Hier noch Gmer:
__________________Code:
ATTFilter GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 00:55:19
Windows 6.0.6002 Service Pack 2
Running: r53mct73.exe; Driver: C:\Users\Vincenzo\AppData\Local\Temp\uxdyqkog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x9031F420]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x9031E270]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x9031D8E0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x9031FC60]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x9031DA90]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x9032CCB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x9031D740]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x90319DE0]
SSDT 8BE4674C ZwCreateThread
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x9031C900]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x9031D410]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x9031EB40]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x9032D420]
SSDT 8BE46738 ZwOpenProcess
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x9031A080]
SSDT 8BE4673D ZwOpenThread
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x9031F8A0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueryDirectoryFile [0x9031EFB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x9031FE00]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x9031E690]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x9031D060]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x9031DE80]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x9031C6E0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x9031CAA0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x9031EA10]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x9031D240]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x9031CE60]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x9031CC90]
SSDT 8BE46747 ZwTerminateProcess
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x9031C4B0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x9031ED70]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x9031FA70]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x9031BF10]
INT 0x52 ? 86159BF8
INT 0x72 ? 8452CBF8
INT 0x82 ? 8452CBF8
INT 0xA3 ? 86159BF8
INT 0xB3 ? 86159BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 131 81EE8874 4 Bytes [20, F4, 31, 90]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EE8880 8 Bytes [70, E2, 31, 90, E0, D8, 31, ...] {JO 0xffffffffffffffe4; XOR [EAX-0x6fce2720], EDX}
.text ntkrnlpa.exe!KeSetEvent + 191 81EE88D4 4 Bytes [60, FC, 31, 90]
.text ntkrnlpa.exe!KeSetEvent + 1C1 81EE8904 4 Bytes [90, DA, 31, 90] {NOP ; FIDIV DWORD [ECX]; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1D9 81EE891C 4 Bytes [B0, CC, 32, 90]
.text ...
? System32\Drivers\spbg.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EE04340, 0x3EE1D7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8FA8341B 5 Bytes JMP 861591D8
.text anw80ghx.SYS 8AFA8000 22 Bytes [82, 03, E1, 81, 6C, 02, E1, ...]
.text anw80ghx.SYS 8AFA8017 45 Bytes [00, 32, 27, 9A, 8A, 3D, 25, ...]
.text anw80ghx.SYS 8AFA8045 135 Bytes [2A, EE, 81, FD, A9, E7, 81, ...]
.text anw80ghx.SYS 8AFA80CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text anw80ghx.SYS 8AFA80DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA42E3300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA4326300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskeng.exe[608] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[608] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[608] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[608] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] kernel32.dll!CreateThread + 1A 775DC928 4 Bytes CALL 0045495D C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\Windows\system32\Dwm.exe[1692] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[1692] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[1692] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[1692] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Explorer.EXE[1724] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[1724] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[1724] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[1724] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Explorer.EXE[1724] IPHLPAPI.DLL!IcmpSendEcho2Ex 757696D8 6 Bytes JMP 5F130F5A
.text C:\Windows\Explorer.EXE[1724] IPHLPAPI.DLL!IcmpSendEcho2 75769C2D 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2208] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] ole32.dll!CoCreateInstance 76149EA6 6 Bytes JMP 5F100F5A
.text C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] ole32.dll!CoCreateInstanceEx 76149EE9 6 Bytes JMP 5F130F5A
.text C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[2316] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] ole32.dll!CoCreateInstance 76149EA6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] ole32.dll!CoCreateInstanceEx 76149EE9 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[3668] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[3668] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3668] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3668] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[3752] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[3752] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3752] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3752] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3836] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!CreateProcessW 77591BF3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!CreateProcessA 77591C28 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!LoadLibraryExW 775B9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] USER32.dll!ExitWindowsEx 767AB7C3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] ole32.dll!CoCreateInstance 76149EA6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] ole32.dll!CoCreateInstanceEx 76149EE9 6 Bytes JMP 5F130F5A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A8986D6] \SystemRoot\System32\Drivers\spbg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A898042] \SystemRoot\System32\Drivers\spbg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A898800] \SystemRoot\System32\Drivers\spbg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8A8980C0] \SystemRoot\System32\Drivers\spbg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A89813E] \SystemRoot\System32\Drivers\spbg.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8A8A7E9C] \SystemRoot\System32\Drivers\spbg.sys
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortUchar] 838AFCDF
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8AFCB0
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\System32\Drivers\Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00454AB4] C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00454AB4] C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 852E91F8
Device \FileSystem\fastfat \FatCdrom 87E9F1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8452E1F8
Device \Driver\sptd \Device\2333607626 spbg.sys
Device \Driver\usbuhci \Device\USBPDO-0 8614E1F8
Device \Driver\usbuhci \Device\USBPDO-1 8614E1F8
Device \Driver\usbuhci \Device\USBPDO-2 8614E1F8
Device \Driver\usbuhci \Device\USBPDO-3 8614E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{69748DA3-BD9A-469F-A3F1-7E368ABE5EE7} 87CA31F8
Device \Driver\usbehci \Device\USBPDO-4 862D01F8
Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{2F064EB1-89FB-4B01-9381-B33527BB5F22} 87CA31F8
Device \Driver\PCI_PNP1610 \Device\00000057 spbg.sys
Device \Driver\USBSTOR \Device\00000071 87B751F8
Device \Driver\volmgr \Device\HarddiskVolume1 8452E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8452E1F8
Device \Driver\cdrom \Device\CdRom0 863021F8
Device \Driver\volmgr \Device\HarddiskVolume3 8452E1F8
Device \Driver\cdrom \Device\CdRom1 863021F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852E81F8
Device \Driver\atapi \Device\Ide\IdePort0 852E81F8
Device \Driver\atapi \Device\Ide\IdePort1 852E81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 852E81F8
Device \Driver\tdx \Device\RawIp6 OAmon.sys
Device \Driver\cdrom \Device\CdRom2 863021F8
Device \Driver\volmgr \Device\HarddiskVolume4 8452E1F8
Device \Driver\volmgr \Device\HarddiskVolume5 8452E1F8
Device \Driver\cdrom \Device\CdRom3 863021F8
Device \Driver\tdx \Device\Tcp6 OAmon.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 87CA31F8
Device \Driver\Smb \Device\NetbiosSmb 87B791F8
Device \Driver\tdx \Device\Tdx OAmon.sys
Device \Driver\iScsiPrt \Device\RaidPort0 863091F8
Device \Driver\tdx \Device\Udp OAmon.sys
Device \FileSystem\fastfat \Fat 87E9F1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 8612F1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd19acc
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB8 0xE8 0x67 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0x01 0xF9 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x7F 0xFD 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x5A 0xA6 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x12 0x00 0x1F 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x14 0xD7 0xD2 0x10 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cfd19acc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB8 0xE8 0x67 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2C 0x01 0xF9 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x7F 0xFD 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x5A 0xA6 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x12 0x00 0x1F 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x14 0xD7 0xD2 0x10 ...
---- EOF - GMER 1.0.15 ----
|
|
15.12.2009, 09:58
| #3 |
| | Keylogger, WoW - Account gehackt :X Hier noch CC-Cleaner, sorry, hat ich vergessen
__________________Code:
ATTFilter Adobe AIR Adobe Systems Inc. 18.10.2009 30.7MB 1.5.2.8900
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 30.07.2009 10.0.32.18
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 02.08.2009 10.0.32.18
Adobe Flash Player 9 ActiveX Adobe Systems Incorporated 09.03.2007 9
Adobe Reader 7.0.8 - Deutsch Adobe Systems Incorporated 09.03.2007 7.0.8
Apple Application Support Apple Inc. 10.12.2009 1.1.0
Apple Mobile Device Support Apple Inc. 09.12.2009 40.4MB 2.6.0.32
Apple Software Update Apple Inc. 01.11.2009 2.1.1.116
Batch Renamer 2.1.1 (uninstall) 07.11.2009 12.3MB
Benutzerhandbuch 09.03.2007 0.82MB
Bonjour Apple Inc. 09.12.2009 0.49MB 1.0.106
Broadcom Management Programs Broadcom Corporation 09.03.2007 10.03.01
Call of Duty: Modern Warfare 2 Infinity Ward 21.11.2009 11'380.2MB
Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 21.11.2009 11'380.2MB
CCleaner Piriform 12.12.2009 2.80MB
Dell Driver Download Manager Dell Inc. 30.06.2009 1.0.0.0
Dell Driver Download Manager - 1 Dell Inc. 2.0.0.0
Digital Line Detect BVRP Software, Inc 09.03.2007 0.27MB 1.21
DivX Codec DivX, Inc. 02.06.2009 1.31MB 6.8.5
DivX Converter DivX, Inc. 02.06.2009 45.3MB 7.1.0
DivX Player DivX, Inc. 02.06.2009 8.43MB 7.2.0
DivX Plus DirectShow Filters DivX, Inc. 02.06.2009 1.58MB
DivX Web Player DivX,Inc. 02.06.2009 2.83MB 1.5.0
Fraps (remove only) 18.10.2009 2.25MB
G Data InternetSecurity G Data Software AG 14.12.2009 20.1.1.0
Glitchys MES GeeTards 10.11.2009 115.2MB
Google Chrome Google Inc. 08.12.2009 67.4MB 3.0.195.33
Haali Media Splitter 28.11.2009 2.46MB
HijackThis 2.0.2 TrendMicro 08.06.2009 0.39MB 2.0.2
I8kfanGUI V3.1 Christian Diefer 29.06.2009 2.61MB 3.1
Intel(R) PROSet/Wireless Software Intel Corporation 13.12.2009 11.5.0000
Java(TM) 6 Update 17 Sun Microsystems, Inc. 03.06.2009 94.5MB 6.0.170
Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 09.03.2007 1.6.0.0
JDownloader AppWork UG (haftungsbeschränkt) 19.11.2009 52.1MB 0.89
Left 4 Dead Valve 02.06.2009 5'277.0MB
Left 4 Dead 2 Valve 17.11.2009 6'343.8MB
Livestream Procaster Procaster 09.11.2009 1.0.93
Malwarebytes' Anti-Malware Malwarebytes Corporation 12.12.2009 4.11MB
MediaDirect Dell 09.03.2007 119.1MB 4.7
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 03.06.2009 37.0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 18.09.2009 37.0MB
Microsoft AppLocale MS 14.11.2009 3.61MB 1.0.0
Microsoft Office Enterprise 2007 Microsoft Corporation 25.10.2009 631.8MB 12.0.6425.1000
Microsoft Silverlight Microsoft Corporation 13.09.2009 29.0MB 3.0.40818.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 02.10.2009 1.74MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 01.08.2009 0.25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.12.2009 0.33MB 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 02.08.2009 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.06.2009 0.58MB 9.0.30729
Microsoft Windows Application Compatibility Database 14.11.2009
Mozilla Firefox (3.5.5) Mozilla 06.11.2009 31.9MB 3.5.5 (de)
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 09.03.2007 1.25MB 4.20.9841.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.06.2009 1.28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1.34MB 4.20.9876.0
MSXML4 Parser Microsoft Game Studios 30.07.2009 64.00KB 1.0.0
NCsoft Launcher NCsoft 25.09.2009 6.82MB 1.5.7.0
NetWaiting BVRP Software, Inc 09.03.2007 4.91MB 2.5.41
NVIDIA Drivers NVIDIA Corporation 27.10.2009 3'312.1MB 1.3
NVIDIA PhysX NVIDIA Corporation 29.06.2009 120.0MB 9.09.0428
Octoshape Streaming Services 03.11.2009 1.48MB
OutlookAddinSetup CyberLink 09.03.2007 0.96MB 1.0.0
PC Connectivity Solution Nokia 08.10.2009 9.25MB 8.15.0.0
QuickSet Dell Inc. 13.12.2009 6.53MB 8.0.13
QuickTime Apple Inc. 09.12.2009 77.3MB 7.65.17.80
RapidShare Manager RapidShare AG 25.10.2009 0.1.0.257
RunAlyzer Safer Networking Limited 26.11.2009 10.6MB 1.6.1.24
SAMSUNG Android USB Modem Software 08.10.2009
SAMSUNG Mobile Composite Device Software 08.10.2009
Samsung Mobile Modem Device Software 08.10.2009
SAMSUNG Mobile Modem Driver Set 08.10.2009 0.12MB
Samsung Mobile phone USB driver Software 08.10.2009 0.12MB
SAMSUNG Mobile USB Download Driver Software 08.10.2009 0.12MB
SAMSUNG Mobile USB Driver SAMSUNG 08.10.2009 0.11MB 1.00.0000
SAMSUNG Mobile USB Modem 1.0 Software 08.10.2009 0.12MB
Samsung Mobile USB Modem Device Software 08.10.2009 0.12MB
SAMSUNG Mobile USB Modem Software 08.10.2009 0.12MB
SAMSUNG USB Mobile Device Software 08.10.2009 0.12MB
SamsungConnectivityCableDriver Samsung 08.10.2009 0.62MB 6.83.6.2.1
Security Task Manager 1.7h Neuber GmbH 12.12.2009 2.45MB 1.7h
SigmaTel Audio SigmaTel 30.06.2009 22.1MB 5.10.5210.0
Skype™ 4.1 Skype Technologies S.A. 31.10.2009 31.1MB 4.1.179
Steam Valve 02.06.2009 1.47MB 1.0.0.0
Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC Sun Microsystems, Inc. 11.12.2009 80.4MB 2.5.2_01
Synaptics Pointing Device Driver Synaptics 09.03.2007 12.9MB 9.0.1.3
TeamSpeak 2 RC2 Dominating Bytes Design 28.09.2009 2.0.32.60
Trillian Cerulean Studios, LLC 27.11.2009 32.7MB
Ventrilo Client Flagship Industries, Inc. 03.06.2009 4.43MB 3.0.5
VirtualCom driver AIT 08.10.2009 0.71MB 1.0.0
VLC media player 1.0.1 VideoLAN Team 31.08.2009 63.1MB 1.0.1
Windows Live Anmelde-Assistent Microsoft Corporation 02.06.2009 1.93MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 02.10.2009 44.0MB 14.0.8089.0726
Windows Live Sync Microsoft Corporation 02.10.2009 2.79MB 14.0.8089.726
Windows Live-Uploadtool Microsoft Corporation 02.06.2009 0.22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 31.07.2009 0.29MB 1.0.0.8
WinRAR 04.06.2009 3.73MB
World of Warcraft Blizzard Entertainment 08.12.2009 3.3.0.10958
Xfire (remove only) 31.07.2009 23.9MB
µTorrent 31.07.2009 0.28MB 1.8.3
|
|
15.12.2009, 14:25
| #4 |
| | Keylogger, WoW - Account gehackt :XCode:
ATTFilter O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Hab nun Internet Explorer auf 8 geupdated! |
|
16.12.2009, 12:25
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Keylogger, WoW - Account gehackt :X Hallo, Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien (sofern diese noch existieren) bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen. Du kannst auch einfach den Ergebnislink posten: Code:
ATTFilter c:\windows\System32\Drivers\spbg.sys
C:\Windows\MRLH\IluPak.exe
Danach: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.12.2009, 17:06
| #6 |
| | Keylogger, WoW - Account gehackt :X Ilupak.exe hat Kapersky entfernt und spbg.sys ist nicht mehr da? Kann mich nicht erinnern, dass irgendeine Meldung über spbg.sys aufgetaucht ist.. Hier OTL.txt: Code:
ATTFilter OTL logfile created on: 16.12.2009 17:00:34 - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Vincenzo\Documents\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.35% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99.70 Gb Total Space | 27.58 Gb Free Space | 27.66% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.72 Gb Free Space | 57.25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 931.51 Gb Total Space | 836.88 Gb Free Space | 89.84% Space Free | Partition Type: NTFS Computer Name: VINCENZO-PC Current User Name: Vincenzo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Vincenzo\Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Users\Public\Games\World of Warcraft\WoW.exe (Blizzard Entertainment) PRC - C:\Users\Vincenzo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) PRC - C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Vincenzo\Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Xfire\xfire_toucan_40405.dll (Xfire Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (stllssvr) -- File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (GearAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (fanio) -- C:\Windows\System32\drivers\fanio.sys (Christian Diefer) DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2009.12.15 12:13:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.12.14 23:00:34 | 00,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} O1 HOSTS File: (358602 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 12311 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Google Update] C:\Users\Vincenzo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer) O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios) O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.19 10:03:12 | 00,000,000 | RH-D | M] - I:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.17 03:56:50 | 00,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}\Shell - "" = AutoRun O33 - MountPoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009.12.16 16:38:59 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2009.12.16 16:38:59 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr [2009.12.16 16:38:59 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2009.12.16 16:38:59 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2009.12.16 16:38:59 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2009.12.16 16:38:44 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2009.12.16 16:38:44 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2009.12.16 16:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009.12.16 13:51:49 | 00,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2009.12.16 13:41:36 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009.12.16 11:10:39 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2009.12.15 23:11:01 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009.12.15 23:11:01 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009.12.15 23:11:01 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009.12.15 22:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009.12.15 22:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2009.12.15 19:29:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2009.12.15 09:42:40 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009.12.15 09:42:40 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009.12.15 09:42:40 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2009.12.15 09:42:40 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2009.12.15 09:42:40 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2009.12.15 09:42:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009.12.15 09:42:39 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2009.12.15 09:42:39 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2009.12.15 09:42:39 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2009.12.15 09:42:39 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2009.12.15 09:42:38 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2009.12.15 09:42:38 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009.12.15 09:42:38 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009.12.15 09:42:38 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2009.12.15 09:40:14 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2009.12.15 09:40:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2009.12.15 09:40:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2009.12.15 09:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2009.12.15 09:40:13 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2009.12.15 09:40:13 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009.12.15 09:40:13 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2009.12.15 09:40:13 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2009.12.15 09:40:13 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2009.12.15 09:40:13 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2009.12.15 09:40:13 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2009.12.15 09:40:13 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2009.12.15 09:40:12 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009.12.15 09:40:12 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2009.12.15 09:40:12 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2009.12.15 09:40:12 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2009.12.15 09:40:11 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2009.12.15 09:40:11 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2009.12.15 09:40:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll [2009.12.15 09:40:11 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2009.12.15 09:40:11 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2009.12.15 09:40:10 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2009.12.15 09:40:10 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009.12.15 09:40:10 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2009.12.15 09:40:10 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2009.12.15 09:40:10 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2009.12.15 09:40:10 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2009.12.15 09:40:10 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2009.12.14 23:04:09 | 00,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2009.12.14 22:47:19 | 00,055,624 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2009.12.14 22:47:16 | 00,047,560 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2009.12.14 22:46:54 | 00,027,848 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2009.12.14 22:46:53 | 00,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\ProgramData\G DATA [2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\G Data [2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\G DATA [2009.12.14 22:41:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Downloaded Installations [2009.12.14 20:30:46 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Intel [2009.12.14 20:30:45 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Roaming [2009.12.14 20:30:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Roaming [2009.12.14 20:30:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Intel [2009.12.14 20:30:16 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco [2009.12.14 20:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Intel [2009.12.14 19:57:52 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Dell [2009.12.14 00:18:50 | 00,000,000 | ---D | C] -- C:\Windows\Minidump [2009.12.13 23:53:13 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Autostartscan [2009.12.13 23:15:56 | 00,000,000 | ---D | C] -- C:\rsit [2009.12.13 22:15:12 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes [2009.12.13 22:15:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.12.13 22:15:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.12.13 22:15:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.12.13 22:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009.12.13 22:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.12.13 19:31:26 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\.microemulator [2009.12.13 17:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware [2009.12.13 16:42:11 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs [2009.12.13 16:00:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Application Data [2009.12.13 15:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2009.12.13 15:48:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec [2009.12.13 15:48:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton [2009.12.13 15:48:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2009.12.13 14:13:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\mok [2009.12.13 13:46:50 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Documents\ForceField Shared Files [2009.12.13 13:46:47 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\CheckPoint [2009.12.13 13:46:34 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2009.12.13 13:44:18 | 00,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2009.12.13 13:19:07 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009.12.13 13:19:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira [2009.12.13 12:48:35 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\QuickScan [2009.12.13 12:30:53 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2009.12.13 12:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2009.12.11 16:06:14 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Aklog [2009.12.10 23:51:08 | 00,000,000 | ---D | C] -- C:\cygwin [2009.12.10 23:37:58 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\.mobione [2009.12.10 23:36:51 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Genuitec [2009.12.10 23:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009.12.10 23:05:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2009.12.10 23:03:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple [2009.12.10 23:03:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2009.12.09 18:34:11 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Documents\Downloads [2009.12.09 15:37:15 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2009.12.09 15:37:14 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2009.12.09 15:20:55 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2009.12.08 14:18:06 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009.11.29 19:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Haali [2009.11.28 00:27:46 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\TCPVIEW [2009.11.28 00:27:42 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Trillian [2009.11.28 00:27:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian [2009.11.28 00:10:56 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Leatrix Latency Fix 1.15 [2009.11.27 17:16:16 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Safer Networking [2009.11.27 17:12:40 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking [2009.11.27 17:11:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009.11.27 00:33:12 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2009.11.27 00:29:40 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009.11.27 00:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2009.11.23 16:36:45 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2009.11.23 16:36:45 | 00,318,976 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2009.11.23 16:36:44 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2009.11.23 16:36:44 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2009.11.23 16:36:43 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2009.11.22 14:01:44 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2009.11.22 14:01:44 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2009.11.22 14:01:44 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2009.11.22 14:01:43 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2009.11.22 14:01:43 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2009.11.22 14:01:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2009.11.22 14:01:43 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2009.11.22 14:01:41 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2009.11.22 14:01:37 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2009.11.22 14:01:37 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2009.11.22 14:01:37 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2009.11.21 19:26:44 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\dvdcss [2009.11.21 19:23:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2009.11.21 18:46:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Any Video Converter [2009.11.20 21:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\JDownloader [2009.11.17 19:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009.12.16 17:02:56 | 08,912,896 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT [2009.12.16 16:44:58 | 00,182,340 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009.12.16 16:44:58 | 00,182,340 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009.12.16 16:44:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.12.16 16:44:13 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.12.16 16:44:13 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.12.16 16:44:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.12.16 16:42:54 | 00,524,288 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.12.16 16:42:54 | 00,065,536 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.12.16 16:42:48 | 03,888,995 | -H-- | M] () -- C:\Users\Vincenzo\AppData\Local\IconCache.db [2009.12.16 16:38:59 | 00,001,811 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk [2009.12.16 16:38:58 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2009.12.16 16:36:09 | 00,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job [2009.12.16 11:01:55 | 00,000,113 | ---- | M] () -- C:\Windows\(null)toolkit.ini [2009.12.15 23:10:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009.12.15 23:10:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009.12.15 23:10:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009.12.15 23:10:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2009.12.15 22:58:58 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009.12.15 19:27:34 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At5.job [2009.12.15 19:27:34 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At4.job [2009.12.15 19:20:01 | 00,000,398 | ---- | M] () -- C:\Windows\tasks\At3.job [2009.12.15 19:15:52 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At2.job [2009.12.15 19:15:51 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At1.job [2009.12.15 19:03:44 | 00,006,992 | ---- | M] () -- C:\Users\Vincenzo\Documents\cc_20091215_190341.reg [2009.12.15 18:35:00 | 00,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job [2009.12.15 09:57:30 | 00,020,556 | ---- | M] () -- C:\Users\Vincenzo\Documents\cc_20091215_095721.reg [2009.12.14 23:04:12 | 00,000,680 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\d3d9caps.dat [2009.12.14 23:04:12 | 00,000,552 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\d3d8caps.dat [2009.12.14 23:04:09 | 00,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2009.12.14 22:58:46 | 00,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2009.12.14 22:47:19 | 00,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2009.12.14 22:47:16 | 00,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2009.12.14 22:46:54 | 00,027,848 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2009.12.14 20:32:56 | 01,427,212 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.12.14 20:32:56 | 00,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.12.14 20:32:56 | 00,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.12.14 20:32:56 | 00,123,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.12.14 20:32:56 | 00,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.12.14 20:30:19 | 00,002,654 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Dell Driver Download Manager.lnk [2009.12.13 22:15:11 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.13 22:11:56 | 00,001,632 | ---- | M] () -- C:\Users\Vincenzo\Desktop\CCleaner.lnk [2009.12.13 19:26:42 | 01,092,608 | ---- | M] () -- C:\Users\Vincenzo\Desktop\DAuth.exe [2009.12.13 17:31:06 | 00,358,602 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009.12.13 13:28:48 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009.12.08 16:22:23 | 00,001,836 | ---- | M] () -- C:\Users\Vincenzo\Desktop\HijackThis.lnk [2009.12.04 02:23:11 | 00,044,032 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.03 17:50:01 | 00,000,804 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.11.30 20:33:46 | 00,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2009.11.27 18:05:14 | 00,358,602 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091213-171744.backup [2009.11.25 00:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2009.11.25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2009.11.25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2009.11.25 00:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2009.11.25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2009.11.25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2009.11.25 00:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr [2009.11.21 07:35:38 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009.11.21 07:35:38 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2009.11.21 07:34:58 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009.11.21 07:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2009.11.21 07:34:39 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2009.11.21 07:34:39 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2009.11.21 07:34:39 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2009.11.21 07:34:38 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2009.11.21 07:34:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2009.11.21 07:34:33 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009.11.21 05:59:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009.11.21 05:59:52 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2009.11.21 05:59:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2009.11.21 05:58:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009.11.21 04:21:16 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2009.11.20 21:24:14 | 00,000,988 | ---- | M] () -- C:\Users\Vincenzo\Desktop\JDownloader.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.12.16 16:38:59 | 00,001,811 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk [2009.12.16 16:38:44 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx [2009.12.15 22:58:58 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009.12.15 19:20:45 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At5.job [2009.12.15 19:20:23 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At4.job [2009.12.15 19:19:00 | 00,000,398 | ---- | C] () -- C:\Windows\tasks\At3.job [2009.12.15 19:14:09 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At2.job [2009.12.15 19:13:37 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At1.job [2009.12.15 19:03:43 | 00,006,992 | ---- | C] () -- C:\Users\Vincenzo\Documents\cc_20091215_190341.reg [2009.12.15 09:57:23 | 00,020,556 | ---- | C] () -- C:\Users\Vincenzo\Documents\cc_20091215_095721.reg [2009.12.15 09:42:39 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2009.12.15 09:33:18 | 00,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2009.12.14 23:04:12 | 00,000,680 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\d3d9caps.dat [2009.12.14 23:04:12 | 00,000,552 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\d3d8caps.dat [2009.12.14 20:30:19 | 00,002,654 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Dell Driver Download Manager.lnk [2009.12.13 22:15:11 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.13 22:11:56 | 00,001,632 | ---- | C] () -- C:\Users\Vincenzo\Desktop\CCleaner.lnk [2009.12.13 19:26:23 | 01,092,608 | ---- | C] () -- C:\Users\Vincenzo\Desktop\DAuth.exe [2009.12.09 18:30:33 | 00,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job [2009.12.09 18:30:32 | 00,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job [2009.12.03 17:50:00 | 00,000,804 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2009.11.30 20:33:46 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009.11.27 17:11:24 | 00,001,836 | ---- | C] () -- C:\Users\Vincenzo\Desktop\HijackThis.lnk [2009.11.23 16:36:44 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.20 21:24:14 | 00,000,988 | ---- | C] () -- C:\Users\Vincenzo\Desktop\JDownloader.lnk [2009.11.08 23:24:17 | 00,000,947 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\MPQEditor.ini [2009.10.09 20:20:56 | 00,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.10.09 20:20:56 | 00,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.08.15 15:41:41 | 00,139,152 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\PnkBstrK.sys [2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.30 12:10:49 | 00,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.30 12:10:48 | 00,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.30 13:05:50 | 00,182,340 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.06.30 13:05:50 | 00,182,340 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.25 19:30:01 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.06.24 15:00:43 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.06.24 11:08:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.03 11:54:40 | 00,013,166 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\nvModes.001 [2009.06.03 11:54:39 | 00,013,166 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\nvModes.dat [2009.06.03 11:42:18 | 00,044,032 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.05.04 16:39:34 | 00,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll [2007.10.25 16:26:10 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.10.08 14:21:46 | 00,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.03.10 19:08:01 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.03.10 19:07:52 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.03.10 11:40:30 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini [2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Vincenzo\Documents\My Games:Roxio EMC Stream < End of report > |
|
16.12.2009, 17:07
| #7 |
| | Keylogger, WoW - Account gehackt :X Hier extras. txt: Code:
ATTFilter OTL Extras logfile created on: 16.12.2009 17:00:34 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Vincenzo\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.35% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 27.58 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.72 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 836.88 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
Computer Name: VINCENZO-PC
Current User Name: Vincenzo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2754731202-3281619189-719602998-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038384F3-884F-4EB5-B762-FF73BD685720}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1B0A5B37-0398-4013-82D7-29FAE7D95358}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4403F987-9463-4C96-BDAA-79BBC3D7944A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59D6E6FD-BA64-418A-A3E1-B6641F41EBF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A381F6C-1EF7-4852-A720-F1E76E4C7AFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BF8036A-2497-4ED2-B1B1-98908893A77D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{759E4A03-867C-42EC-A197-CCE9728ED182}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8CCC55AD-D2AC-4DD3-B133-63B26C3FB116}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AA0250D3-255D-496A-B36C-1A54870FF95F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ABE767B4-A542-4D8C-B604-519B1875E187}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF669D02-FC9C-4BBE-B360-8FF13E42A3B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D53F3873-05E5-48AC-BDD1-6ECF8F81EF8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038573F-5773-4DDA-ACE8-94E651D1972A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{022D63B6-887E-4399-A82F-163007B0458F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{02624111-DC3A-4243-A7B4-53B9089FED10}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{039BD43F-A7B0-4769-AA77-5ED649F910E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03B91280-4582-4443-B82A-577088E00540}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04BAEF0D-8D66-4FB7-A062-9F9F4962AA05}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{051CC45B-0C1F-4AE1-BAC8-12C6FDE88F40}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0973A984-4C47-43F1-9001-91F2A297C5E3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0A5FCD53-DFEC-4212-A408-9C9AD7979A43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AA5EBBB-2579-40F9-B27F-4FE42F86353A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D961434-B36C-45F8-A9A1-60329E662425}" = protocol=17 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{0DC658E8-CE82-47D3-A214-028D4A32CF32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0E411BAE-B524-4720-A53F-0EC8ED39CCFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E75CFC1-3221-4021-BD18-C3391DAFEEC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10CB53AE-9025-4CA6-808C-826F00B70658}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{123D1333-AF6C-455D-9DBD-A4386DC079E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1252583C-25FE-47B6-834F-71852A58CBD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15523A64-1AF2-4E27-B2CE-3D49F485D86E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{195997BF-E48A-4ABA-85AE-65D233F65904}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AF6784C-F70F-4277-ADE9-35CD518E32B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1BFA5E41-4DA9-4320-9881-653FEE378C01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C2BEC68-155C-4C3C-9511-B823EFEBE66B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1D777288-4546-4653-BC2B-3F92225EDC03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EBAA268-9E26-480D-992B-AB1CD9CAE4E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20B109F1-BAB6-4DEE-B0D2-1C78C886A86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2334CC7C-8E68-46BA-817E-53D7DE508197}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{2339BF5C-3059-464F-8F41-85A2EE5D3ACF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{26C98D5B-3657-4586-B3D4-D1F5552BA079}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27C4D5AD-2F59-4246-AA3B-CCA8E9E4837B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{27CD8B49-4C17-47B0-868A-7FF47A3C63BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30838499-D4C8-47C0-8F6A-36D73D1DED2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30DA99E7-6F0E-4DB7-A7BB-7A792F14BEF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31D0021E-0E9C-4551-AD55-2C700282BC98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{341EC60B-2E17-4865-ACB0-8256BFDD1807}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{372CC4D6-2702-4670-863E-D47387063CF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37A41778-4C36-42F3-9B5B-CD8FD2BDBEFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37F6538A-2533-468B-9275-7610883BE47E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3827278B-A88C-4D6E-8CB6-DC973C7085C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39FD66ED-5F5F-4542-AAA7-FA666290D7AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AAD92C7-DAA2-4F84-B655-A921B79A5AC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AE9D5C6-B6FA-4D02-8F34-794A97143509}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C68580E-4CB9-4F2C-BDAD-8D9D1928091C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{3D13A6EA-F799-4A17-8D47-6892A31A58FA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{3EE01864-5623-49FA-A163-ADCB63E55D33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FC285FB-570B-4259-8694-8D75F329390E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4085D281-B24D-4EB1-B91A-00CEBCD667CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42D5ADC3-F45C-472D-AC06-B2B766EC6F08}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{43BCA886-D504-446C-B035-1A933E502146}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{445224A6-5E3C-4E73-86D5-AABDF2615074}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{44D2D0AE-200F-4DD3-B8F7-964CB9990E4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45F1077A-2F63-4E41-887C-2F2CE5DFD18C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4839123F-956E-460A-8B5A-5B0D78E8ADC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{489DE033-885E-4E7D-A83D-4C5314F1F7AA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{4A00E09A-F1A0-4AA3-ADAE-135C87297EAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4B6CC3AD-AAE3-40C0-A1C9-3CD443BBB54E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FA06D3B-E669-4C27-BB52-311A0023CF77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5327DDB1-439F-4BC0-997C-250249D1F5AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{538216BE-984A-48F0-BCE4-21F9BF550396}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{546A399B-90BB-41E8-B31A-C2FA3ADB6F0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{560D827C-0CEF-490D-8E7B-4B5E9A1ABE29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{568595C7-EC86-4AD2-A0E2-D38F6FDBA0EA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{573B5B0F-291A-48F5-A4B6-C0901D0B6990}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AC2B734-85CD-450B-AADA-EF2399C95A5B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{5B9472FF-5609-4D8B-A9AC-889AAA16667F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C6A01D7-483C-4BEB-83D5-4E452B6DDABA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5C9DBCDE-B50F-4BBC-959C-9061925F7EED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5EAD0787-9BAA-4102-A8FD-E94312591E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6005A155-8FA8-4ADD-A739-6E75AA7BE114}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{630AE891-D375-430E-A712-7910AF831B7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63EDF660-89F6-49D9-922F-FED5E0C2D852}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64655074-D177-4444-B98E-77329A9BCB0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65B49493-99EC-4F24-90C1-0D4B924C2C89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65D12B7D-0998-4D86-8FE0-D63A391CEF18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6685042B-3F19-4E17-96D9-81BDF67D3539}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67AF56EB-5466-4F28-A751-C4A71F5289EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6876097A-461A-42EE-96B4-0B2F2B4064B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6960C67A-4591-45F7-8BA8-A0409D483F93}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B670171-E1DE-464D-ADD1-0988E905643C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D1D754B-01F5-4859-96B2-C8EDB66F47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6EED5A32-C8BC-4DE4-8403-CAFE906ACD55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{719DAB0A-9E68-482F-8818-9D9575B142AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72F62C7F-15A5-4FCC-8C3F-F6E31D211EF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{737F2FEF-58E2-48C2-90DA-B5DE560D9CA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73E5876E-CCDB-4361-B283-6EDF94E8A4FC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{7437C312-C901-48EA-8421-8E1262FD9303}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7883CF31-22F5-4C3E-A76F-A38D4A35115B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{79747C5F-BF1C-4B53-A79D-641071BAA433}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B3FBC19-368F-4831-AADE-C16AAC4172EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BA14617-4E8B-48E0-A7ED-92D19275CE80}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{7D7CF9B0-816E-4B61-8DA3-D61D60FFFFAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D9F4A1D-210F-4422-913C-F1E056034873}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7E07BC99-B566-4F11-8E07-556DE07C4F84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7ECE8A1E-3F39-43E2-A3A4-C03E0FA7FD0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EDE4963-06A5-4CE4-8FA0-241F58B6FE00}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{7EF9D233-2FBF-4CFD-A681-768607C7AF72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB5B4C1-2F3A-4282-9E4C-A9270D3B9A84}" = protocol=6 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{83073A7A-F78D-4241-BFE5-0C2911A5DFA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{830EE769-271F-412A-B440-498459DDA330}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{842AD2D3-D7ED-492E-B8EC-EF1F6A6F6DB3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{852652E8-3008-4128-9D39-53BAD96BCC0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{85BD7352-5A79-41DE-88C9-7E6187F0EB3F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8648B3A8-CE02-44A1-86E7-050094C2A1DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8713956A-A918-4355-A078-5F5FD25959A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{884111CE-0226-4036-8A7C-0B059AA7A8EF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{8AD28BA1-47DB-49E2-B630-4D890494AB6E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{8BF9656A-CF0A-4D38-82C8-8080BE19B334}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8C20EAE4-7AC2-438E-9336-9AF764FE33B2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8CC218DF-56DF-45DD-B045-C2429387411D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CCB2A1A-BA5F-4D1F-9547-A482419CC63F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB3532A-3577-4705-88BC-B895BFD8CD28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DE99B54-779D-439D-BD17-51B6B47F2029}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{924D699C-92D5-42FF-848D-B043E24520A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93C0FCCA-35DF-4804-BFA4-D87EB1FBE918}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{943BFE9D-7E93-45B9-BBD4-840C38562212}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94571C91-3C4C-449B-9794-57F687C3D715}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9545D10E-D444-4975-B253-9DC671A137F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96AE5CE2-3E69-43B2-A7EF-481A490D18D8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{96EAE1F5-38C7-4696-93AB-2B86A8716F80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{975B1D30-6221-4336-8704-B32677104FCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{977C3669-111D-4E99-B1F5-2AF3860FAC18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9793B05F-39A6-469E-9796-47750707662B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{983898B6-122B-4C9D-AEFF-02FCDFA3A8DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FBDCA3-F097-4970-ACD3-830D51F70F73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{993533CE-220F-4CA4-9915-1CCAF9B42931}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{9AFD115A-9873-475A-BA2C-09E36955CC87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B7ECC0E-403A-43D0-8C45-C683EB8CB111}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D770CBA-884D-4EBC-8D7C-877F0166C5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E1E0003-43AA-424D-B594-A8FAED64A9EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A09DD221-67DF-4B19-AF27-A7CE994BA826}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{A116950A-9FB2-4156-AF3A-A5ABD85ADE5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A33CE113-D6ED-4963-B70F-1F85C98C4D68}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A381CAA6-666D-436E-A691-654DADB23679}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A38AF5EC-4DC2-430B-986C-CDDAD730D7A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5E27DEC-F196-4736-8365-385223B60CC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A642B72F-84F2-4F91-B4A9-9D1771F462E2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A673891D-BB3C-4782-AE81-5B0C40A14238}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A71E8A10-F50B-481C-BB67-DAC19731E349}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9876FC2-EA43-4F23-9979-7C71C1D18CD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9CD87B3-5639-4AD1-99E9-0DBB64C89C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAEF54AF-457B-402F-86C1-5B85034009A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB38619C-DB20-4909-BBDA-F4EE1422018F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{AC80A7D4-5FF9-4A60-8238-F5CAEC4324DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACFD7B63-E4A7-4F17-9669-6B4A4797B0C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0E96051-2CAF-497E-98EF-B8113B674072}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2AE8B84-19D6-4CD3-BEC9-19E784F0C020}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5C6CA76-3C59-4648-BFD7-39E6B1DCF735}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA76DA09-FE55-4D7D-9ADE-026A79EBB71C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBA0D18E-01DE-4A21-99B0-8400931C260A}" = protocol=6 | dir=in | app=c:\program files\broadcom\bacs\bacs.exe |
"{BE1B46FB-8B57-4B9E-A3E1-B4957D650153}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF8D4B65-8A3F-4DEF-AC2F-6545233C5F22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C077BD5D-F2A6-4F11-8038-5F47F0C1B85D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C114965B-83E6-4AED-AF59-9A6817884D12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C293C1BD-0010-4A7C-8618-BE2D51A49A36}" = protocol=6 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{C821F6FC-430E-4F8F-9814-F17CD5322351}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C952A90B-B3B6-4F1A-B476-2FE313099CF2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA095824-2562-4D98-8B2C-60FD56060485}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{CA4AF358-ACA2-4FE0-B89F-8FCBF412084F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB0358A7-4B33-47AF-8546-E3C31081B313}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CB27AB2C-4ADC-481F-A820-78974021973D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBA08CDC-0284-4FFA-BB3A-117282EAF940}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDC4327C-4172-4B6D-A4EA-5D345427AD44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEC322F1-E397-4200-993A-5D4F4ACF3D60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF0C7BF0-EB27-4AD0-BD58-A411588A8A92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFA510DF-5119-47F5-AB41-8F19FE4E417F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D113C468-4046-45E7-AA37-0752DAD24D5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1F77A3F-ACA0-47AF-A6AE-432D5CB69CE3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D64887AD-67E8-4CD0-964C-942D4E5B5DAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6DA839E-4A88-4F50-8E00-205BECA98B8F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D8D42037-4387-4622-A8C3-8A064197790C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAEF6D29-C7D3-4E0F-96DD-37D1866B9E23}" = protocol=17 | dir=in | app=c:\program files\broadcom\bacs\bacs.exe |
"{DBB4A795-B8EE-4EB7-8D75-759760DFA947}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{DBCF4DF7-1BB2-4A87-A092-F53ACA9B5DC1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{DCAB9747-C1AA-4610-9762-7F2B4887A718}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E01FD454-3E77-4BF0-9CAC-519118C4CF72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0CD3705-709C-4F55-919A-32312E88B440}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E33550FF-9B7E-41E9-8CF9-2ADE7C5D8838}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E35F2A8A-9DF8-419A-94FE-BD7EB768AC77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E391A72C-0763-491B-BFE7-89FA3EE82E81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E539B68D-CB76-4451-92DE-59A4F281973F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E622673A-A8F3-45F2-A963-20EBD8F7D266}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{E6B7C564-C9A9-4190-9D8F-0581C720212A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EA48B94F-6359-407B-AAE4-B43B8DC38338}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB677613-5F8D-4487-8575-5C6A2BCA3A84}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC01C0CD-07B2-4545-B953-42CA97ABA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECF531D7-85C9-4E32-9B25-6CAC950FC850}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{ED8C6196-7E5D-48D8-A31B-7FEDA0AF7D1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEFF2FB3-4332-4326-A06F-1108E9867B07}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EFC5F6AE-B0DB-489A-B0C6-956BFF2ABCC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F04CEE67-9A14-4FF5-8620-D27478516037}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{F078261B-24AE-4777-ACAC-6D9A86153F18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F10BFC00-912C-45E4-A7A9-DD89A9E0DEC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F319BB7D-DD2F-49A2-99BA-DFAD09131C12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F31FFBF5-3A5B-4652-9B14-4833403EC025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4BDEE5B-28D4-49FE-9CEF-CF1563B98B10}" = protocol=17 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{F4EECC96-65EA-4243-A8D4-91278EC9383A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7EB7944-D560-4C46-BFDB-93BC5ED0FDAF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F9282978-9C91-4AD3-91E6-73CDC6841B21}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{FD0E829C-BFE3-4D84-8C2F-521AFE5F28BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{FF006D46-6B6A-4DDA-B53D-DB8468306011}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF03F9F4-B71B-4C81-B9DE-E1EAF82C9205}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{107C204E-32A7-4928-9875-B1E81BD4A962}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{156E0EBE-666E-4581-9ECC-17CAE4C8DB83}C:\program files\darkfall\lobby.exe" = protocol=6 | dir=in | app=c:\program files\darkfall\lobby.exe |
"TCP Query User{1726EC80-F47A-4AEE-B1B3-8934D95A7BC6}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{1B6834E3-0F54-402E-8ED4-F1FB12219017}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{4C9B8B5E-37EB-463A-B3EA-E7900FDF520B}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{4D56A8FA-56A3-4CCB-9055-15A5B283184A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{507478A9-9FEE-4D82-8418-768007198DA9}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{5C1E66C3-91F0-417B-89CB-A799BDB9FD77}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{709664DD-A358-49D1-A5B2-31062DAA5F6A}C:\program files\icqlite\icq.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icq.exe |
"TCP Query User{7A6CC43B-54BA-49DF-A8E5-7F7A2A779D97}C:\program files\xfire\dppm_source.exe" = protocol=6 | dir=in | app=c:\program files\xfire\dppm_source.exe |
"TCP Query User{8AC00333-10B8-4A3A-8797-2078030C9FB8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{93658077-6190-494D-B30E-0BCF88FB5774}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A14D1F0C-1FB9-41E3-A84C-996F335DFB33}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{A7C71B1E-3E47-4CEA-99B6-C3DC086C4388}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AD969AD1-3C40-4EB9-9597-E51321C6615C}C:\program files\icqlite\icq.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icq.exe |
"TCP Query User{BA43394C-8062-4407-AE19-17BA0418C9BA}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{CB603192-1687-43F6-B98D-A0FBC9346745}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{D3C2287D-E198-40B0-ACF0-229CE34D98D1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E646F0DA-39F6-4733-95C8-BF3D81F120D8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{FF7FF774-880A-4A96-9B08-5F482F5D11E2}C:\program files\darkfall\data\sfbrowser.exe" = protocol=6 | dir=in | app=c:\program files\darkfall\data\sfbrowser.exe |
"UDP Query User{05E828C9-827A-4BC6-9037-1BF5CA8F8A47}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{0669F47F-0992-48D0-808B-A6668C269424}C:\program files\darkfall\lobby.exe" = protocol=17 | dir=in | app=c:\program files\darkfall\lobby.exe |
"UDP Query User{133FF0D8-F9E2-46F4-8059-4F9E72BA5511}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{20708FDC-81C7-443E-9E14-66AACD28EF2C}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{28E9BE02-C02D-435C-8E43-697F70C6BC26}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2F831123-1553-4399-AD89-41C8C0F1B55B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{3295876F-85A4-4B80-945F-5FABC0E8342E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{80D45623-27B1-42DA-AAB4-D24BB60C1DDC}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{8464E879-8DA9-456A-A53D-B4A5268FDF25}C:\program files\darkfall\data\sfbrowser.exe" = protocol=17 | dir=in | app=c:\program files\darkfall\data\sfbrowser.exe |
"UDP Query User{9B4DCBE1-6C5A-4816-BA5F-EF7C27E7B5B1}C:\program files\icqlite\icq.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icq.exe |
"UDP Query User{B0C706F3-0567-4679-9301-FEEF5BB19664}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BD0FF8E1-CE28-46EB-B531-76B04DEA8A90}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C1D2D327-6772-4C5B-93B5-06A75C070F4B}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{CA6F13DC-5D00-4D51-AAFB-CD210BB9996C}C:\program files\xfire\dppm_source.exe" = protocol=17 | dir=in | app=c:\program files\xfire\dppm_source.exe |
"UDP Query User{CF0FB5B9-90E9-45BF-90B8-071052871555}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E4C80630-D909-49EA-B7F5-EF08B3E9C80D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{E60BBEF9-655F-4D91-8A4B-08BA0CFC04FA}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{E6601A14-0B0E-4D19-B973-2492C449467A}C:\program files\icqlite\icq.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icq.exe |
"UDP Query User{E68CAF78-2C24-4B6C-AE6A-E49B48C1AF99}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{F6E7F387-BF78-4EEC-9F17-CDB145C7A530}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E323ECF-FA5B-454A-B79C-508419AC2538}" = Livestream Procaster
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CB1BFD3-82B0-4C3E-A586-0A5472158E9E}" = Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BatchRenamer" = Batch Renamer 2.1.1 (uninstall)
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Glitchy's Model Editing Suite_is1" = Glitchys MES
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"I8kfanGUI" = I8kfanGUI V3.1
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Security Task Manager" = Security Task Manager 1.7h
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"5f48e2ab41c5d005" = RapidShare Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 15.12.2009 13:46:47 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 15.12.2009 13:46:47 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 15.12.2009 13:47:07 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
[ System Events ]
Error - 16.12.2009 08:15:32 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description =
Error - 16.12.2009 08:47:24 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description =
Error - 16.12.2009 08:48:44 | Computer Name = Vincenzo-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.14 für die Netzwerkkarte mit der Netzwerkadresse
0019D27C7B31 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 16.12.2009 08:59:35 | Computer Name = Vincenzo-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.14 für die Netzwerkkarte mit der Netzwerkadresse
0019D27C7B31 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.12.2009 11:42:46 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10010
Description =
Error - 16.12.2009 11:45:29 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
16.12.2009, 18:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keylogger, WoW - Account gehackt :X Bitte mal den Avenger anwenden Vorbereitungen: a) Deaktiviere den Hintergrundwächter vom Virenscanner. b) Stöpsele alle externen Datenträger vom Rechner ab. Danach: 1.) Lade Dir von hier Avenger als gehweg.exe => File-Upload.net - gehweg.exe auf den Desktop 2.) Doppelklick die Datei "gehweg.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
c:\windows\System32\Drivers\spbg.sys
folders to delete:
C:\Windows\MRLH
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.12.2009, 22:56
| #9 |
| | Keylogger, WoW - Account gehackt :XCode:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\windows\System32\Drivers\spbg.sys" not found!
Deletion of file "c:\windows\System32\Drivers\spbg.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "C:\Windows\MRLH" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Hat es ausgespuckt! |
|
17.12.2009, 10:59
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keylogger, WoW - Account gehackt :X Wenn Du nebenbei noch AntiVir installiert hast, solltest Du nur den verwenden und Symantec/Norton AntiVir deinstallieren! Mehrere Virenscanner mit Hintergrundscanner sind nicht gerade gut für das System. Mach danach noch einen Scan mit aggressiven Einstellungen von AntiVir.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.12.2009, 18:09
| #11 |
| | Keylogger, WoW - Account gehackt :X Ok, werd ich heute Nacht mal durchlaufen lassen Danke! |
|
| Themen zu Keylogger, WoW - Account gehackt :X |
| 32 bit, antivir, antivir guard, avgntflt.sys, bho, browser, desktop, diagnostics, email, excel, firefox, flash player, fontcache, google, hdaudio.sys, home, home premium, install.exe, installation, logfile, malwarebytes' anti-malware, media center, msiexec, msiexec.exe, nvlddmkm.sys, office 2007, plug-in, programdata, programm, proxy, registrierungsschlüssel, registry, safer networking, scan, security, security scan, senden, server, software, start menu, symantec, system, usb, vista 32, vista 32 bit, windows, windows-defender, windows-sicherheitscenterdienst |
Linear-Darstellung
