| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Frffrf.exe -Trojaner! (TR/Spy.gen)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.05.2010, 18:29
| #1 |
| |  Frffrf.exe -Trojaner! (TR/Spy.gen) Also auf meinem Pc wird seit gestern die Datei frffrf.exe als Trojaner von AntiVir gemeldet. Egal wie oft ich versuche es in Quarantäne zu verschieben oder ähnliches , die Meldung kommt immer wieder. Habe auch schon versucht die entsprechende Datei im abgesicherten Modus zu löschen , aber sie ist einfach nicht da! Ort : C\Users\sebastian\AppData\Local\Temp\frffrf.exe Hier noch ein Hijackthislog(mein 1st mal mit Hijackthis , entschuldigt wenn es zuviel ist oder falsch) : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:21:38, on 16.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\explorer.exe C:\Windows\System32\Update\WindowsUpdate.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe C:\Program Files\HomeCinema\TV Enhance\TVEService.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DNA\btdna.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\system32\CLWatson.exe C:\Users\sebastian\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\sebastian\Desktop\HiJackThis204.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\scvhost\svchost.exe,wuauserv.exe O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\install\m32.exe O4 - HKLM\..\Run: [svchost] C:\Windows\System32\svchost\svchost.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\sebastian\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [RGSC] C:\Users\sebastian\Desktop\lan games\gta4\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [Google Update] "C:\Users\sebastian\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\SEBAST~1\AppData\Local\Temp\settdebugx.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AppVodBurner] C:\Program Files\VodBurner\vodburner.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\install\m32.exe O4 - HKCU\..\Run: [svchost] C:\Windows\System32\svchost\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [] C:\Windows\System32\svchost\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\m32.exe O4 - HKCU\..\Policies\Explorer\Run: [] C:\Windows\System32\svchost\svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\m32.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: CurseClientStartup.ccip O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: WeGame.lnk = C:\Program Files\WeGame\wegame.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13544 bytes ________________________________________ Bitte um Hilfe! |
|
17.05.2010, 18:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Frffrf.exe -Trojaner! (TR/Spy.gen) Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
18.05.2010, 18:13
| #3 |
| | Frffrf.exe -Trojaner! (TR/Spy.gen) Malwarebytes' Anti-Malware 1.46
__________________www.malwarebytes.org Datenbank Version: 4110 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 18.05.2010 19:07:39 mbam-log-2010-05-18 (19-07-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 527193 Laufzeit: 3 Stunde(n), 2 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 7 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 10 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7p1m5m45-e57f-b54v-46yh-864v2n85exsn} (Generic.Bot.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8m6e5332-h2ef-8oad-2h4w-7a7ub3ue33um} (Generic.Bot.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{qsu2q813-5t21-8m64-8x4c-u087j47542j4} (Generic.Bot.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y2f05033-7nvm-fv51-g71c-8db8o18iydnq} (Generic.Bot.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\(default) (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\(default) (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (userinit.exe,C:\Windows\system32\scvhost\svchost.exe,wuauserv.exe) Good: (Userinit.exe) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\Update\WindowsUpdate.exe (Generic.Bot.H) -> No action taken. C:\Windows\System32\svchost\svchost.exe (Generic.Bot.H) -> No action taken. C:\Windows\System32\install\m32.exe (Generic.Bot.H) -> No action taken. C:\Users\sebastian\AppData\Roaming\svchost.exe (Generic.Bot.H) -> No action taken. C:\Users\sebastian\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken. C:\ProgramData\sysReserve.ini (Malware.Trace) -> No action taken. C:\Users\sebastian\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken. C:\Users\sebastian\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken. C:\Windows\System32\startup.exe (Trojan.Agent) -> No action taken. C:\Windows\System32\crypted.exe (Trojan.Agent) -> No action taken. jetzt OTL : Code:
ATTFilter OTL logfile created on: 18.05.2010 19:09:17 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\sebastian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,75 Gb Total Space | 161,95 Gb Free Space | 36,33% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 11,44 Gb Free Space | 57,23% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SEBASTIAN-PC Current User Name: sebastian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\sebastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Steam\GameOverlayUI.exe (Valve Corporation) PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Users\sebastian\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe () PRC - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Windows\System32\CLWatson.exe (CyberLink) PRC - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Windows\System32\Update\WindowsUpdate.exe () PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Users\sebastian\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3697.dll () SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe () SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (srvcPVR) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ESLvnic1) -- C:\Windows\System32\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/" FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80 FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.26 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 14:17:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 14:17:50 | 000,000,000 | ---D | M] [2009.05.31 15:34:09 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\mozilla\Extensions [2009.05.31 15:34:09 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.05.18 16:16:21 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\rc9dohef.default\extensions [2009.12.14 20:19:28 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\rc9dohef.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2009.09.03 16:17:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\rc9dohef.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.27 04:28:55 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\rc9dohef.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2009.11.28 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\rc9dohef.default\extensions\DTToolbar@toolbarnet.com-trash [2009.08.26 19:29:22 | 000,002,273 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Mozilla\FireFox\Profiles\rc9dohef.default\searchplugins\ask.xml [2009.11.28 22:50:56 | 000,002,055 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Mozilla\FireFox\Profiles\rc9dohef.default\searchplugins\daemon-search.xml [2010.05.16 19:28:04 | 000,000,961 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Mozilla\FireFox\Profiles\rc9dohef.default\searchplugins\icqplugin-1.xml [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Mozilla\FireFox\Profiles\rc9dohef.default\searchplugins\icqplugin.xml [2009.08.26 19:29:22 | 000,000,567 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Mozilla\FireFox\Profiles\rc9dohef.default\searchplugins\yahoo.xml [2010.05.18 16:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.20 19:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.02.18 22:07:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\Mozilla Firefox\plugins\NPOP7PlugIn.dll [2010.01.14 22:28:43 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 20:24:05 | 000,001,779 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\clipfish.xml [2010.01.01 20:24:05 | 000,001,013 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conrad.xml [2010.01.01 20:24:06 | 000,002,487 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\discount24.xml [2010.01.14 22:28:43 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.14 22:28:43 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 20:24:05 | 000,001,047 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\musicload.xml [2010.01.01 20:24:05 | 000,002,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\myvideo.xml [2010.01.01 20:24:05 | 000,002,023 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\otto.xml [2010.01.01 20:24:05 | 000,000,758 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\quelle.xml [2010.01.01 20:24:06 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\telefonbuch-de.xml [2010.01.14 22:28:43 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.14 22:28:43 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml [2010.01.01 20:24:05 | 000,005,375 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yodl.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HKLM] C:\Windows\System32\install\m32.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [svchost] C:\Windows\System32\svchost\svchost.exe ( ) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinSys2] C:\Windows\System32\startup.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [AppVodBurner] C:\Program Files\VodBurner\vodburner.exe () O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [HKCU] C:\Windows\System32\install\m32.exe () O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\sebastian\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [RGSC] C:\Users\sebastian\Desktop\lan games\gta4\Rockstar Games Social Club\RGSCLauncher.exe File not found O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [settdebugx.exe] C:\Users\SEBAST~1\AppData\Local\Temp\settdebugx.exe File not found O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [svchost] C:\Windows\System32\svchost\svchost.exe ( ) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = C:\Windows\System32\svchost\svchost.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\install\m32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = C:\Windows\System32\svchost\svchost.exe ( ) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\install\m32.exe () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 62.220.18.38 89.246.64.38 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\scvhost\svchost.exe) - C:\Windows\System32\scvhost\svchost.exe File not found O20 - HKLM Winlogon: UserInit - (wuauserv.exe) - File not found O24 - Desktop WallPaper: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8faf4b5e-2602-11df-948a-00ff01000001}\Shell\verb1\command - "" = E:\desktop.exe -- File not found O33 - MountPoints2\{ac2a5c4e-67bd-11dd-a066-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ac2a5c4e-67bd-11dd-a066-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{ac2a5c4e-67bd-11dd-a066-806e6f6e6963}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{ac2a5c53-67bd-11dd-a066-806e6f6e6963}\Shell\verb1\command - "" = G:\desktop.exe -- File not found O33 - MountPoints2\{b84cf0cd-f10a-11dd-a78a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menu.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.17 21:14:52 | 000,000,000 | ---D | C] -- C:\Users\sebastian\AppData\Roaming\Malwarebytes [2010.05.17 21:14:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.17 21:14:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.17 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.05.17 21:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.17 21:13:55 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sebastian\Desktop\mbam-setup.exe [2010.05.17 21:13:20 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe [2010.05.16 19:19:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\sebastian\Desktop\HiJackThis204.exe [2010.05.16 18:00:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS [2010.05.16 18:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan [2010.05.16 18:00:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022 [2010.05.01 19:01:22 | 000,000,000 | ---D | C] -- C:\Users\sebastian\AppData\Local\Deployment [2010.05.01 19:01:22 | 000,000,000 | ---D | C] -- C:\Users\sebastian\AppData\Local\Apps [2010.04.28 15:55:46 | 000,000,000 | ---D | C] -- C:\Users\sebastian\Documents\FXhome [2010.04.23 21:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2010.04.23 21:41:01 | 000,000,000 | ---D | C] -- C:\Users\sebastian\AppData\Local\Paint.NET [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.18 19:12:00 | 014,680,064 | -HS- | M] () -- C:\Users\sebastian\NTUSER.DAT [2010.05.18 18:38:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.18 18:23:04 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2153147119-3780600709-1552841190-1003UA.job [2010.05.18 17:27:03 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.18 17:27:03 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.18 16:06:08 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err [2010.05.18 15:42:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.18 15:42:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.18 15:26:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.17 22:39:36 | 000,524,288 | -HS- | M] () -- C:\Users\sebastian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.17 22:39:36 | 000,065,536 | -HS- | M] () -- C:\Users\sebastian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.17 22:38:57 | 002,974,856 | -H-- | M] () -- C:\Users\sebastian\AppData\Local\IconCache.db [2010.05.17 21:14:47 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.17 21:14:05 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\sebastian\Desktop\mbam-setup.exe [2010.05.17 21:13:24 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe [2010.05.16 20:23:03 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2153147119-3780600709-1552841190-1003Core.job [2010.05.16 19:19:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\sebastian\Desktop\HiJackThis204.exe [2010.05.16 19:16:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.05.16 19:13:57 | 000,000,566 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for sebastian.job [2010.05.16 19:08:01 | 000,010,560 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\cglogs.dat [2010.05.16 18:00:54 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.14 22:10:04 | 000,015,856 | ---- | M] () -- C:\Users\sebastian\AppData\Local\d3d9caps.dat [2010.05.08 00:27:37 | 001,048,576 | ---- | M] () -- C:\CAPTURE.AVI [2010.05.07 21:52:46 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2010.05.07 19:29:14 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.07 19:29:14 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.07 19:29:14 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.07 19:29:14 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.07 19:29:14 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.07 19:07:00 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.03 14:47:13 | 000,098,816 | ---- | M] () -- C:\Users\sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.01 19:02:05 | 000,000,000 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2010.05.01 17:15:00 | 002,499,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 17:16:49 | 000,001,457 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 1.6.lnk [2010.04.23 22:51:23 | 000,111,824 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.17 21:14:47 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.16 18:00:54 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.05.16 16:41:29 | 000,010,560 | ---- | C] () -- C:\Users\sebastian\AppData\Roaming\cglogs.dat [2010.05.08 00:27:36 | 001,048,576 | ---- | C] () -- C:\CAPTURE.AVI [2010.05.07 21:52:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.05.01 19:02:05 | 000,000,000 | ---- | C] () -- C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2010.04.27 17:16:49 | 000,001,457 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike 1.6.lnk [2010.03.02 21:32:31 | 000,000,005 | ---- | C] () -- C:\Windows\System32\scvhost.ini [2010.03.01 19:07:24 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2010.02.19 18:26:24 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini [2010.01.06 21:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini [2010.01.06 20:55:29 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll [2010.01.06 20:55:26 | 000,229,376 | ---- | C] () -- C:\Windows\System32\HookMap.dll [2010.01.06 20:55:26 | 000,184,320 | ---- | C] () -- C:\Windows\System32\HookShield.dll [2010.01.06 20:55:26 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll [2009.12.04 19:36:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.13 16:41:43 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.12 15:05:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.09.24 12:41:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.25 03:26:31 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.25 03:26:31 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.27 14:58:11 | 000,452,626 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2008.10.10 20:35:54 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.09.07 16:09:30 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.09.07 16:09:29 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2008.06.12 08:50:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.11 13:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI [2008.06.11 10:28:49 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini [2008.05.27 08:11:57 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.05.27 08:11:57 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.05.27 08:10:05 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.05.27 07:52:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.05.27 07:52:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.05.26 12:36:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.12.21 12:36:46 | 000,009,728 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2005.11.05 18:46:26 | 000,000,537 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 < End of report > |
|
18.05.2010, 18:14
| #4 |
| | Frffrf.exe -Trojaner! (TR/Spy.gen)Code:
ATTFilter OTL Extras logfile created on: 18.05.2010 19:09:28 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\sebastian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 161,95 Gb Free Space | 36,33% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,44 Gb Free Space | 57,23% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SEBASTIAN-PC
Current User Name: sebastian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Burn With ImgTool...] -- C:\Program Files\ImgTool Burn\ImgTool.exe -c -d "%l" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01612FA8-487C-4BF7-806B-C5C83370F81E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0436B6A2-6034-448A-BE30-49ECA3098462}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1715FA08-456E-422A-A42C-E7FFCFE09D8E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{32A7A36A-1DA4-42F9-B51B-0CC69901D3BF}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{5195A532-1030-4561-9AA7-FE8E6B62EB01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{682171A9-C672-45A5-93D8-CD3E27C07C12}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{82EB84A8-0CBD-4819-984C-D9D5F3EBD766}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A191544B-ED8E-4EC1-B542-985955F52AED}" = lport=51032 | protocol=6 | dir=in | name=akamai netsession interface |
"{AAF15F0C-DF03-4510-A765-B432AAE19222}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3E43726-DBD0-43CB-A72D-38F47F7B4CA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C66764F1-828B-43DB-A11C-ADD5C82D46FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D603042C-82DB-4660-AE0D-ABE95B6DE2D1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E0C28211-C1C3-466F-AC3E-281FFD314EBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA607E79-C0FE-48DF-970F-93FCE1C55663}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20E1415E-4564-4B0C-8EF0-391539C31D43}" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\apps\2.0\n1z0mmbv.yy7\yk745ljr.hr6\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{30EB14D0-AA15-47DF-A9C7-238690F546B2}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{33ADA776-84A2-4FE1-9B55-1815B784E02D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{39690AA9-515D-4F59-8E6C-6889E11E613A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe |
"{39F15993-895B-4EA6-8604-2C9C05C8D50F}" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\apps\2.0\n1z0mmbv.yy7\yk745ljr.hr6\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{3B381077-AFBF-4876-A863-5597E1C9D4D5}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3D11AEE0-C679-49F2-955D-A9CDFFEAEB96}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{3F7ADFA3-3676-4E5B-B528-A5A36160E5A1}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{437A5DB0-D842-4EB5-8B4F-F65446286BAA}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"{4763F99F-9BDF-4D68-9817-852DD8804F31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{4B176C63-DFC7-4F27-A09E-D38D53A63783}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{4B9582A5-BD87-45B8-AFBD-F17F8110578F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EFE38AA-37DB-468A-B45E-F39860DB2C2A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sebinator560\counter-strike\hl.exe |
"{59328281-3F78-47A3-8BD0-33A7EFC098C8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5D75C274-83EC-40EB-980C-45FAFE58FD9F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6058F520-4163-4E2F-A15F-E3CE1F738696}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqw.exe |
"{6E6B8D86-2658-45FF-9EC0-FD7C7FA29AF4}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7210300F-0D4E-4E31-954F-66A8899ABD80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75A2C022-0F5F-470C-A3A5-415ECD724456}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{80D77843-0A16-4315-8F5C-AE1185CD90D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sebinator560\counter-strike\hl.exe |
"{85DF6705-14C6-49CC-8FE8-791B31A8D37E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{8C65D64D-C2EB-47BF-8521-591BFBB80BD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E1B7A8A-E690-46F4-8AFA-4B04821392EE}" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\wow_fotlk_usk_de_xvid_f.avi-downloader.exe |
"{903E62CF-F68B-4AEB-A71D-188449C4980C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{90C1861D-0900-4113-A6E9-9133E456DC9B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{938F322D-D1A8-49E1-9377-D7105A494056}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{96CBFDC9-D96D-4238-A317-0DA2FB5584B4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9AB136C1-5179-4A54-9EBD-0114F104C4C2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9EEF55E8-2BCF-4236-974F-D835122A869A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A0B8266D-A331-49D6-869A-006CCFF0A236}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5EB7C84-1BC0-4905-8F31-7B6771B334AA}" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\wow_fotlk_usk_de_xvid_f.avi-downloader.exe |
"{AE8A8BC7-2F34-4C17-B47B-6CBD878AA3A3}" = protocol=6 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{AFD657E9-1F23-4864-BFF6-985EB049120C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{B1D68D93-8297-4FF4-A277-7A0CE52F7B62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B248877D-6100-40C7-835D-7DE0128682D1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B2686C6D-FFDC-4D86-A85F-19F78A3FD750}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B53A670F-7FF1-434D-86A1-37C6AA58E1AD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B82D3CEB-0B5E-4EC6-98D2-9D5E2DEA12FE}" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe |
"{BC65372F-810E-4D24-9833-E232E8C84048}" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe |
"{C00EC2D3-E890-4149-9647-E17BFA36052C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CAAA7317-E850-4C51-BD57-0BC36A04B647}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{D405D367-E2FF-4239-8CD7-C69F4AEF8C88}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D598143B-7D3F-4F6B-AAD4-2E8C1BEC5F5E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe |
"{EAF56493-8441-44B0-9DFE-7F58A69927DE}" = protocol=17 | dir=in | app=c:\program files\id software\enemy territory - quake wars\etqwded.exe |
"{F2346991-7AF6-4997-934C-68789CBA70F1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{05576D81-FE62-4185-8853-1C00E376FFE5}C:\users\sebastian\desktop\games\cod-mw2\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\games\cod-mw2\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{05E4C0C7-D5F3-40D4-B94F-C4031DDB2DFF}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{13AFE3E5-2349-4B70-A5B3-D69854C7CBA3}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{13FC43DF-8983-4FAE-80A2-58A509F9B7B8}C:\users\sebastian\desktop\games\lan\warcraft iii frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\games\lan\warcraft iii frozen throne\war3.exe |
"TCP Query User{150C653B-2028-4F1A-9254-37E0A1F61845}C:\users\sebastian\desktop\games\warcraft iii frozen throne (de)\war3.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\games\warcraft iii frozen throne (de)\war3.exe |
"TCP Query User{19543674-729C-4B55-AD2D-CEEB7189495C}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{1A403108-90EE-41C1-9C7D-29C89CF3FF07}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1FA438F7-2FCE-4A2E-B4D9-61787FE8C0CE}C:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe |
"TCP Query User{2035BD2D-A7AC-4EDA-B500-0F418953B2DB}C:\cs\hl.exe" = protocol=6 | dir=in | app=c:\cs\hl.exe |
"TCP Query User{3168D13B-B7C1-41E2-89C4-9A518EEE90EB}C:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe |
"TCP Query User{3425D76B-0CFA-4CB0-9E0F-84696EFEBE57}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{35C0E480-BF6E-4E49-B154-F5CC41206AE9}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{3A50F37C-829A-4BB8-8B4B-CAC52A6DA366}C:\users\sebastian\documents\azureus downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\sebastian\documents\azureus downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"TCP Query User{41D26F8E-12AF-407A-96BE-4D9887F64E7D}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{4946FC35-23C1-42D3-969C-95E970C18C7C}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{538053AD-4EC3-4573-9E3C-B2E55EEEF7E9}C:\users\sebastian\desktop\fogdownloader-rom_2_1_6_2049.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\fogdownloader-rom_2_1_6_2049.exe |
"TCP Query User{55DBB607-FC12-47C2-BCBC-0E9489834E3E}C:\users\sebastian\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{66381910-AB8F-487B-9F44-CD94614A0C38}C:\users\sebastian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{6C94A41A-0EF5-4815-B293-79A8FEA25C8F}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{6CFD28F8-A68D-40B7-9A64-F9C86287F7F4}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{7ECA1EF3-1BCD-43D7-8B82-6E436AA58C94}C:\program files\valve\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\counter-strike source\hl2.exe |
"TCP Query User{A885EC26-3798-4C91-948A-5451D19120F3}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{B030B110-8005-4399-98C1-6B25BDB32641}C:\users\sebastian\desktop\games\rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\games\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{C04CA61D-4C65-4671-8A19-47EC0EF9B878}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"TCP Query User{C2DB9D2A-CDEA-4E03-84B5-8D58020C42C2}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{CA1DF166-98B0-4CCB-9B3E-15D351D859F8}C:\users\sebastian\desktop\games\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\games\wow\world of warcraft\launcher.exe |
"TCP Query User{E03C59F2-B908-47A0-9F21-5A35641E7D7F}C:\program files\eslwire\wire.exe" = protocol=6 | dir=in | app=c:\program files\eslwire\wire.exe |
"UDP Query User{18A92A4F-9FBC-4BE7-A3D0-A245F0EE6826}C:\users\sebastian\desktop\games\rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\games\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{1AFF3586-CEBF-4806-993D-115F907B1DEA}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{1C95DBE7-1EE1-4C9E-9720-3B977E7EA572}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{205B5010-2DBA-4450-8F6C-846E82CA8DFC}C:\users\sebastian\desktop\games\lan\warcraft iii frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\games\lan\warcraft iii frozen throne\war3.exe |
"UDP Query User{2335A9B4-7305-45C4-96DE-1E81690E1E3F}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{2493E092-1B42-4B9B-B4ED-09440BB36F65}C:\users\sebastian\documents\azureus downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\sebastian\documents\azureus downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"UDP Query User{250C1A62-57B4-495E-8712-BE876FB96383}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{3B69C8E3-FD64-49D4-845A-49442142EFF9}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{4AAFB329-8435-40F4-B11D-CC1BAF0DB908}C:\cs\hl.exe" = protocol=17 | dir=in | app=c:\cs\hl.exe |
"UDP Query User{4AFC131F-5CF3-485B-AC7B-06BD983911FB}C:\users\sebastian\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{55284B5A-F57E-48BC-B083-CA69C3663C13}C:\users\sebastian\desktop\fogdownloader-rom_2_1_6_2049.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\fogdownloader-rom_2_1_6_2049.exe |
"UDP Query User{6388B89A-DEC3-4F58-BCFF-366450081BD1}C:\users\sebastian\desktop\games\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\games\wow\world of warcraft\launcher.exe |
"UDP Query User{6B0D50F0-29D0-4489-A42B-89780C195F81}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{7B0B86FD-F255-482C-8B19-910B6352A317}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{8025837D-8D1A-444D-90DA-BF792FEC6DE8}C:\users\sebastian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{80F408D9-15A9-4196-BEC4-7DF8CE2B5F17}C:\users\sebastian\desktop\games\cod-mw2\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\games\cod-mw2\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{82F02F1D-5DC0-4B9B-A060-8138BFF360AB}C:\program files\eslwire\wire.exe" = protocol=17 | dir=in | app=c:\program files\eslwire\wire.exe |
"UDP Query User{8E1EC0AC-E539-4054-8602-5FFCA7366CF6}C:\program files\valve\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\counter-strike source\hl2.exe |
"UDP Query User{97B28A90-2098-4ACA-8138-CA597F69244C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{A12E7956-64D7-497D-95B7-9B24D2F9A6D2}C:\users\sebastian\desktop\games\warcraft iii frozen throne (de)\war3.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\games\warcraft iii frozen throne (de)\war3.exe |
"UDP Query User{B64B7927-D7C6-4189-83D8-B5E90166A6A6}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"UDP Query User{BEA4A9FE-6AB9-48AA-B84D-4071B7919836}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{C07661BB-3447-4BA2-ADF5-F810272FE279}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"UDP Query User{C44393B7-24A0-42BA-9B4A-03FC21C95016}C:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe |
"UDP Query User{CFE32E7F-08D2-4E3F-8722-588D3C7F9801}C:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sebinator560\counter-strike source\hl2.exe |
"UDP Query User{ED130503-CEDA-4CCB-BF9C-1DF310703EA0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{FD838771-FBE7-4353-8851-084B4F4F991A}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{553F9976-B733-41D6-B5C6-A27F59B6879E}" = Avatar - Legends of The Arena
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{59AC7056-4859-41D2-8DE8-C277A3B2F884}" = Dyyno Browser Plugins
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{656957B8-41DB-4E43-AAA1-B128C2213D50}" = VodBurner
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A4D41F3-3EDA-4DAC-9403-839708EA0667}" = Install(US)2
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite Demo
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C980B8-012F-4E9A-B090-07038008ACD0}" = Radiance for Vegas Pro 8.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11A3FEB-CB75-499C-A50C-4D75B98600E3}" = SteelSeries Ikari Optical
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 1.2.1
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Ask Toolbar_is1" = Ask Toolbar
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Black vs. Pink Skin_is1" = Black vs. Pink Skin
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DynaScene_Audio/Video_Chat_1.0" = Video DJ 2.1.2
"ffdshow" = ffdshow
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FXhome EffectsLab Pro" = FXhome EffectsLab Pro (remove only)
"GameVoice" = Microsoft Game Voice Share
"Guild Wars" = GUILD WARS
"GXTranscoder v2" = GXTranscoder v2
"HaaliMkx" = Haali Media Splitter
"HLSW_is1" = HLSW v1.3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Standard)
"LetsTrade" = LetsTrade Komponenten
"lgx4.lgx.demo" = G DATA Logox4 Demo
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"LimeWire" = LimeWire 5.1.3
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"McLoad Preinstaller" = McLoad Preinstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mumble" = Mumble and Murmur
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectMapper .NET_is1" = ObjectMapper .NET 2.2.2519.0
"OpenAL" = OpenAL
"OPERATION7" = OPERATION7
"Pacific Poker" = Pacific Poker
"PhotoScape" = PhotoScape
"POD-Bot 2.5" = POD-Bot 2.5
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"PunkBusterSvc" = PunkBuster Services
"Quake 3 Arena Demo" = Quake 3 Arena Demo
"RocketDock_is1" = RocketDock 1.3.5
"Runic Games Torchlight" = Torchlight
"schlaegerei.de ComputerSchock 4.00" = schlaegerei.de ComputerSchock 4.00
"Sony Eyetoy Webcam" = Sony Eyetoy Webcam
"Soundboard Alter Mann" = Soundboard Alter Mann 1.0
"Soundboard Nervenklinik" = Soundboard Nervenklinik 1.0
"SprayR" = SprayR 1.0 RC7b
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 590" = Left 4 Dead 2 Demo
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tunatic" = Tunatic
"TuneUpMedia" = TuneUp Companion 1.6.1
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"World of Warcraft" = World of Warcraft
"X10Hardware" = X10 Hardware(TM)
"x264 Revision 408 x264.nl" = x264 Revision 408 x264.nl (remove only)
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
18.05.2010, 19:03
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Frffrf.exe -Trojaner! (TR/Spy.gen) Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\Windows\System32\Update\WindowsUpdate.exe ()
2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [HKLM] C:\Windows\System32\install\m32.exe ()
O4 - HKLM..\Run: [svchost] C:\Windows\System32\svchost\svchost.exe ( )
O4 - HKLM..\Run: [WinSys2] C:\Windows\System32\startup.exe ()
O4 - HKCU..\Run: [settdebugx.exe] C:\Users\SEBAST~1\AppData\Local\Temp\settdebugx.exe File not found
O4 - HKCU..\Run: [svchost] C:\Windows\System32\svchost\svchost.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = C:\Windows\System32\svchost\svchost.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\install\m32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = C:\Windows\System32\svchost\svchost.exe ( )
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\install\m32.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\scvhost\svchost.exe) - C:\Windows\System32\scvhost\svchost.exe File not found
O20 - HKLM Winlogon: UserInit - (wuauserv.exe) - File not found
O33 - MountPoints2\{8faf4b5e-2602-11df-948a-00ff01000001}\Shell\verb1\command - "" = E:\desktop.exe -- File not found
O33 - MountPoints2\{ac2a5c4e-67bd-11dd-a066-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ac2a5c4e-67bd-11dd-a066-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{ac2a5c4e-67bd-11dd-a066-806e6f6e6963}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{ac2a5c53-67bd-11dd-a066-806e6f6e6963}\Shell\verb1\command - "" = G:\desktop.exe -- File not found
O33 - MountPoints2\{b84cf0cd-f10a-11dd-a78a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menu.exe -- File not found
[2010.05.18 16:06:08 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
:Files
C:\Users\sebastian\AppData\Local\Temp\frffrf.exe
C:\Windows\System32\Update
C:\Windows\System32\install
C:\Windows\System32\svchost
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.05.2010, 16:43
| #6 |
| | Frffrf.exe -Trojaner! (TR/Spy.gen) Danke hat geklappt! |
|
20.05.2010, 19:11
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Frffrf.exe -Trojaner! (TR/Spy.gen) Wo ist das Log?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Frffrf.exe -Trojaner! (TR/Spy.gen) |
| antivir, antivir guard, ask toolbar, askbar, avira, bho, desktop, ebay, firefox, google, gupdate, hijack, hkus\s-1-5-18, internet, internet explorer, local\temp, monitor, mozilla, object, rundll, security, security scan, senden, server, skype.exe, software, svchost.exe, system, trojaner, vista, windows |
Linear-Darstellung
