| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Renos.jm über FireFox eingefangen - richtig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2009, 14:39
| #1 |
 |  Renos.jm über FireFox eingefangen - richtig entfernt? Hallo zusammen! Euer Board hat mir mit meinem Problem denke ich schon recht weit geholfen. Um wirklich sicher zu gehen, würde ich aber gerne die entsprechenden Logs nochmal durchsehen lassen. Mein System: Windows Vista Business 64 Service Pack 1 [dachte ich hätte SP2 drauf, aber anscheinend hab ich das verschlafen] AV Antivir Personal (Xeon W3520, Gigabyte UD5, 6GB DDR3 RAM, GTS250 - dürfte aber wohl unerheblich sein, in diesem Fall) Mein Problem: Gestern Abend gelangte über den Aufruf einer Seite im FireFox ein Trojaner der Art Renos.jm auf mein System. Wie und warum, kann ich mir selbst nicht erklären - auf jeden Fall schlug der WindowsDefender an, AntiVir dagegen gab keine Meldung von sich. Ich ging zunächst davon aus, daß sich das Problem also nun erledigt hat, jedoch wurde ich nun im Folgenden immer wieder auf Microsofts Searchengine Bing weitergeleitet. Nach dem Systemstart heute morgen, tauchte anschließend eine Fehlermeldung bzgl. einer fehlenden Datei [sshnas.dll] auf, nach kurzer Recherche ergab sich, daß diese mit LosAlamos bzw. AddAtom in Verbindung steht. Ich deaktivierte daraufhin die entsprechenden Systemstart Einträge in der MSConfig. Weitere Schritte waren: Antivir-Systemprüfung Ergebnis:  CCleaner Cleaner, als auch Registry Durchlauf Neustart Malwarebytes' Anti-Malware Durchlauf - mit 11 gefundenen infizierten Dateien: Code:
ATTFilter Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3443
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
28.12.2009 12:09:07
mbam-log-2009-12-28 (12-08-59).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 468511
Laufzeit: 37 minute(s), 11 second(s)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11
Infizierte Speicherprozesse:
C:\Users\Clemens\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> No action
taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j8rpltrobq (Trojan.Dropper) -> No
action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChang
es (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Clemens\AppData\Local\Temp\a.exe (Trojan.Downloader) -> No action taken.
C:\Users\Clemens\AppData\Local\Temp\Setup.tmp (Adware.Agent) -> No action taken.
D:\Programme\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action
taken.
D:\Programme\...\...\...\nc.exe (PUP.KeyLogger) -> No action taken.
C:\Users\Clemens\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\Clemens\AppData\Local\Temp\b.exe (Trojan.Dropper) -> No action taken.
C:\Users\Clemens\AppData\Local\Temp\c.exe (Trojan.Dropper) -> No action taken.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> No action taken.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3443
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
28.12.2009 13:24:51
mbam-log-2009-12-28 (13-24-51).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 468406
Laufzeit: 37 minute(s), 46 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
RSIT Gibt nun folgende log-Datei aus: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Clemens at 2009-12-28 13:46:57 Microsoft® Windows Vista™ Business Service Pack 1 System drive C: has 7 GB (9%) free of 80 GB Total RAM: 6141 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:47:09, on 28.12.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18349) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe D:\Programme\EXPERTool\TBPANEL.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe D:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE D:\Programme\RivaTuner v2.24\RivaTuner.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Windows\SysWOW64\conime.exe D:\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Clemens.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [...]go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [...]go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [...]go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [...]go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [...]go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [...]go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [GAINWARD] D:\Programme\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [EPSON Stylus D120 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICCE.EXE /FU "C:\Windows\TEMP\E_SD42F.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\SideBar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: HwMonTray.exe - Verknüpfung.lnk = D:\Programme\HWMonitor64_113\HwMonTray.exe O4 - Global Startup: QuatoCalibrationLoader.lnk = D:\Programme\iColorDisplay\QuatoCalibrationLoader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [...]icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmdib.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9385 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{64BB3058-FB6B-44DD-8337-5FB88C292CF6}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-04-27 35840] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864] "EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-04-27 148888] "AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "QuickTime Task"=D:\Programme\QuickTime\QTTask.exe [2009-05-26 413696] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GAINWARD"=D:\Programme\EXPERTool\TBPanel.exe [2009-04-03 2181672] "DAEMON Tools Lite"=D:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "AdobeBridge"= [] "EPSON Stylus D120 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICCE.EXE [2007-03-12 213504] "Sidebar"=C:\Program Files (x86)\Windows Sidebar\SideBar.exe [2008-01-21 1233920] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HwMonTray.exe - Verknüpfung.lnk - D:\Programme\HWMonitor64_113\HwMonTray.exe QuatoCalibrationLoader.lnk - D:\Programme\iColorDisplay\QuatoCalibrationLoader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "ForceActiveDesktopOn"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "D:\Programme\xchat\xchat.exe"="D:\Programme\xchat\xchat.exe:*:Enabled:XChat IRC Client" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-12-28 13:46:58 ----D---- C:\Program Files (x86)\trend micro 2009-12-28 13:46:57 ----D---- C:\rsit 2009-12-28 13:32:24 ----A---- C:\mbr.exe 2009-12-28 13:31:00 ----A---- C:\lopR.txt 2009-12-28 13:30:29 ----D---- C:\Lop SD 2009-12-28 11:29:25 ----D---- C:\Users\Clemens\AppData\Roaming\Malwarebytes 2009-12-28 11:29:21 ----D---- C:\ProgramData\Malwarebytes 2009-12-28 11:24:43 ----D---- C:\32788R22FWJFW 2009-12-27 22:00:56 ----SHD---- C:\Users\Clemens\AppData\Roaming\SystemProc 2009-12-21 12:05:58 ----RSH---- C:\Windows\system32\nbDX.dll 2009-12-21 12:05:58 ----RSH---- C:\Windows\system32\msfDX.dll 2009-12-21 12:05:58 ----RSH---- C:\Windows\system32\flvDX.dll 2009-12-14 17:58:04 ----A---- C:\Windows\system32\d3dx9_42.dll 2009-12-10 00:13:31 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-10 00:13:30 ----A---- C:\Windows\system32\httpapi.dll 2009-12-09 08:34:41 ----A---- C:\Windows\system32\mshtml.dll 2009-12-09 08:34:40 ----A---- C:\Windows\system32\wininet.dll 2009-12-09 08:34:40 ----A---- C:\Windows\system32\urlmon.dll 2009-12-09 08:34:40 ----A---- C:\Windows\system32\occache.dll 2009-12-09 08:34:39 ----A---- C:\Windows\system32\mstime.dll 2009-12-09 08:34:39 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-09 08:34:39 ----A---- C:\Windows\system32\iertutil.dll 2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieframe.dll 2009-12-09 08:34:39 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-09 08:34:39 ----A---- C:\Windows\system32\ieaksie.dll 2009-12-09 08:34:38 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-09 08:34:38 ----A---- C:\Windows\system32\ieencode.dll 2009-12-09 08:29:25 ----A---- C:\Windows\system32\rastls.dll 2009-12-09 08:29:25 ----A---- C:\Windows\system32\raschap.dll 2009-12-04 23:02:11 ----A---- C:\Windows\avisplitter.ini 2009-12-04 23:02:10 ----A---- C:\Windows\system32\yv12vfw.dll 2009-12-04 23:02:10 ----A---- C:\Windows\system32\xvidvfw.dll 2009-12-04 23:02:10 ----A---- C:\Windows\system32\xvidcore.dll 2009-12-04 23:02:09 ----A---- C:\Windows\system32\ff_vfw.dll.manifest 2009-12-04 23:02:09 ----A---- C:\Windows\system32\ff_vfw.dll 2009-12-04 22:54:04 ----D---- C:\ProgramData\NVIDIA 2009-12-04 22:53:58 ----D---- C:\Program Files (x86)\NVIDIA Corporation 2009-12-04 22:53:17 ----D---- C:\Windows\system32\AGEIA 2009-12-04 22:53:17 ----D---- C:\Program Files (x86)\AGEIA Technologies 2009-12-04 22:53:07 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2009-12-04 22:52:09 ----A---- C:\Windows\system32\OpenCL.dll 2009-12-04 22:52:09 ----A---- C:\Windows\system32\nvwgf2um.dll 2009-12-04 22:52:07 ----A---- C:\Windows\system32\nvoglv32.dll 2009-12-04 22:52:06 ----A---- C:\Windows\system32\nvd3dum.dll 2009-12-04 22:52:06 ----A---- C:\Windows\system32\nvcuvid.dll 2009-12-04 22:52:05 ----A---- C:\Windows\system32\nvcuvenc.dll 2009-12-04 22:52:05 ----A---- C:\Windows\system32\nvcuda.dll 2009-12-04 22:52:04 ----A---- C:\Windows\system32\nvcompiler.dll 2009-12-04 22:52:03 ----A---- C:\Windows\system32\nvapi.dll 2009-12-04 22:52:01 ----D---- C:\NVIDIA 2009-12-03 19:28:18 ----A---- C:\Users\Clemens\AppData\Roaming\iCDPresets.txt ======List of files/folders modified in the last 1 months====== 2009-12-28 13:47:08 ----D---- C:\Windows\Prefetch 2009-12-28 13:47:01 ----D---- C:\Windows\Temp 2009-12-28 13:46:58 ----RD---- C:\Program Files (x86) 2009-12-28 13:38:01 ----SHD---- C:\Windows\Installer 2009-12-28 13:37:58 ----SHD---- C:\System Volume Information 2009-12-28 13:32:27 ----D---- C:\Windows\System32 2009-12-28 13:32:26 ----D---- C:\Windows\inf 2009-12-28 13:28:20 ----D---- C:\Windows\SysWOW64 2009-12-28 13:28:16 ----D---- C:\Users\Clemens\AppData\Roaming\WTablet 2009-12-28 12:09:13 ----D---- C:\Windows\Tasks 2009-12-28 12:09:13 ----D---- C:\Windows 2009-12-28 11:29:22 ----D---- C:\Windows\system32\drivers 2009-12-28 11:29:21 ----D---- C:\ProgramData 2009-12-28 11:21:21 ----D---- C:\Windows\Debug 2009-12-27 22:21:22 ----D---- C:\Users\Clemens\AppData\Roaming\Azureus 2009-12-23 15:33:44 ----D---- C:\temp 2009-12-23 03:06:18 ----D---- C:\ProgramData\Microsoft Help 2009-12-23 03:06:17 ----RSD---- C:\Windows\assembly 2009-12-23 03:05:01 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2009-12-23 03:04:42 ----RSD---- C:\Windows\Fonts 2009-12-23 03:02:09 ----D---- C:\Program Files (x86)\Common Files\System 2009-12-23 03:02:09 ----A---- C:\Windows\win.ini 2009-12-21 11:57:18 ----AD---- C:\ProgramData\TEMP 2009-12-19 23:18:59 ----D---- C:\tmp 2009-12-10 10:29:09 ----D---- C:\Program Files (x86)\Internet Explorer 2009-12-10 00:16:04 ----D---- C:\Windows\winsxs 2009-12-04 22:53:07 ----D---- C:\Program Files (x86)\Common Files 2009-12-04 22:53:02 ----RD---- C:\Program Files 2009-12-04 22:19:43 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2009-12-04 19:11:26 ----D---- C:\Users\Clemens\AppData\Roaming\dvdcss 2009-12-02 22:54:54 ----D---- C:\Users\Clemens\AppData\Roaming\foobar2000 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [] R1 truecrypt;truecrypt; C:\Windows\SysWOW64\drivers\truecrypt.sys [2009-09-15 221376] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648] R3 cmudaxp;ASUS Xonar DS Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys [] R3 cpuz131;cpuz131; \??\C:\Users\Clemens\AppData\Local\Temp\cpuz131\cpuz_x64.sys [] R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-12-28 24072] R3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2009-12-28 30528] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [] R3 RivaTuner64;RivaTuner64; \??\D:\Programme\RivaTuner v2.24\RivaTuner64.sys [2009-05-14 19952] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [] R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [] S2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys [] S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver; \??\D:\Programme\iColorDisplay\DDCDrv.sys [2008-08-29 10240] S3 autexqtw;autexqtw; C:\Windows\system32\drivers\autexqtw.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] S3 mbr;mbr; \??\C:\Users\Clemens\AppData\Local\Temp\mbr.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [] S3 RTCore64;RTCore64; \??\D:\Programme\rmclock_235_bin\RTCore64.sys [] S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S3 X-Rite;X-Rite USB Service; C:\Windows\system32\DRIVERS\XrUsb64.sys [] S3 zlportio;zlportio; \??\UNC\Clemens-laptop\g\Ultrastar\zlportio.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016] R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 spmd;SPM License Server; C:\spm\spmdib.exe [2008-11-25 617472] R2 SQLBrowser;SQL Server-Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232] R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [] R2 UserAccess7;SecuROM User Access Service (V7); C:\Windows\system32\UAService7.exe [2009-06-30 221184] S2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-12-08 68136] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-05-15 1038088] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-15 655624] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-08 4466688] -----------------EOF----------------- Soweit so gut? Allerdings sind unter Systemstart immernoch die deaktivierten Einträge der entsprechenden Dateien vorhanden!  Bei einer manuellen Suche nach den entsprechenden Dateien kommt allerdings nichts heraus. AntiVir läuft momentan noch, hat bis jetzt allerdings auch noch nichts gefunden (dauert jedoch, da die Systemfestplatte Festplatte 1TB groß ist) Was wären übrige, noch ausstehende Schritte das System zu prüfen? (Prinzipiell wäre es eine Gelegenheit das System gleich mit Win7 neu aufzusetzen, dazu fehlt mir jedoch momentan die Zeit) Vielen Dank! |
|
28.12.2009, 22:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Renos.jm über FireFox eingefangen - richtig entfernt? Hallo und
__________________ Lade dir Lop S&D herunter. Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!! Wähle die Sprache deiner Wahl und anschließend die Option 1. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
__________________ |
|
28.12.2009, 22:55
| #3 |
| | Renos.jm über FireFox eingefangen - richtig entfernt? Hier die txt - allerdings meldet Lop SD beim Ausführen einen Fehler ("Parameterformat falsch - 850.")
__________________Code:
ATTFilter --------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Business ( v6.0.6001 ) Service Pack 1
x64-based PC ( Multiprocessor Free : Intel(R) Xeon(R) CPU W3520 @ 2.67GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Clemens ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:390 Go (Free:266 Go)
E:\ (Local Disk) - NTFS - Total:462 Go (Free:64 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 28.12.2009|22:48 )
[ UAC => 0 ]
--------------------\\ Ordner Verzeichnis unter Local
[16.05.2009|17:18] C:\Users\Clemens\AppData\Local\Adobe
[16.04.2009|21:32] C:\Users\Clemens\AppData\Local\Anwendungsdaten
[20.04.2009|20:02] C:\Users\Clemens\AppData\Local\Apple
[05.12.2009|00:03] C:\Users\Clemens\AppData\Local\Apple Computer
[26.06.2009|20:02] C:\Users\Clemens\AppData\Local\ArmA 2 Demo
[30.09.2009|20:44] C:\Users\Clemens\AppData\Local\Autodesk
[04.12.2009|22:51] C:\Users\Clemens\AppData\Local\d3d9caps64.dat
[27.12.2009|15:20] C:\Users\Clemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_64bitEmulator_MSI20BF.txt
[06.10.2009|15:34] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_MSI225D.txt
[06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_x64_MSI2311.txt
[06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_MSI235C.txt
[06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_x64_MSI23A1.txt
[06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_depcheck_VS_PRO_90.txt
[06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_Dexplorer90_retMSI1A44.txt
[06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_DexplorerLP90_retMSI1AC3.txt
[06.10.2009|15:22] C:\Users\Clemens\AppData\Local\dd_dotnetfx35error_lp.txt
[06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_dotnetfx35install_lp.txt
[06.10.2009|15:21] C:\Users\Clemens\AppData\Local\dd_error_vs_procore_90.txt
[06.10.2009|15:37] C:\Users\Clemens\AppData\Local\dd_install_vs_procore_90.txt
[06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_NET_Framework35_LangPack_MSI1A1D.txt
[06.10.2009|15:30] C:\Users\Clemens\AppData\Local\dd_NETCFSetupv2_MSI1FC0.txt
[06.10.2009|15:30] C:\Users\Clemens\AppData\Local\dd_NETCFSetupv35_MSI1FDA.txt
[06.10.2009|15:23] C:\Users\Clemens\AppData\Local\dd_PreReq_AMD64_MSI1A3D.txt
[06.10.2009|15:33] C:\Users\Clemens\AppData\Local\dd_RDBG_AMD64_MSI2250.txt
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_SQLCEToolsForVS2007_MSI2046.txt
[06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_SqlPubWiz.msi2416.txt
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_SSCEDeviceRuntime_MSI2050.txt
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_SSCERuntime_MSI203C.txt
[06.10.2009|15:22] C:\Users\Clemens\AppData\Local\dd_VC_MinRed_MSI19EC.txt
[30.09.2009|20:09] C:\Users\Clemens\AppData\Local\dd_vcredistMSI2094.txt
[17.04.2009|16:48] C:\Users\Clemens\AppData\Local\dd_vcredistMSI5C34.txt
[30.09.2009|20:09] C:\Users\Clemens\AppData\Local\dd_vcredistUI2094.txt
[17.04.2009|16:48] C:\Users\Clemens\AppData\Local\dd_vcredistUI5C34.txt
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_VSTOR_LP_MSI2035.txt
[06.10.2009|15:30] C:\Users\Clemens\AppData\Local\dd_VSTOR_MSI1FFB.txt
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_VSTOR20_LP_MSI2025.txt
[06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_WinSDK_Build_x64_MSI23B8.txt
[06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI23FF.txt
[06.10.2009|15:36] C:\Users\Clemens\AppData\Local\dd_WinSDK_RefInt_x64_MSI2410.txt
[06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_WinSDK_Tools_x64_MSI23AA.txt
[06.10.2009|15:35] C:\Users\Clemens\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI23EC.txt
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_WMPPC_5_0_MSI205D.txt
[06.10.2009|15:31] C:\Users\Clemens\AppData\Local\dd_WMSP_5_0_MSI208E.txt
[04.11.2009|17:45] C:\Users\Clemens\AppData\Local\DFX
[28.11.2009|16:05] C:\Users\Clemens\AppData\Local\Downloaded Installations
[23.12.2009|09:34] C:\Users\Clemens\AppData\Local\GDIPFONTCACHEV1.DAT
[28.12.2009|13:26] C:\Users\Clemens\AppData\Local\IconCache.db
[07.09.2009|16:14] C:\Users\Clemens\AppData\Local\keyfile3.drm
[28.12.2009|15:47] C:\Users\Clemens\AppData\Local\Last.fm
[07.10.2009|16:00] C:\Users\Clemens\AppData\Local\Microsoft
[15.05.2009|19:37] C:\Users\Clemens\AppData\Local\Microsoft Help
[17.04.2009|18:27] C:\Users\Clemens\AppData\Local\MigWiz
[17.04.2009|17:09] C:\Users\Clemens\AppData\Local\Mozilla
[18.04.2009|00:09] C:\Users\Clemens\AppData\Local\Real
[06.10.2009|15:22] C:\Users\Clemens\AppData\Local\SIT16427.tmp
[28.12.2009|22:44] C:\Users\Clemens\AppData\Local\Temp
[16.04.2009|21:32] C:\Users\Clemens\AppData\Local\Temporary Internet Files
[27.05.2009|21:26] C:\Users\Clemens\AppData\Local\The Witcher
[02.10.2009|11:51] C:\Users\Clemens\AppData\Local\Thunderbird
[06.10.2009|15:37] C:\Users\Clemens\AppData\Local\uxeventlog.txt
[16.04.2009|21:32] C:\Users\Clemens\AppData\Local\Verlauf
[17.04.2009|06:48] C:\Users\Clemens\AppData\Local\VirtualStore
[06.10.2009|15:30] C:\Users\Clemens\AppData\Local\VSMsiLog1B87.txt
[44|Datei(en),] C:\Users\Clemens\AppData\Local\Bytes
[23|Verzeichnis(se),] C:\Users\Clemens\AppData\Local\Bytes frei
--------------------\\ Geplante Aufgaben unter C:\Windows\Tasks
[28.12.2009 22:15][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{64BB3058-FB6B-44DD-8337-5FB88C292CF6}.job
[28.12.2009 13:27][--ah-----] C:\Windows\tasks\SA.DAT
[28.12.2009 13:26][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Ordner Verzeichnis unter C:\ProgramData
[15.05.2009|20:15] C:\ProgramData\Adobe
[16.04.2009|21:30] C:\ProgramData\Anwendungsdaten
[20.04.2009|20:02] C:\ProgramData\Apple
[03.06.2009|17:41] C:\ProgramData\Apple Computer
[02.11.2006|16:39] C:\ProgramData\Application Data
[30.09.2009|20:46] C:\ProgramData\Autodesk
[17.04.2009|16:49] C:\ProgramData\Avira
[27.04.2009|21:08] C:\ProgramData\Azureus
[16.05.2009|15:22] C:\ProgramData\Codemasters
[06.06.2009|13:48] C:\ProgramData\DAEMON Tools Lite
[02.11.2006|16:39] C:\ProgramData\Desktop
[04.11.2009|17:45] C:\ProgramData\DFX
[02.11.2006|16:39] C:\ProgramData\Documents
[16.04.2009|21:30] C:\ProgramData\Dokumente
[29.09.2009|07:53] C:\ProgramData\EPSON
[16.04.2009|21:30] C:\ProgramData\Favoriten
[02.11.2006|16:39] C:\ProgramData\Favorites
[30.09.2009|20:44] C:\ProgramData\FLEXnet
[17.04.2009|23:54] C:\ProgramData\Last.fm
[15.05.2009|21:46] C:\ProgramData\LW8.cfg
[15.05.2009|21:46] C:\ProgramData\LWEXT8.cfg
[15.05.2009|21:46] C:\ProgramData\LWM8.cfg
[28.12.2009|11:29] C:\ProgramData\Malwarebytes
[07.10.2009|16:00] C:\ProgramData\Microsoft
[23.12.2009|03:06] C:\ProgramData\Microsoft Help
[17.05.2009|10:14] C:\ProgramData\ntuser.pol
[28.12.2009|13:27] C:\ProgramData\NVIDIA
[28.12.2009|13:28] C:\ProgramData\nvModes.001
[28.12.2009|13:28] C:\ProgramData\nvModes.dat
[06.10.2009|15:27] C:\ProgramData\PreEmptive Solutions
[18.04.2009|00:09] C:\ProgramData\Real
[19.10.2009|10:12] C:\ProgramData\Right Hemisphere
[30.06.2009|19:16] C:\ProgramData\SecuROM
[15.05.2009|20:01] C:\ProgramData\Soulseek
[02.11.2006|16:39] C:\ProgramData\Start Menu
[16.04.2009|21:30] C:\ProgramData\Startmenü
[01.10.2009|12:19] C:\ProgramData\Tages
[21.12.2009|11:57] C:\ProgramData\TEMP
[02.11.2006|16:39] C:\ProgramData\Templates
[16.04.2009|21:30] C:\ProgramData\Vorlagen
[26.04.2009|19:43] C:\ProgramData\WindowsSearch
[6|Datei(en),] C:\ProgramData\Bytes
[37|Verzeichnis(se),] C:\ProgramData\Bytes frei
|
|
28.12.2009, 23:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Renos.jm über FireFox eingefangen - richtig entfernt? Das Log sieht nicht vollständig aus oder war das wirklich alles?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.12.2009, 23:11
| #5 |
| | Renos.jm über FireFox eingefangen - richtig entfernt? Das ist leider der komplette Inhalt der txt-Datei. Wie gesagt, Lop SD bricht mit der Meldung "Parameterformat falsch - 850." ab. (Wurde mit "Als Administrator ausführen" gestartet). Idee, woran das hängen könnte? Evtl nicht x64 kompatibel?  |
|
29.12.2009, 09:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Renos.jm über FireFox eingefangen - richtig entfernt? Ja, das könnte der 64-Bit-Kram sein  Ein 64-Bit-Windows zu bereinigen ist sowieso ein Krampf, da viele andere Tools auch nicht laufen. Allerdings hat die Sache ein Gutes, denn Rootkits sind (fast) unmöglich auf nem 64-Bit-Windows dank der Kernel-Patch-Protection (KPP, Patchguard). Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Renos.jm über FireFox eingefangen - richtig entfernt? |
|
29.12.2009, 10:31
| #7 |
| | Renos.jm über FireFox eingefangen - richtig entfernt? Danke erstmal für Deine Hilfe! OTL hat geklappt und hier die beiden Files: OTL.txt: Code:
ATTFilter OTL logfile created on: 29.12.2009 10:13:05 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Clemens\Desktop 64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 70,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,12 Gb Total Space | 5,18 Gb Free Space | 6,63% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 266,28 Gb Free Space | 68,17% Space Free | Partition Type: NTFS Drive E: | 462,76 Gb Total Space | 64,48 Gb Free Space | 13,93% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CLEMENS-PC Current User Name: Clemens Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Clemens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\UAService7.exe (Sony DADC Austria AG.) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - D:\Programme\EXPERTool\TBPANEL.exe (Gainward Co.) PRC - C:\Programme\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe (CMedia) PRC - C:\Programme\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe () PRC - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - D:\Programme\RivaTuner v2.24\RivaTuner.exe () PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe () PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Clemens\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe () SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (mi-raysat_3dsmax2010_64) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe () SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll () SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll () SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe () SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe () SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\Windows\SysWOW64\UAService7.exe (Sony DADC Austria AG.) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () SRV - (spmd) -- C:\spm\spmdib.exe (mental images GmbH) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 00,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys () DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys () DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys () DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys () DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys () DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys () DRV:64bit: - (X-Rite) -- C:\Windows\SysNative\DRIVERS\XrUsb64.sys () DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys () DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (truecrypt) -- C:\Windows\SysWOW64\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (RivaTuner64) -- D:\Programme\RivaTuner v2.24\RivaTuner64.sys () DRV - (CSC) -- C:\Windows\CSC [2009.04.16 21:25:30 | 00,000,000 | ---D | M] DRV - (cmudaxp) -- C:\Windows\cmudaxp.ini () DRV - (monitor) -- C:\Program Files (x86)\Autodesk\Backburner\monitor.exe (Autodesk, Inc.) DRV - (WinI2C-DDC) -- D:\Programme\iColorDisplay\ddcdrv.sys (Nicomsoft Ltd.) DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows (R) Server 2003 DDK provider) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "[...]xyzspiegel.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.4 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27 FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1344 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Programme\FireFox3\components [2009.12.16 20:34:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Programme\FireFox3\plugins [2009.12.16 20:34:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: D:\Programme\Thunderbird\components [2009.10.02 11:51:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: D:\Programme\Thunderbird\plugins [2009.12.04 22:17:36 | 00,000,000 | ---D | M] [2009.04.17 17:09:49 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Extensions [2009.12.28 23:17:01 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions [2009.12.18 15:29:33 | 00,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} [2009.12.28 23:16:59 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.08.13 19:26:39 | 00,000,000 | ---D | M] (Password Exporter) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2009.12.18 15:29:33 | 00,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2009.12.18 15:29:33 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.11 22:19:16 | 00,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2009.10.08 18:23:44 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\battlefieldheroespatcher@ea.com [2009.04.17 20:33:19 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\moveplayer@movenetworks.com [2009.07.14 19:41:24 | 00,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\zrt4vass.default\extensions\OberonGameHost@OberonGames.com O1 HOSTS File: (794 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.DLL (C-Media Corporation) O4:64bit: - HKLM..\Run: [RivaTuner] D:\Programme\RivaTuner v2.24\RivaTunerWrapper.exe () O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] D:\Programme\RivaTuner v2.24\RivaTunerWrapper.exe () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [QuickTime Task] D:\Programme\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON Stylus D120 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICCE.EXE File not found O4 - HKCU..\Run: [GAINWARD] D:\Programme\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\SideBar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [...]java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [...]java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [...]java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [...]icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.15 06:46:37 | 00,000,019 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009.12.29 10:12:05 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe [2009.12.28 13:46:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2009.12.28 13:46:57 | 00,000,000 | ---D | C] -- C:\rsit [2009.12.28 13:30:29 | 00,000,000 | ---D | C] -- C:\Lop SD [2009.12.28 11:29:25 | 00,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Malwarebytes [2009.12.28 11:29:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009.12.28 11:29:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.12.28 11:24:43 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009.12.27 22:00:56 | 00,000,000 | -HSD | C] -- C:\Users\Clemens\AppData\Roaming\SystemProc [2009.12.21 12:05:58 | 00,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2009.12.21 12:05:58 | 00,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2009.12.21 12:05:58 | 00,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2009.12.21 12:05:58 | 00,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2009.12.21 12:05:58 | 00,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2009.12.21 12:05:58 | 00,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2009.12.21 12:05:58 | 00,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2009.12.21 12:05:58 | 00,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2009.12.14 17:58:04 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll [2009.12.10 00:13:31 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll [2009.12.10 00:13:30 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll [2009.12.09 08:34:40 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009.12.09 08:34:40 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009.12.09 08:34:39 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2009.12.09 08:34:39 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009.12.09 08:34:39 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2009.12.09 08:34:39 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009.12.09 08:34:39 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2009.12.09 08:34:39 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2009.12.09 08:34:39 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009.12.09 08:34:38 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll [2009.12.09 08:34:38 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009.12.09 08:29:25 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll [2009.12.09 08:29:25 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll [2009.12.05 00:03:56 | 00,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\Apple Computer [2009.12.04 23:02:11 | 00,839,680 | ---- | C] ([...]xyzmp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm [2009.12.04 23:02:11 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2009.12.04 23:02:10 | 00,070,656 | ---- | C] (xyzhelixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2009.12.04 22:54:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2009.12.04 22:53:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2009.12.04 22:53:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2009.12.04 22:53:17 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2009.12.04 22:53:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2009.12.04 22:53:02 | 00,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2009.12.04 22:52:09 | 04,241,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2009.12.04 22:52:09 | 00,076,392 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2009.12.04 22:52:07 | 14,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2009.12.04 22:52:06 | 09,333,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2009.12.04 22:52:06 | 02,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2009.12.04 22:52:05 | 04,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2009.12.04 22:52:05 | 01,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2009.12.04 22:52:04 | 11,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2009.12.04 22:52:03 | 01,249,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2009.12.04 22:52:01 | 00,000,000 | ---D | C] -- C:\NVIDIA [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Clemens\AppData\Local\*.tmp files -> C:\Users\Clemens\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009.12.29 10:13:44 | 04,980,736 | -HS- | M] () -- C:\Users\Clemens\ntuser.dat [2009.12.29 10:12:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe [2009.12.29 10:08:26 | 00,069,263 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009.12.29 10:08:25 | 00,069,263 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009.12.29 10:08:25 | 00,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2009.12.29 10:08:25 | 00,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref [2009.12.29 10:08:20 | 00,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2009.12.29 10:08:01 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.12.29 10:08:01 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.12.29 10:08:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.12.29 10:07:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.12.28 23:44:17 | 00,524,288 | -HS- | M] () -- C:\Users\Clemens\ntuser.dat{5e155425-4d00-11de-b41e-00241d160ede}.TMContainer00000000000000000001.regtrans-ms [2009.12.28 23:44:17 | 00,065,536 | -HS- | M] () -- C:\Users\Clemens\ntuser.dat{5e155425-4d00-11de-b41e-00241d160ede}.TM.blf [2009.12.28 23:43:51 | 04,720,474 | -H-- | M] () -- C:\Users\Clemens\AppData\Local\IconCache.db [2009.12.28 22:15:11 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{64BB3058-FB6B-44DD-8337-5FB88C292CF6}.job [2009.12.28 13:38:21 | 00,002,453 | ---- | M] () -- C:\Users\Clemens\Desktop\HiJackThis.lnk [2009.12.28 13:32:27 | 01,566,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009.12.28 13:32:27 | 00,675,162 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2009.12.28 13:32:27 | 00,633,688 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009.12.28 13:32:27 | 00,146,282 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2009.12.28 13:32:27 | 00,118,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009.12.28 13:32:24 | 00,077,312 | ---- | M] () -- C:\mbr.exe [2009.12.28 13:30:12 | 00,501,736 | ---- | M] () -- C:\Users\Clemens\Desktop\LopSD.exe [2009.12.28 11:29:25 | 00,000,609 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.28 11:18:50 | 00,000,685 | ---- | M] () -- C:\Users\Clemens\Desktop\CCleaner.lnk [2009.12.28 10:19:05 | 03,867,535 | ---- | M] () -- C:\Users\Clemens\Desktop\CoFi.exe [2009.12.27 15:20:58 | 00,202,752 | ---- | M] () -- C:\Users\Clemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.26 19:49:17 | 00,000,540 | ---- | M] () -- C:\Users\Clemens\LWHUB8.CFG [2009.12.26 19:48:07 | 00,031,171 | ---- | M] () -- C:\Users\Clemens\LWM8.cfg [2009.12.23 14:06:18 | 00,370,070 | ---- | M] () -- C:\Windows\hd_ico.ico [2009.12.23 14:06:04 | 00,138,978 | ---- | M] () -- C:\Windows\hd_ico.ico.part [2009.12.23 14:04:51 | 00,047,774 | ---- | M] () -- C:\Windows\hd_ico.png [2009.12.23 10:37:15 | 00,001,219 | ---- | M] () -- C:\Users\Clemens\Desktop\Filme.lnk [2009.12.23 09:35:00 | 03,320,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009.12.23 09:34:17 | 00,162,072 | ---- | M] () -- C:\Users\Clemens\AppData\Local\GDIPFONTCACHEV1.DAT [2009.12.23 03:02:09 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini [2009.12.19 22:20:06 | 00,000,491 | ---- | M] () -- C:\Users\Clemens\BandSaw.cfg [2009.12.18 20:01:54 | 00,256,403 | ---- | M] () -- C:\Users\Clemens\Desktop\wheezle1.jpg [2009.12.17 22:53:58 | 00,017,496 | ---- | M] () -- C:\Users\Clemens\LW8.cfg [2009.12.14 18:23:26 | 00,118,452 | ---- | M] () -- C:\Users\Clemens\LWEXT8.cfg [2009.12.14 17:58:20 | 01,892,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll [2009.12.07 18:23:08 | 00,074,880 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys [2009.12.04 22:51:01 | 00,000,732 | ---- | M] () -- C:\Users\Clemens\AppData\Local\d3d9caps64.dat [2009.12.03 20:29:02 | 00,003,582 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.prefs [2009.12.03 20:19:37 | 00,000,488 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.lic [2009.12.03 19:25:24 | 00,000,682 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk [2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009.12.03 16:13:58 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Clemens\AppData\Local\*.tmp files -> C:\Users\Clemens\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.12.29 10:08:25 | 00,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref [2009.12.28 13:38:01 | 00,002,453 | ---- | C] () -- C:\Users\Clemens\Desktop\HiJackThis.lnk [2009.12.28 13:32:24 | 00,077,312 | ---- | C] () -- C:\mbr.exe [2009.12.28 13:30:11 | 00,501,736 | ---- | C] () -- C:\Users\Clemens\Desktop\LopSD.exe [2009.12.28 11:29:25 | 00,000,609 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.12.28 11:29:21 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2009.12.28 11:18:50 | 00,000,685 | ---- | C] () -- C:\Users\Clemens\Desktop\CCleaner.lnk [2009.12.28 10:18:46 | 03,867,535 | ---- | C] () -- C:\Users\Clemens\Desktop\CoFi.exe [2009.12.23 14:06:16 | 00,370,070 | ---- | C] () -- C:\Windows\hd_ico.ico [2009.12.23 14:05:52 | 00,138,978 | ---- | C] () -- C:\Windows\hd_ico.ico.part [2009.12.23 14:04:50 | 00,047,774 | ---- | C] () -- C:\Windows\hd_ico.png [2009.12.23 10:36:54 | 00,001,219 | ---- | C] () -- C:\Users\Clemens\Desktop\Filme.lnk [2009.12.21 12:05:58 | 00,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2009.12.21 12:05:58 | 00,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2009.12.21 12:05:58 | 00,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2009.12.21 12:05:58 | 00,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2009.12.21 12:05:57 | 00,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2009.12.18 20:01:47 | 00,256,403 | ---- | C] () -- C:\Users\Clemens\Desktop\wheezle1.jpg [2009.12.15 18:09:50 | 00,024,521 | ---- | C] () -- C:\Users\Clemens\Documents\Sample EN.gtd - backup 2.gt~ [2009.12.15 18:09:48 | 00,024,679 | ---- | C] () -- C:\Users\Clemens\Documents\Sample CZ.gtd [2009.12.15 18:09:48 | 00,024,521 | ---- | C] () -- C:\Users\Clemens\Documents\Sample EN.gtd [2009.12.10 00:13:31 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll [2009.12.10 00:13:30 | 00,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys [2009.12.10 00:13:30 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll [2009.12.09 08:34:42 | 05,686,272 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2009.12.09 08:34:40 | 07,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2009.12.09 08:34:40 | 01,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2009.12.09 08:34:40 | 01,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2009.12.09 08:34:40 | 00,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2009.12.09 08:34:39 | 01,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2009.12.09 08:34:39 | 00,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2009.12.09 08:34:39 | 00,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec [2009.12.09 08:34:39 | 00,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2009.12.09 08:34:39 | 00,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2009.12.09 08:34:39 | 00,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2009.12.09 08:34:39 | 00,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2009.12.09 08:34:39 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll [2009.12.09 08:34:39 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2009.12.09 08:34:38 | 01,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2009.12.09 08:34:38 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2009.12.09 08:29:25 | 00,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll [2009.12.09 08:29:25 | 00,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll [2009.12.04 23:02:11 | 00,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml [2009.12.04 23:02:11 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.12.04 23:02:10 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.12.04 23:02:10 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.12.04 23:02:09 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.12.04 23:02:09 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009.12.04 22:56:53 | 00,069,263 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.04 22:56:24 | 00,069,263 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.04 22:52:09 | 13,694,056 | ---- | C] () -- C:\Windows\SysNative\drivers\nvlddmkm.sys [2009.12.04 22:52:09 | 05,915,752 | ---- | C] () -- C:\Windows\SysNative\nvwgf2umx.dll [2009.12.04 22:52:09 | 00,076,904 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll [2009.12.04 22:52:09 | 00,011,240 | ---- | C] () -- C:\Windows\SysNative\drivers\nvBridge.kmd [2009.12.04 22:52:09 | 00,008,862 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2009.12.04 22:52:07 | 19,223,144 | ---- | C] () -- C:\Windows\SysNative\nvoglv64.dll [2009.12.04 22:52:06 | 11,775,080 | ---- | C] () -- C:\Windows\SysNative\nvd3dumx.dll [2009.12.04 22:52:05 | 05,347,944 | ---- | C] () -- C:\Windows\SysNative\nvcuda.dll [2009.12.04 22:52:05 | 02,332,264 | ---- | C] () -- C:\Windows\SysNative\nvcuvid.dll [2009.12.04 22:52:05 | 02,028,136 | ---- | C] () -- C:\Windows\SysNative\nvcuvenc.dll [2009.12.04 22:52:03 | 15,874,664 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll [2009.12.04 22:52:03 | 01,541,736 | ---- | C] () -- C:\Windows\SysNative\nvapi64.dll [2009.12.04 22:52:03 | 00,202,344 | ---- | C] () -- C:\Windows\SysNative\nvcod178.dll [2009.12.04 22:52:03 | 00,202,344 | ---- | C] () -- C:\Windows\SysNative\nvcod.dll [2009.12.03 19:31:29 | 00,000,488 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.lic [2009.12.03 19:28:18 | 00,003,582 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\iColorDisplay3.prefs [2009.12.03 19:28:18 | 00,000,033 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\iCDPresets.txt [2009.12.03 19:27:58 | 00,033,600 | ---- | C] () -- C:\Windows\SysNative\drivers\XrUsb64.sys [2009.12.03 19:25:24 | 00,000,682 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk [2009.11.26 19:36:49 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll [2009.11.17 18:23:10 | 00,000,053 | R--- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2009.11.17 18:23:03 | 00,139,264 | R--- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2009.11.17 18:22:49 | 00,041,410 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2009.11.17 18:22:29 | 00,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2009.11.17 18:22:27 | 00,004,967 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2009.10.27 23:22:13 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.10.17 17:52:28 | 00,000,315 | ---- | C] () -- C:\Windows\doom3.ini [2009.10.09 14:47:32 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.10.09 12:57:17 | 00,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.09 12:57:17 | 00,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.06 15:36:08 | 00,185,418 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SqlPubWiz.msi2416.txt [2009.10.06 15:36:05 | 00,283,618 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_RefInt_x64_MSI2410.txt [2009.10.06 15:36:00 | 00,735,094 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI23FF.txt [2009.10.06 15:35:54 | 00,440,252 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI23EC.txt [2009.10.06 15:35:38 | 05,358,576 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_Build_x64_MSI23B8.txt [2009.10.06 15:35:34 | 00,653,468 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WinSDK_Tools_x64_MSI23AA.txt [2009.10.06 15:35:31 | 00,252,652 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_x64_MSI23A1.txt [2009.10.06 15:35:10 | 00,551,574 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007LangPack_MSI235C.txt [2009.10.06 15:34:47 | 02,486,258 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_x64_MSI2311.txt [2009.10.06 15:33:52 | 04,636,286 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_CrystalReports2007_MSI225D.txt [2009.10.06 15:33:48 | 01,258,434 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_RDBG_AMD64_MSI2250.txt [2009.10.06 15:33:28 | 01,448,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.06 15:31:45 | 00,291,922 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_64bitEmulator_MSI20BF.txt [2009.10.06 15:31:30 | 05,146,448 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WMSP_5_0_MSI208E.txt [2009.10.06 15:31:15 | 07,062,270 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_WMPPC_5_0_MSI205D.txt [2009.10.06 15:31:11 | 00,736,770 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SSCEDeviceRuntime_MSI2050.txt [2009.10.06 15:31:08 | 00,332,994 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SQLCEToolsForVS2007_MSI2046.txt [2009.10.06 15:31:05 | 00,377,600 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_SSCERuntime_MSI203C.txt [2009.10.06 15:31:03 | 00,297,174 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VSTOR_LP_MSI2035.txt [2009.10.06 15:30:58 | 00,944,454 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VSTOR20_LP_MSI2025.txt [2009.10.06 15:30:45 | 00,843,820 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VSTOR_MSI1FFB.txt [2009.10.06 15:30:36 | 01,047,898 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_NETCFSetupv35_MSI1FDA.txt [2009.10.06 15:30:27 | 01,014,268 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_NETCFSetupv2_MSI1FC0.txt [2009.10.06 15:24:56 | 52,955,438 | ---- | C] () -- C:\Users\Clemens\AppData\Local\VSMsiLog1B87.txt [2009.10.06 15:23:56 | 00,343,146 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_DexplorerLP90_retMSI1AC3.txt [2009.10.06 15:23:17 | 02,863,912 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_Dexplorer90_retMSI1A44.txt [2009.10.06 15:23:15 | 00,368,326 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_PreReq_AMD64_MSI1A3D.txt [2009.10.06 15:23:05 | 00,609,960 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_NET_Framework35_LangPack_MSI1A1D.txt [2009.10.06 15:23:00 | 00,034,086 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009.10.06 15:22:59 | 00,075,526 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_dotnetfx35install_lp.txt [2009.10.06 15:22:59 | 00,000,002 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_dotnetfx35error_lp.txt [2009.10.06 15:22:50 | 00,839,124 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_VC_MinRed_MSI19EC.txt [2009.10.06 15:21:50 | 00,227,189 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_depcheck_VS_PRO_90.txt [2009.10.06 15:21:46 | 00,663,570 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_install_vs_procore_90.txt [2009.10.06 15:21:46 | 00,031,784 | ---- | C] () -- C:\Users\Clemens\AppData\Local\uxeventlog.txt [2009.10.06 15:21:46 | 00,000,002 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_error_vs_procore_90.txt [2009.09.30 20:09:34 | 00,415,900 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistMSI2094.txt [2009.09.30 20:09:34 | 00,011,406 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistUI2094.txt [2009.09.07 16:14:13 | 00,004,096 | -H-- | C] () -- C:\Users\Clemens\AppData\Local\keyfile3.drm [2009.08.31 13:27:13 | 00,000,084 | ---- | C] () -- C:\Windows\winamp.ini [2009.08.03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.05.15 21:46:18 | 00,118,188 | ---- | C] () -- C:\ProgramData\LWEXT8.cfg [2009.05.15 21:46:18 | 00,025,760 | ---- | C] () -- C:\ProgramData\LWM8.cfg [2009.05.15 21:46:18 | 00,017,486 | ---- | C] () -- C:\ProgramData\LW8.cfg [2009.05.15 19:54:09 | 00,000,688 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.17 23:40:48 | 00,202,752 | ---- | C] () -- C:\Users\Clemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.17 21:37:59 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2009.04.17 21:01:33 | 00,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2009.04.17 17:53:33 | 00,000,880 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.04.17 17:11:51 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.04.17 16:47:59 | 00,419,366 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistMSI5C34.txt [2009.04.17 16:47:58 | 00,011,390 | ---- | C] () -- C:\Users\Clemens\AppData\Local\dd_vcredistUI5C34.txt [2009.04.16 21:32:33 | 00,000,732 | ---- | C] () -- C:\Users\Clemens\AppData\Local\d3d9caps64.dat [2009.03.12 07:30:20 | 00,000,516 | R--- | C] () -- C:\Windows\cmudaxp.ini [2009.02.12 08:11:45 | 00,007,718 | ---- | C] () -- C:\Windows\cadx2.ini [2008.01.21 03:48:25 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 03:48:07 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.01.10 08:44:26 | 01,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 507 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report >  Leider sieht die Sache wohl doch nicht so gut aus, wie ich in der Zwischenzeit dachte - gerade im Moment beim Erstellen des Beitrags sprang mein AntiVir plötzlich an und meldete mir eine der Dateien. Die sollte eigtl schon entfernt gewesen sein - bedeutet das, ich habe mich reinfiziert oder haben sowohl AntiVir, als auch Anti-Malware die Datei bei den späteren Suchdurchläufen gestern nicht finden können?  |
|
29.12.2009, 10:34
| #8 |
| | Renos.jm über FireFox eingefangen - richtig entfernt? Hier nun die Extras.txt (ging über das Zeichenlimit des Beitrags hinaus) Code:
ATTFilter OTL Extras logfile created on: 29.12.2009 10:13:05 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Clemens\Desktop
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 70,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 5,18 Gb Free Space | 6,63% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 266,28 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 462,76 Gb Total Space | 64,48 Gb Free Space | 13,93% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CLEMENS-PC
Current User Name: Clemens
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\FireFox3\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3217975060-3964529262-2517402447-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\xchat\xchat.exe" = D:\Programme\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"D:\Programme\xchat\xchat.exe" = D:\Programme\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC72CED-382B-4675-BF91-F014A0A9CFE3}" = rport=445 | protocol=6 | dir=out | app=system |
"{122344B6-7315-4F12-812F-DC0551C39F44}" = lport=139 | protocol=6 | dir=in | app=system |
"{12B70408-5D96-42F8-9251-23F45DA12D37}" = lport=445 | protocol=6 | dir=in | app=system |
"{16747378-E304-4470-A9F7-C542327C1777}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D1993B8-9EF8-43C1-95D4-BF61E3C68F0D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3633CB77-F8F1-40FB-B698-F91034633095}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{36B58CD0-15DE-4457-AACD-F7CB93335422}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AAD84833-6976-4D00-94A6-2BF6020183C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3FFED50-9E91-45CF-B6B1-714ED7F98F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC2E8773-4145-461F-A33D-54C599D46DF2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F38A4C31-39BC-4241-9FEF-E4F28DDA37DC}" = lport=137 | protocol=17 | dir=in | app=system |
"{FBDEEEB4-1A23-4B7E-896F-3CF5EB13F2E7}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E6CFD3-7C67-46DD-B559-1675580E9C9E}" = protocol=17 | dir=in | app=e:\spiele\arma2demo\arma2demo.exe |
"{09B85D0B-B8BF-499E-B7E0-6F2F9E76B04C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{16AEE88A-6F3A-4ACA-8DBF-F9739EFEA2CA}" = protocol=6 | dir=in | app=e:\spiele\anno1404\tools\anno4web.exe |
"{17DA8938-45A5-4F3A-9A04-5A4C04A14A50}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{184CA00D-C25C-4413-B1D5-2DC5328782B1}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |
"{244CFA23-251D-42CB-B9EE-35BA4FE86818}" = protocol=17 | dir=in | app=e:\spiele\annodemo\anno4.exe |
"{37FA0075-55F8-4223-9863-D9A1C5A42C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |
"{3925C930-6AFF-41C2-8D12-A4A6F92084F5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3F26B0FD-3A8C-45C7-B2FF-1706567BCBDB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{41C97EE4-CC95-4D66-B586-4BA8862FBC56}" = protocol=6 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"{4AA85150-6A2B-4459-8277-819FEE3C2AAD}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{5025A447-6A5E-450E-B85D-34BB43AF26C7}" = protocol=6 | dir=in | app=e:\spiele\annodemo\tools\benchmark.exe |
"{5D42FA32-1254-46BC-AE16-4421032EB12B}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{682CB30B-17CA-4C49-B04D-271353FD73D0}" = protocol=6 | dir=in | app=e:\spiele\f.e.a.r\fear.exe |
"{68DDE9C8-168D-4754-9929-A507C136D313}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E17098E-D19E-46F1-AA11-D3EF6D82376E}" = protocol=6 | dir=in | app=e:\spiele\annodemo\anno4.exe |
"{75E4B520-5309-4DF4-AF25-E4CA2756D2DF}" = protocol=6 | dir=in | app=e:\spiele\arma2demo\arma2demo.exe |
"{77E032D3-8F7F-47F4-A503-5733E3CFA0D9}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\3dsmax.exe |
"{7AC38695-3680-4FD9-BEDD-839C05461609}" = protocol=6 | dir=in | app=e:\spiele\grid11\grid.exe |
"{7B8BFFA7-D56E-458C-8B6A-34CED0E0C2EF}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{7BD29C11-1499-4F05-99F6-C2DA661E0EB2}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{7C3A3FA7-BD95-4BCD-8B31-3E2154633345}" = protocol=6 | dir=in | app=e:\spiele\ofp2\ofdr.exe |
"{83BCE090-6324-439B-881F-A60BC6BCBF47}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe |
"{8C7D608B-9839-4202-9B64-32B66E5A82CE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{96518C74-653E-427C-951B-C9CBFC556D0A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{9A0838DD-7F13-4DF4-B0D3-08399BE82239}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{9DA2D4C7-EF32-493C-AC27-913FC33CC389}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{9E3673B6-32A8-4C8E-9B2C-3511DCE31037}" = protocol=17 | dir=in | app=e:\spiele\ofp2\ofdr.exe |
"{9FE5D594-88F9-453C-B580-3F6986445FB8}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{A4C7328C-5ACA-4931-9D8A-847894B0A71D}" = protocol=17 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"{A5F28160-E80B-4C10-904A-A1D2F8D759EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7E80553-90D7-4C97-B0FF-775E58EFE6B3}" = protocol=17 | dir=in | app=e:\spiele\f.e.a.r\fear.exe |
"{A802E467-53A4-431D-9148-A7383D7155C0}" = protocol=6 | dir=in | app=e:\spiele\anno1404\anno4.exe |
"{A992D4FE-5269-42FD-BDC0-C6BEAC2D334E}" = protocol=17 | dir=in | app=e:\spiele\annodemo\tools\benchmark.exe |
"{A9C9CB6B-3D78-4FBC-9E8A-87995D510776}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B9FFEEBB-FFBC-4E4E-BB1C-2531A1454696}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |
"{BAE0388A-8DA3-4162-AF18-952B94E80443}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{BB5FFDFD-FC0B-4C6E-971A-E1E901D2F648}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{C32503F2-AD15-41A6-B2A1-4322F99B6814}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C47599AD-982E-4346-A731-0209B8244A73}" = protocol=17 | dir=in | app=e:\spiele\anno1404\tools\anno4web.exe |
"{C59B2AAE-C2A6-49BE-82D4-5BF60404C914}" = protocol=17 | dir=in | app=e:\spiele\grid11\grid.exe |
"{C8693D67-A4BC-4862-A36F-E7DC0B2A3427}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{D0A2F776-562E-45AB-B7E6-A0F9D2FD5AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D1B7CE29-0209-4541-8310-E3A6C0E42EF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E27A6FE6-6DE5-433A-AE9C-DF9B7790D6EE}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe |
"{ED0502B6-4A36-4B00-B52D-C54117520CD6}" = protocol=17 | dir=in | app=e:\spiele\anno1404\anno4.exe |
"TCP Query User{1C2B884A-E34D-495B-BE48-7A49AD551217}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{2006DB4C-2F74-4141-9F60-062DF4010711}E:\grid_ex\grid.exe" = protocol=6 | dir=in | app=e:\grid_ex\grid.exe |
"TCP Query User{27348DE9-F863-407E-8F8D-1DB0058310D7}D:\programme\lightwave8\programs\lightwav.patched.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\lightwav.patched.exe |
"TCP Query User{29F9D8C6-5E07-422B-99A5-958DC5143D10}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{3AB21C00-05EF-4F5D-ADE6-29D37F040D5D}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{3C5FB9FF-BBFD-418F-9B6E-9A8252EE7AD3}D:\programme\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"TCP Query User{50413443-91C7-4EF1-8740-62DACA49609E}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"TCP Query User{5D57A56A-578A-48E8-B056-7785B0E4F66F}E:\spiele\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"TCP Query User{5ED85A9B-9E31-4F2D-9958-378770236290}D:\programme\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"TCP Query User{65CD97B3-6E06-40C9-9209-103CF950EE72}D:\programme\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\programme\azureus\azureus.exe |
"TCP Query User{6C3E2535-D109-47FA-B1A0-007478470AAB}E:\spiele\ultimaonline\uopatch.exe" = protocol=6 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"TCP Query User{6F340315-198D-4110-8D14-F0A561BCDB3B}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=6 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"TCP Query User{742488D2-7082-4526-993B-8FE293D880BA}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe |
"TCP Query User{7FF9D8CC-4E90-41D7-9343-43CDF4E87F73}D:\programme\lightwave8\programs\modeler.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\modeler.exe |
"TCP Query User{8778A66B-E879-4A8F-9466-09482888FD70}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=6 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"TCP Query User{AC2743D3-BE12-4716-B4A2-2CC1EC92C278}D:\programme\firefox3\firefox.exe" = protocol=6 | dir=in | app=d:\programme\firefox3\firefox.exe |
"TCP Query User{BF2670F2-33C3-4F33-86C7-4610BCD296E5}E:\spiele\ultimaonline\uopatch.exe" = protocol=6 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"TCP Query User{C2A96B28-F2B8-4E07-A698-B4BC42E070EC}D:\programme\lightwave8\programs\hub.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"TCP Query User{DEB9E017-B6E7-49EF-9137-13A9BB446805}D:\programme\cryptload_1.1.6\cryptload.exe" = protocol=6 | dir=in | app=d:\programme\cryptload_1.1.6\cryptload.exe |
"TCP Query User{E0C52649-BC06-4D52-97FF-42E688D0B55A}D:\programme\xchat\xchat.exe" = protocol=6 | dir=in | app=d:\programme\xchat\xchat.exe |
"TCP Query User{E9345688-1100-4FE8-B702-2EAB442BE056}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"TCP Query User{F82E9A08-A4C3-459F-8887-17356F13D701}D:\programme\lightwave8\programs\hub.exe" = protocol=6 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"TCP Query User{F97079F8-C288-45DF-848D-0F58EC7C3B75}D:\programme\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\programme\azureus\azureus.exe |
"TCP Query User{FA21F41D-FE74-4BBB-9DBC-BC5AE12EFF2E}E:\grid_ex\grid.exe" = protocol=6 | dir=in | app=e:\grid_ex\grid.exe |
"UDP Query User{0270359E-8F52-45C4-97B3-BC581FBC2EA1}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{0283B0FD-8A1C-4AD0-A423-3794BC15542F}D:\programme\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"UDP Query User{0447403D-A056-4CBF-935B-063C5086DCAA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1D85589C-B432-4510-B2E1-75C37CC1EC5E}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"UDP Query User{1F07D089-30B6-4DC7-821B-0CE4A190E3AD}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=17 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"UDP Query User{24422813-D890-40FB-93B9-109E16CF87BE}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe |
"UDP Query User{352FBFC1-0D1F-4972-BF1F-4C11D76565B2}D:\programme\xchat\xchat.exe" = protocol=17 | dir=in | app=d:\programme\xchat\xchat.exe |
"UDP Query User{39C956C8-3FDE-4397-A0BB-A27B2AA4FF45}D:\programme\lightwave8\programs\hub.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"UDP Query User{4B9C67A9-7E2A-4239-8746-D6E0E72ED2C2}D:\programme\lightwave8\programs\lightwav.patched.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\lightwav.patched.exe |
"UDP Query User{6166206D-C45B-44CC-B3B3-1B37DB2C4A98}E:\spiele\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\spiele\ut3\binaries\ut3.exe |
"UDP Query User{633E81F2-22A1-4269-9D86-6E7A157540AF}D:\programme\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\programme\soulseekns\slsk.exe |
"UDP Query User{75AFB698-0405-49CA-84ED-72B03A1CDF3D}D:\programme\firefox3\firefox.exe" = protocol=17 | dir=in | app=d:\programme\firefox3\firefox.exe |
"UDP Query User{9EB34DF3-D28F-4828-B4C6-BFB27E0F7924}D:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe" = protocol=17 | dir=in | app=d:\programme\xsi7_64\xsi_7.01_x64\application\bin\xsi.exe |
"UDP Query User{A6DF9D81-6B9F-4242-A087-4145E0F463D0}D:\programme\lightwave8\programs\hub.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\hub.exe |
"UDP Query User{A8923D9F-453B-43F1-A0EF-4BE8EDAB299D}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{AFAA03D3-DD1D-4771-81D0-545524D994FF}D:\programme\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\programme\azureus\azureus.exe |
"UDP Query User{B90E8537-74BE-4B97-9698-322B4011C532}D:\programme\lightwave8\programs\modeler.patched.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\modeler.patched.exe |
"UDP Query User{BB38DB86-28BE-4E04-AD3F-A3BF15600B3C}E:\grid_ex\grid.exe" = protocol=17 | dir=in | app=e:\grid_ex\grid.exe |
"UDP Query User{CF76921E-8AEE-4943-BECC-564375283A58}E:\grid_ex\grid.exe" = protocol=17 | dir=in | app=e:\grid_ex\grid.exe |
"UDP Query User{D9264948-333A-410E-B20A-94043561036C}D:\programme\cryptload_1.1.6\cryptload.exe" = protocol=17 | dir=in | app=d:\programme\cryptload_1.1.6\cryptload.exe |
"UDP Query User{E4506335-372F-413C-9720-3DC2114614C7}E:\spiele\ultimaonline\uopatch.exe" = protocol=17 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"UDP Query User{EB527734-0952-4BC1-B7EA-7F9F95F6FBAD}E:\spiele\ultimaonline\uopatch.exe" = protocol=17 | dir=in | app=e:\spiele\ultimaonline\uopatch.exe |
"UDP Query User{EF44F10F-A111-4D03-ABE9-311E92B82F27}D:\programme\lightwave8\programs\modeler.exe" = protocol=17 | dir=in | app=d:\programme\lightwave8\programs\modeler.exe |
"UDP Query User{F06EC7E6-B981-4AB3-9B08-16DD96693485}D:\programme\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\programme\azureus\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{24F84124-A8BE-4A93-9F0A-7892160BA450}" = SOFTIMAGE XSI 7.01
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C850287-4CD5-4FAD-BE39-A4AF7851A7C6}" = GRID Demo
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{57EF5EE1-E32B-4EDE-9D50-3A82126800EE}" = Batman: Arkham Asylum Demo
"{5940AABD-1573-4CBC-B82F-CA526690FEB5}" = OGRE Command Line Tools
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62BBFDA0-306C-4022-8E40-021C073CB3AF}" = NewTek LightWave 3D [8]
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD07558-BEA5-435C-B122-183653E23EB4}" = SOFTIMAGE XSI 7.01
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87A27A8D-6384-4AF9-B219-025A51775234}" = Deep Exploration 5.7
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B1702138-0937-4A36-9BE3-9A19B5168DAD}" = Max 5.0.8
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2975B11-82F4-47D9-A0AC-99E36A0E9ECB}" = SOFTIMAGE License Server 1.1.11.1502
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ArmA2 Demo" = ArmA2 Demo Uninstall
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"CCleaner" = CCleaner
"DVD-lab PRO 2.5_is1" = DVD-lab PRO 2.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXPERTool_is1" = EXPERTool 7.4
"foobar2000" = foobar2000 v0.9.6.9
"Fraps" = Fraps (remove only)
"GIF Animator" = Microsoft GIF Animator
"GTD Tree_is1" = GTD Tree 1.0.3
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1124.1
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGRE SDK" = OGRE SDK 1.6.4 for Visual C++ 2008
"OpenAL" = OpenAL
"PRJPRO" = Microsoft Office Project Professional 2007
"RealAlt_is1" = Real Alternative 1.7.5
"RivaTuner" = RivaTuner v2.24
"RTTSoftware DeltaView free 8.5" = RTTSoftware DeltaView free 8.5 (uninstall only)
"Soulseek2" = SoulSeek 157 NS 13d
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"The FilmMachine_is1" = The FilmMachine 1.6
"TrueCrypt" = TrueCrypt
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.4f
"Unreal Tournament 3 Tweaker" = Unreal Tournament 3 Tweaker 5.0
"Vista Icon Pack ST_is1" = Vista Icon Pack ST
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Vue 7.5 Infinite PLE 64bit" = Vue 7.5 Infinite PLE 64bit
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"xchat" = XChat 2 (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iColorDisplay" = iColor Display 3.5.0.0 (nur entfernen)
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"pdfsam" = pdfsam
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.12.2009 10:29:03 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 28.12.2009 10:51:10 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 28.12.2009 11:57:01 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 28.12.2009 17:47:43 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 28.12.2009 18:09:34 | Computer Name = Clemens-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GUI.exe, Version 1.0.0.1, Zeitstempel 0x47e8c0ab,
fehlerhaftes Modul HM.dll, Version 1.0.0.1, Zeitstempel 0x490ab2ad, Ausnahmecode
0xc0000005, Fehleroffset 0x000025de, Prozess-ID 0x940, Anwendungsstartzeit 01ca87b93b28efa7.
Error - 29.12.2009 05:08:09 | Computer Name = Clemens-PC | Source = SPM_syslog | ID = 4100
Description = SPM_ERROR (C:\spm\spmdib.exe): Can't get display name for service:
"SPM License Server" (Der angegebene Dienst ist kein installierter Dienst.)
Error - 29.12.2009 05:08:10 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 29.12.2009 05:08:25 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 29.12.2009 05:08:46 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 29.12.2009 05:08:55 | Computer Name = Clemens-PC | Source = Windows Search Service | ID = 1006
Description =
[ System Events ]
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7032
Description =
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 08.09.2009 15:27:27 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 08.09.2009 16:06:51 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 08.09.2009 16:06:51 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
Wäre es nun zu empfehlen, die gleiche Prozedur mit CCleaner und Anti-Malware nochmal durchlaufen zu lassen, wegen dem erneuten Fund? |
|
29.12.2009, 10:55
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Renos.jm über FireFox eingefangen - richtig entfernt? Bitte die von AntiVir gemeldete Datei und diese hier: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2009, 11:42
| #10 |
| | Renos.jm über FireFox eingefangen - richtig entfernt? Gibt es einen Grund, warum ich die Dateien selbst im Verzeichnis nicht finde, sie aber definitiv vorhanden sind? (Versteckte Dateien sind in den Ordner-Optionen eingeblendet) Konnte das Ganze jedoch umgehen, in dem ich beim Hochladen schlicht den Pfad und Dateinamen reinkopieren konnte. Hier die VirusTotal Ergebnisse: C:\Windows\SysWow64\MPCDx.ax <-eSafe Meldung C:\Windows\SysWow64\RLMPCDec.ax <-eSafe Meldung C:\Windows\SysWow64\FLACDX.ax <-eSafe Meldung C:\Windows\SysWow64\RLAPEDec.ax <- Hier schlägt McAfee drauf an (Heuristic.LooksLike.Trojan.Crypt.ZPACK.B) C:\Windows\SysWow64\ac3DX.ax <- Keine Meldung Die von AntiVir gefundene C:\Users\Clemens\AppData\Local\Temp\rmoxsewanec.exe hab ich leider nach dem Fund direkt löschen lassen. |
|
29.12.2009, 12:11
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Renos.jm über FireFox eingefangen - richtig entfernt? Kannst Du die Dateien verschieben, zB nach c:\backup?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2009, 13:21
| #12 |
| | Renos.jm über FireFox eingefangen - richtig entfernt? Nein, leider werden diese Dateien anscheinend vom Windows Explorer ausgeblendet (obwohl 'versteckte Dateien anzeigen' aktiviert ist) - spaßeshalber hab ich es bereits mit Total Commander probiert, dort werden die Dateien ebenfalls nicht angezeigt.  Lediglich die auf dem Screenshot befindlichen *.ax Dateien sind im SysWow64 Verzeichnis sicht- und anwählbar. Wenn ich den kompletten Pfad also beispielsweise C:\Windows\SysWow64\RLAPEDec.ax in die Adresszeile eingebe kann ich die Datei allerdings mit einem Programm meiner Wahl öffnen lassen - also Lese-Rechte scheine ich zu haben. |
|
29.12.2009, 13:43
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Renos.jm über FireFox eingefangen - richtig entfernt? Lässt Du Dir alle Dateien anzeigen? Auch versteckte und geschützte Systemdateien?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2009, 14:01
| #14 |
| | Renos.jm über FireFox eingefangen - richtig entfernt? Ok peinlich - könnte mir mit dem Kopf auf die Tischplatte hauen - ja, das hat ich natürlich übersehen. Das Verschieben hat problemlos geklappt. Haben diese Dateien denn ein Bezug zur Infektion deiner Meinung nach? |
|
29.12.2009, 14:37
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Renos.jm über FireFox eingefangen - richtig entfernt? Könnte sein. Hier noch 2 Kandidaten zur Auswertung: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Renos.jm über FireFox eingefangen - richtig entfernt? |
| 32-bit, 64-bit, adobe, adware.agent, antivir, antivir guard, avg, avgntflt.sys, avira, bho, browser, c:\windows\temp, device driver, diagnostics, entfernen, entfernt?, error, excel, fehlermeldung, firefox, gainward, gigabyte, hdaudio.sys, hijack.displayproperties, hijackthis, installation, local\temp, log-datei, logfile, malware.packer, malware.trace, malwarebytes' anti-malware, mssql, nc.exe, nvlddmkm.sys, plug-in, problem, programdata, pup.keylogger, realtek, registrierungsschlüssel, registry, renos.jm, rundll, service pack 1, software, start menu, studio, svchost.exe, system, syswow64, trojan.downloader, trojan.dropper, trojaner, usb, vista, visual studio, warum, windows\temp, {66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job |
Linear-Darstellung
