TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll

HH-EM4 · 02.06.2010, 20:21

Moin,

seit heute bekomme ich ständig von Avira die Meldung, dass der Trojaner
TR/Crypt.XPACK.Gen2 in der Datei C:\Windows\System32\iebho1D.dll gefunden wurde. Löschungsversuche und "In-Quarantäne-Stellung" haben nichts gebracht. Beim Verwenden der Boardsuche habe ich irgendetwas von Rootkits gelesen. Handelt es sich hierbei um ein solches?

Außerdem habe ich eben vom Windows Defender folgene Meldung bekommen:

Zitat:

Kategorie:
Kennwortstehlprogramm

Beschreibung:
Dieses Programm ist gefährlich. Es zeichnet Benutzerkennwörter auf.

Empfehlung:
Entfernen Sie diese Software unverzüglich.

Ressourcen:
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{D032570A-5F63-4812-A094-87D007C23012}

regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D032570A-5F63-4812-A094-87D007C23012}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{D032570A-5F63-4812-A094-87D007C23012}

regkey:
HKCU@S-1-5-21-2872451828-781850905-736510938-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D032570A-5F63-4812-A094-87D007C23012}

bho:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D032570A-5F63-4812-A094-87D007C23012}

ieaddon:
HKCU@S-1-5-21-2872451828-781850905-736510938-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D032570A-5F63-4812-A094-87D007C23012}

file:
C:\Windows\system32\iebho1E.dll

file:
C:\Windows\system32\iebho1D.dll

file:
C:\Windows\system32\iebho0D.dll

file:
C:\Windows\system32\iebho.dll

HiJackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:32, on 18.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Finale NotePad 2008\Finale NotePad.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008\TrayServer.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\Thore Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) 
Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 10939 bytes

Ich würde mich über eine schnelle Antwort freuen.

Liebe Grüße

Thore

cosinus · 03.06.2010, 14:03

Hallo,

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

HH-EM4 · 04.06.2010, 06:21

Hier erstmal der Malwarebytes Log. (Ich wusste nicht, ob ich die Funde löschen sollte?!)

Die OTL Logs kommen dann, wenn ich wieder aus der Schule zurück bin.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4167

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

04.06.2010 07:18:30
mbam-log-2010-06-04 (07-18-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 653620
Laufzeit: 3 Stunde(n), 36 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Thore Hansen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMGPLAIE\system64[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Thore Hansen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMGPLAIE\scchost3[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Thore Hansen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9Z8QEBP\scchost3[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Thore Hansen\Downloads\Cryptload_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
C:\Users\Thore Hansen\Downloads\Cryptload_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.
C:\Windows\System32\iebho.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\iebho0D.dll (Trojan.BHO) -> No action taken.
C:\Windows\System32\iebho1E.dll (Trojan.BHO) -> No action taken.

Gruß
Thore

HH-EM4 · 04.06.2010, 12:44

Hallo, erstmal sorry für den Doppelpost, ich hab die Edit-Funktion nicht gefunden.
Soo.. jetzt kommen auch die die beiden OTL Logs

Code:

ATTFilter

OTL logfile created on: 04.06.2010 07:23:05 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Thore Hansen\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 7,42 Gb Free Space | 5,15% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 136,60 Gb Free Space | 94,86% Space Free | Partition Type: NTFS
Drive E: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1,88 Gb Total Space | 1,43 Gb Free Space | 76,35% Space Free | Partition Type: FAT
 
Computer Name: NOTEBOOK
Current User Name: Thore Hansen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thore Hansen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Users\Thore Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\distnoted.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe (CodeGear)
PRC - C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Thore Hansen\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (BlackfishSQL) -- C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe (CodeGear)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) QuickCam Orbit/Sphere MP(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\Windows\System32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0836) -- C:\Windows\System32\drivers\SaiK0836.sys (Saitek)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:6.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100415
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "212.113.5.2."
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "212.113.5.2."
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "212.113.5.2."
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "212.113.5.2."
FF - prefs.js..network.proxy.ssl_port: 80
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.23 12:50:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.23 12:50:36 | 000,000,000 | ---D | M]
 
[2008.12.24 05:49:51 | 000,000,000 | ---D | M] -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Extensions
[2010.05.31 11:27:28 | 000,000,000 | ---D | M] -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions
[2009.12.18 17:47:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009.07.18 19:39:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.29 14:51:26 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.03.15 20:54:03 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2008.12.25 23:43:37 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.02.28 18:37:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.24 16:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.06 16:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.09.13 16:50:34 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.01.02 15:29:56 | 000,000,000 | ---D | M] (Yoono) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010.03.03 18:44:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.05.02 12:26:23 | 000,000,000 | ---D | M] -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\nasanightlaunch@example.com
[2010.04.12 18:12:06 | 000,000,000 | ---D | M] -- C:\Users\Thore Hansen\AppData\Roaming\mozilla\Firefox\Profiles\64e7in42.default\extensions\personas@christopher.beard
[2009.01.06 17:28:39 | 000,000,523 | ---- | M] () -- C:\Users\Thore Hansen\AppData\Roaming\Mozilla\FireFox\Profiles\64e7in42.default\searchplugins\daemon-search.xml
[2010.05.01 18:31:34 | 000,000,958 | ---- | M] () -- C:\Users\Thore Hansen\AppData\Roaming\Mozilla\FireFox\Profiles\64e7in42.default\searchplugins\icqplugin.xml
[2010.05.23 12:50:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} -  File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  File not found
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\Windows\System32\iebho1D.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Thore Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thore Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Thore Hansen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Expression Studio 2\Web 2\OFFICE12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thore Hansen\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Thore Hansen\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.06 14:50:50 | 000,218,376 | R--- | M] () - E:\AutoStarter.exe -- [ CDFS ]
O32 - AutoRun File - [2009.07.20 15:07:04 | 000,003,496 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.08.17 12:14:02 | 000,000,000 | ---D | M] - E:\autostarter -- [ CDFS ]
O33 - MountPoints2\{7003a427-a0be-11dd-9783-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7003a427-a0be-11dd-9783-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoStarter.exe -- [2009.08.06 14:50:50 | 000,218,376 | R--- | M] ()
O33 - MountPoints2\{ad785a24-6e09-11de-835c-001377b154d2}\Shell\AutoRun\command - "" = H:\TrueCrypt\TrueCrypt.exe -- File not found
O33 - MountPoints2\{ad785a24-6e09-11de-835c-001377b154d2}\Shell\dismount\command - "" = H:\TrueCrypt\TrueCrypt.exe -- File not found
O33 - MountPoints2\{ad785a24-6e09-11de-835c-001377b154d2}\Shell\start\command - "" = H:\TrueCrypt\TrueCrypt.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.03 19:00:24 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\AppData\Roaming\Malwarebytes
[2010.06.03 19:00:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.03 19:00:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.03 19:00:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 19:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.03 18:59:24 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2010.06.02 18:58:13 | 000,000,000 | --SD | C] -- C:\Users\Thore Hansen\Documents\My Web Sites
[2010.06.01 19:16:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nikon
[2010.05.31 16:52:19 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\Documents\HTML
[2010.05.27 13:02:47 | 000,000,000 | ---D | C] -- C:\Programme\TweetDeck
[2010.05.26 00:57:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.23 17:28:43 | 000,000,000 | ---D | C] -- C:\Programme\tools
[2010.05.23 17:26:22 | 000,000,000 | ---D | C] -- C:\Programme\Ghostgum
[2010.05.20 13:41:01 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center
[2010.05.11 23:04:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.05.11 21:40:15 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\Documents\Bilder von Kamera 11.5.10
[2010.05.10 21:42:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.05.09 19:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.05.09 19:32:43 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\PhotoshopPortable
[2010.05.09 13:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.05.09 13:57:36 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\Documents\TrackMania
[2010.05.07 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\AppData\Roaming\GrabPro
[2010.05.07 17:25:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.05.07 14:50:45 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.05.07 14:50:01 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\AppData\Roaming\Orbit
[2010.05.07 14:17:17 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2010.05.07 14:17:12 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.05.06 16:27:15 | 000,000,000 | ---D | C] -- C:\Users\Thore Hansen\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.09 11:31:29 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.04 07:24:31 | 006,291,456 | -HS- | M] () -- C:\Users\Thore Hansen\NTUSER.DAT
[2010.06.04 07:22:44 | 000,162,544 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.04 07:22:44 | 000,162,544 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.04 07:08:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.04 06:56:07 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 06:56:07 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 06:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.03 19:00:07 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 18:59:26 | 000,000,848 | ---- | M] () -- C:\Users\Thore Hansen\Desktop\Orbit.lnk
[2010.06.03 18:56:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.03 18:56:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.03 18:55:58 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.03 18:54:56 | 000,524,288 | -HS- | M] () -- C:\Users\Thore Hansen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.03 18:54:56 | 000,065,536 | -HS- | M] () -- C:\Users\Thore Hansen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.03 18:54:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.03 18:54:27 | 004,420,964 | -H-- | M] () -- C:\Users\Thore Hansen\AppData\Local\IconCache.db
[2010.06.03 18:26:51 | 000,018,432 | ---- | M] () -- C:\Users\Thore Hansen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 16:23:26 | 001,708,956 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.03 16:23:26 | 000,726,494 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.03 16:23:26 | 000,684,362 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.03 16:23:26 | 000,165,884 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.03 16:23:26 | 000,138,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.02 21:48:03 | 000,000,132 | ---- | M] () -- C:\Users\Thore Hansen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.05.31 15:09:54 | 000,023,552 | ---- | M] () -- C:\Users\Thore Hansen\Desktop\Leitmotive zum Musical Elizabeth.doc
[2010.05.30 20:15:37 | 000,062,207 | ---- | M] () -- C:\Users\Thore Hansen\Documents\Nelson.docx
[2010.05.27 13:02:47 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010.05.23 19:02:15 | 000,001,470 | ---- | M] () -- C:\Users\Thore Hansen\gsview32.ini
[2010.05.23 17:30:19 | 000,089,881 | ---- | M] () -- C:\Users\Thore Hansen\Documents\wurf2.pdf
[2010.05.23 17:29:09 | 000,122,891 | ---- | M] () -- C:\Users\Thore Hansen\Documents\91121%20Wurf%201%20STLOD.pdf
[2010.05.23 17:28:45 | 000,000,837 | ---- | M] () -- C:\Users\Thore Hansen\Desktop\PDF-Analyzer 4.0.lnk
[2010.05.23 12:50:38 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.22 15:54:19 | 000,008,686 | ---- | M] () -- C:\Users\Thore Hansen\Documents\Feline's Hugs.xlsx
[2010.05.21 00:11:46 | 000,000,928 | ---- | M] () -- C:\Users\Thore Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.05.20 23:51:03 | 000,094,208 | ---- | M] () -- C:\Users\Thore Hansen\Documents\Phantom_Kor.doc
[2010.05.18 16:02:56 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.11 20:47:05 | 000,015,754 | ---- | M] () -- C:\Users\Thore Hansen\Documents\öktprogramm.pdf
[2010.05.11 17:24:41 | 000,010,247 | ---- | M] () -- C:\Users\Thore Hansen\Documents\Postkarten.docx
[2010.05.10 21:42:25 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.05.10 14:06:54 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.09 20:51:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010.05.07 17:27:28 | 000,143,528 | ---- | M] () -- C:\Users\Thore Hansen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.07 17:25:46 | 321,723,699 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.07 17:25:06 | 000,462,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.07 14:22:00 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.05.06 16:27:13 | 000,001,032 | ---- | M] () -- C:\Users\Thore Hansen\Desktop\DVDVideoSoft Free Studio.lnk
 
========== Files Created - No Company Name ==========
 
[2010.06.03 19:00:07 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 18:59:26 | 000,000,848 | ---- | C] () -- C:\Users\Thore Hansen\Desktop\Orbit.lnk
[2010.06.02 21:48:03 | 000,000,132 | ---- | C] () -- C:\Users\Thore Hansen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.05.31 15:09:54 | 000,023,552 | ---- | C] () -- C:\Users\Thore Hansen\Desktop\Leitmotive zum Musical Elizabeth.doc
[2010.05.30 20:14:10 | 000,062,207 | ---- | C] () -- C:\Users\Thore Hansen\Documents\Nelson.docx
[2010.05.27 13:02:47 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010.05.23 17:30:19 | 000,089,881 | ---- | C] () -- C:\Users\Thore Hansen\Documents\wurf2.pdf
[2010.05.23 17:29:09 | 000,122,891 | ---- | C] () -- C:\Users\Thore Hansen\Documents\91121%20Wurf%201%20STLOD.pdf
[2010.05.23 17:28:45 | 000,000,837 | ---- | C] () -- C:\Users\Thore Hansen\Desktop\PDF-Analyzer 4.0.lnk
[2010.05.23 17:26:25 | 000,001,470 | ---- | C] () -- C:\Users\Thore Hansen\gsview32.ini
[2010.05.23 12:50:38 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.21 00:11:46 | 000,000,928 | ---- | C] () -- C:\Users\Thore Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.05.20 23:51:02 | 000,094,208 | ---- | C] () -- C:\Users\Thore Hansen\Documents\Phantom_Kor.doc
[2010.05.20 11:23:42 | 000,008,686 | ---- | C] () -- C:\Users\Thore Hansen\Documents\Feline's Hugs.xlsx
[2010.05.11 20:47:05 | 000,015,754 | ---- | C] () -- C:\Users\Thore Hansen\Documents\öktprogramm.pdf
[2010.05.10 21:42:25 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.05.10 14:06:54 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.07 17:24:10 | 321,723,699 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.05.07 14:17:14 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.05.04 11:13:49 | 000,225,280 | ---- | C] () -- C:\Windows\System32\iebho1E.dll
[2010.05.02 16:12:56 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.05.02 10:57:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\iebho0D.dll
[2010.05.02 10:42:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\iebho.dll
[2010.04.29 18:52:53 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS6d.DLL
[2010.04.18 17:54:46 | 000,350,208 | ---- | C] () -- C:\Windows\System32\Rivet200.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 17:05:16 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.03.05 14:53:26 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.21 20:03:59 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.01.01 19:46:22 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2010.01.01 19:32:18 | 000,000,000 | ---- | C] () -- C:\Windows\MusicEditor.INI
[2009.12.19 10:59:09 | 000,000,574 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2009.12.19 10:56:50 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009.10.27 17:48:38 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.10.27 17:48:21 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.10.07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.10.02 14:22:49 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.02 14:22:46 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.09.04 20:16:20 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.19 21:23:34 | 001,273,856 | ---- | C] () -- C:\Windows\System32\SaiC0836.Dll
[2009.08.19 21:23:34 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0836_0C.dll
[2009.08.19 21:23:34 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_10.dll
[2009.08.19 21:23:34 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_0A.dll
[2009.08.19 21:23:34 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_07.dll
[2009.08.19 21:23:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0836_09.dll
[2009.08.19 21:23:34 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0836_0402.dll
[2009.08.19 21:23:34 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0836_11.dll
[2009.01.06 17:25:48 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows
\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.12 06:03:48 | 000,001,670 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.09.12 06:03:06 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.09.12 06:03:06 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.09.12 05:54:39 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.09.11 17:02:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.01.13 00:48:14 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:B38ED9070E4E16BD
< End of report >

Weil das sonst zuviele Zeichen werden, muss ich einen weiteren Post machen. Das Extras Log kommt dann gleich in die Antwort. (Ich hoffe, dass das okay ist, wenn nicht bitte Bescheid sagen

)

HH-EM4 · 04.06.2010, 12:49

So... der zweite OTL Log:

Code:

ATTFilter

OTL Extras logfile created on: 04.06.2010 07:23:05 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Thore Hansen\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 7,42 Gb Free Space | 5,15% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 136,60 Gb Free Space | 94,86% Space Free | Partition Type: NTFS
Drive E: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1,88 Gb Total Space | 1,43 Gb Free Space | 76,35% Space Free | Partition Type: FAT
 
Computer Name: NOTEBOOK
Current User Name: Thore Hansen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\Microsoft Expression Studio 2\Web 2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Expression Studio 2\Web 2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UACDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBB4DE8-6C2D-470D-A6F5-6BD8BDC79AF6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{13C377AB-ABF3-4451-933E-A0D08729E3A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{13F24517-A679-480A-8281-4B94C8CFCC92}" = rport=139 | protocol=6 | dir=out | app=system | 
"{14315AEE-9EDC-4179-AE23-992AEE7822A6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1D41A780-A446-4FE5-A4E9-19DCC5338B58}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20F152D0-24E5-4A8B-8B08-02408E670B98}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{24C12DCF-1013-4480-A20D-7707B9E17D97}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{306F8DD5-045C-4967-8594-A703435FA82E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{365BC747-9781-41AB-A24B-70F586B78C3F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44A5D88A-21D7-4363-8AD4-FBDAE64E6ED0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{45472588-FAC0-47CB-AFD9-63D6BB69FAFD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{46C2EDB0-57A7-4998-8277-4CC87D1F5FF2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{4BF367EB-4124-465C-8DB0-7DE190A817D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4E3ED703-4513-44C2-B18A-5059EE1338F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{51780E93-7421-40DB-AEE7-ED6F3140BADC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{581A4401-8096-4E94-93C0-18C5BCBF8229}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{682A1223-C6F0-400E-9981-D8EA5A5BC574}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{68EDB7CD-9198-4827-82CC-43C13D1607AB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{690C9150-4D52-4BBC-AE98-2282E677FF78}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6A8B7A2D-E86A-42D0-BC03-38480890C14F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{982F8BD2-7988-4A60-A53D-6D25EB1D738C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A2DA1EB9-B967-4350-B8E5-3AA1B56C0120}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A958A8CB-E87D-422C-ABB0-8CE6089A32CE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B2A92786-510A-4A47-A0BB-C836907834BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B52A677D-DE7C-4DE3-8E92-9B86CD353080}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BA913459-01D6-44BB-A2DD-2151FB7578E8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BB59AF08-ADCC-4B7F-A445-798B59EB6BB2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{CD97FB65-BE4A-4E4F-8670-A5511B9A207D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D68CAC06-7F25-4680-B44F-B585AC77F831}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D87AF7DF-C82C-457A-B4CD-B80BD229EE5C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DB6FADFD-6A64-4E03-8C9B-E4976789000B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF35A2C2-F78B-4BD9-B318-DD07F89D9ADB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E7BDF98C-BC33-4C42-BA2C-1E2301C27A60}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EAA3D75C-C09B-4919-B619-49A17907D068}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F3DA887B-B8B4-4C4F-AE2C-A176237D7B4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003A563E-9BF1-49FC-B49F-E5AB29E0D55A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{00ED75FE-ADF1-43C3-B216-C9D899B5316D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{039C01C1-3769-4D98-A087-C2B05E718050}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{046C4C61-62DF-483A-84BF-11CD9547220A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{09B98D4B-5010-4077-9D40-A4ACE9342FA4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0CA50CB7-E5CB-4FBD-813E-D6A84708DF76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{105FFEB6-74D9-4253-A6E8-EC096D00EE03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{115624F7-A486-498A-BC1D-B5E942DB6A24}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{13576BE9-5501-457F-99DD-7AA3FD8E168A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{13CB6C5E-2E48-4B9C-B194-E7C40C035EE7}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{1898FE73-B540-4D8A-9751-6DA466544F7B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{1B62FDF5-FA92-421A-8900-A06FD5050F0D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{205B2E31-F1AC-47F2-81D0-BAB0D7AC93E7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{22761993-D574-46C2-AE5A-6A878591512B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{234C7694-57BF-4B52-93B0-4668FA0E9148}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25B75885-9140-4373-B960-55F7EE665C18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{273C564C-0C6D-4142-A0C1-58C0254BCA23}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2ACF7134-AD68-4CCC-ACF5-3D6A077E2B3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2B8E1604-1523-450B-BC0C-949C2432C32F}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{2DBEC619-F1E3-4BED-90A0-7231963EBBCB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{2F85D2AD-294A-4D87-8F1C-2939F4EB6493}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2FA33C28-5007-4AF0-BE8F-14940D86CD42}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{321EA067-7C7A-4C5D-9EBB-B19F52CB6AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{35E06036-87D1-4390-83A0-8D9649E4A4CE}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{36405722-97A0-4FB0-AC87-47E4B130B1A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{379C3985-66D9-405A-90DA-93F50F8ECAD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3823D7DB-BECB-4061-B483-7EBC4E1AC990}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A625D56-5150-4DE2-8279-41A2CADDF055}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{3AEDDD46-2CD7-4163-AA46-744DFC1CEEF3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{3BA1BE05-7D03-469F-8A78-AE761CBAD7C1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{46123CD5-1425-4561-82C0-CB51576AE7AB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{4934DABF-A60B-45E8-8703-0E81045EFB47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4B21C924-B117-4165-9532-C0B8550AD7EF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{51038099-A75A-450F-846D-07776BDC570B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{543A1068-6654-4812-AE6F-664E1A604AA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5479B49A-D2D0-49C3-AAB4-C62814C5A46C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{5510393B-2562-4051-A7FE-244E2171D319}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{59D99750-22F6-4507-8A0F-111D49695FA9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5AA73155-F994-42B7-9BD0-D09ECDEFE526}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{5E163527-D76A-4529-BC27-9474CF23F98D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6643F232-414B-4F9F-A8D7-7C261569C065}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{69D2E27B-3D59-4AA0-B95F-B5C0C16C26C4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7028754D-A283-4948-8282-403EAEA02EF1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{7625B014-25A8-473E-826B-AD0DBE1ACF58}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{771B8BC3-F2CB-4EA1-B37B-6F22D9844ADC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77891C54-CEE6-4EB6-8CAA-450F51E4C255}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{78A80E22-0DF8-46FB-9BE3-D85EC7CE6DFA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{791F08BA-4B98-4525-8B1F-3D935C000642}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{7AF548D7-0F5B-42F4-9360-FF99F52E4F32}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C8187C4-834A-43E9-B5D1-CC69746CCF4C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7DF02891-E394-4927-A658-F189B6F0F00C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{7EC258BC-7FE8-4DE6-913B-FF1FF86718C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80AE6F38-D68B-4E5D-B63A-E46CFFA8BBA9}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{835136D1-D27C-4111-ACC5-4FAFE4C9C02B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{874C1C6E-8DB1-423E-8D4F-C97A541B709F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{88C11B12-D37E-4F70-93AA-87C9FBA516C8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{901ABB4D-C42A-4451-B29E-7F32EEEDC860}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{93824446-8271-4AA0-83F7-205FBAAD8471}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{93B805E9-CB61-4670-B168-E4E579D75C7B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{93CAF441-941F-4D9E-A652-F1FDB5E9B673}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{9688A05D-2E82-430C-88A8-BAFB18BD421E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9CE8F570-138D-423F-804C-5B3707AAF5BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A42CBA3A-A8E5-4730-955B-434A6585222D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A4F4C75B-C5F0-41AF-983F-10C5E63D93C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A62B1B71-FF94-4BCE-9DA9-11352C5C39B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A872291B-410E-4219-8722-ACB3BF3B0231}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9ACFC8E-AF44-4931-94F2-2544ADFB4A92}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AEDA8A9E-1400-4616-80BA-A0926EDA2860}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{AFFFA026-2383-44D8-9704-2AA6884719DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{B0CC219E-59F4-4188-AD7C-5C00E53E8989}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B51DCFE1-AF07-4674-AADC-935D9CF09452}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B8960016-40CF-4FBC-A4A1-2A523CC76C38}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{BA455760-20FE-4A0E-859B-EB3D39596C7E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C06ACCD3-6DA6-4871-AA9C-47D9BAD87676}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C11C127A-00B4-45D5-AFE8-97F9A56416B2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{C3AD67C6-6FAD-401E-B57D-A6ACA03D8338}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{C3E8D58A-96C1-4410-A5C2-0D812E4FD166}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C43AC818-DB07-430A-A1F1-1AEE51447C01}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{C96094BE-AC43-42B0-8415-D4CC2A309081}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CA2DD685-CEBF-4595-B42D-BF0F671E7476}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CEB1F7CF-E350-40F3-A237-71952E11FD68}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D51EC754-EADE-49FC-B5CE-3DA252383985}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D9B572E9-452B-4917-B48D-8652376E6B01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DA1186ED-6384-4A1C-B76E-1ADAE98696AF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{DBF07B91-80DD-41CD-A984-6494BD010DEC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DEA58B27-ED2E-4FB4-911E-01E4FAED39A0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DF7E89DB-A291-4F50-ABEB-1B2B00AB7192}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1B718C0-07CA-4C0D-9778-8B796979A3AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E36AADA6-78F2-42FD-AEE2-30B206335B5C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{E5A6CC16-9C35-42DF-B9E4-263CA6E2A16A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E828ABEB-E133-41B4-9DA0-AA325DA60C00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E8A3E153-2D46-4968-AC16-00722A434A5E}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{E941E217-E762-482B-A868-8D8AA796F97B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{EAC9CBD1-2979-4BB3-B469-B1C23C0AC523}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{EBB9D19D-3452-4EDF-8CC3-6CB0565E5DB9}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{ED82A470-095C-4EA8-9E7C-A13E894DE7EE}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{ED9CCE55-8B05-4902-B641-5DCE500C21F6}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{EE8DA9AB-8C64-4EA3-91FE-8DDABB4EC98A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F0440D4D-ACD2-4ED5-8D47-22E299598530}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F04FB8FC-F1BD-4B04-8917-99E54A2B47BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F08191C2-39C7-4FC8-9DA2-E7F552D86DD2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F47ACD61-9665-4C21-9EB5-B2EE911B24A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6DA46F2-80C2-4D2A-9279-368E75612DDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7D39141-8AD6-44A0-8BED-BB9634319CEF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{F8EB1B08-4350-4702-8C94-7AE6A414E5EB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"TCP Query User{0141BC51-0BDB-4A8B-9E85-AD2AFBDEF415}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{0BAF347E-1911-4696-B757-EDC7981D8B5C}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{31BF109D-B245-410D-B9F3-5F1CC8E98532}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{370EB7FA-3817-4043-AAAF-10399B78F485}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{392EE6BD-5EBC-4235-8821-164B038EAB69}C:\users\thore hansen\appdata\local\temp\pyled4c.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\thore hansen\appdata\local\temp\pyled4c.tmp\pyrun.exe | 
"TCP Query User{45FACA02-01E7-4E70-A0BD-2CAFB53F6EDF}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{585966CF-28BC-494D-ADB9-1CB527DF04D8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{6940EAA7-C185-43BC-A6F4-FB833EDA8E6F}C:\program files\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files\thq\titan quest immortal throne\tqit.exe | 
"TCP Query User{86228C27-46C6-4081-9EA5-8CA6E22307FC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AFE3BF1D-A4F8-4F6D-B5B9-6E913B6156B3}C:\ccproxy\ccproxy.exe" = protocol=6 | dir=in | app=c:\ccproxy\ccproxy.exe | 
"TCP Query User{B26C90F1-CB91-4767-8663-EF17F8591BBB}C:\program files\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{C03CC8FF-9B35-4867-B464-B37ECAE932B7}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"TCP Query User{C4DE46C3-9A64-4922-BDA7-EF1D2111EF99}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{C986CDFB-3818-4B2F-B04D-B96D5236F20B}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{CEE02DBF-0072-4BDD-ADAF-3D163FDCD29A}C:\users\thore hansen\appdata\local\temp\pyl7501.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\thore hansen\appdata\local\temp\pyl7501.tmp\pyrun.exe | 
"TCP Query User{D6D89ACB-78F2-4C5A-9C11-2FD7A2AE5942}C:\program files\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\gamers.irc\mirc.exe | 
"TCP Query User{D7016D63-3110-461C-82BE-99892A93BA80}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{154D74C4-BE0B-4CE3-A574-C3EB9BE9A146}C:\program files\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{254924E4-F664-4FBB-A113-7454DD99BE05}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{29494783-E69A-4E74-98D5-0B7CBF6CB5AE}C:\ccproxy\ccproxy.exe" = protocol=17 | dir=in | app=c:\ccproxy\ccproxy.exe | 
"UDP Query User{2D74B4E0-F799-4CE8-A301-AF5B6BDCC6C4}C:\users\thore hansen\appdata\local\temp\pyl7501.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\thore hansen\appdata\local\temp\pyl7501.tmp\pyrun.exe | 
"UDP Query User{44F68FBB-CFF5-4C7E-9FBD-5DCA537AAB6D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{479843B8-65C4-4075-978B-980FB2B1E986}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{5D429150-D228-40EB-8E47-3C9E98199562}C:\users\thore hansen\appdata\local\temp\pyled4c.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\thore hansen\appdata\local\temp\pyled4c.tmp\pyrun.exe | 
"UDP Query User{60EEE9E3-ADFA-447D-B546-EF9BE4089B55}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{7020FFCC-130D-4398-A5C2-317B6035BD0E}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{A7FF7336-6162-4E51-8C1B-4F8FCFBA18D9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CB3BB170-53E1-4282-8635-9A5CB9D5EAB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D68FE86D-5C59-486A-A336-461AF507B8EF}C:\program files\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\gamers.irc\mirc.exe | 
"UDP Query User{DC2E7317-EDBF-4245-AFF3-860591C5A5ED}C:\program files\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files\thq\titan quest immortal throne\tqit.exe | 
"UDP Query User{ED807676-3D4C-4F1D-BA40-03CD97B5B0C4}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{EF7C5A6C-094D-4356-B4D7-4757A93D7926}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"UDP Query User{F5B7FE21-54E6-40F8-9123-ED81A1747490}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{F6784BE6-4057-4D52-BDF6-6A283F8F110E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{0216DA39-95B3-4D8A-9043-B748E0726C14}" = Gothic III - Götterdämmerung 1.08.9 Patch
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07B30B65-6615-46CF-ABB2-4AD33B9CE87A}" = OutSync
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0DE058B2-65BF-450E-9755-06D59F1B72BA}" = Saitek SD6 Programming Software 6.5.2.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27C94D95-4643-4F04-93A5-D462E4A098F6}" = Sprachtrainer Cours intensif 2
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3891E1C9-8E9E-43E2-B009-6D008BCD7669}" = Microsoft Expression Blend 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46301B1E-8962-4672-B5A2-0636BA3C48F4}" = Melodyne 3.2 Demo
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63E90040-9CB5-47EE-B705-4C06E6A829D6}" = VisualGPS
"{641CDF66-EFEB-4B29-8DF6-40960C4BC9FA}" = Boost Libraries for C++Builder 2009
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6833995C-2FFD-4084-981A-001FF469146A}" = Microsoft Expression Encoder 2
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.991
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{8174AEA7-A8D5-450D-8340-51D409CA4D76}" = Sun VirtualBox
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A2B58B18-5D04-4006-9713-B6945880746E}" = CodeGear RAD Studio 2009
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BEEB55-3E49-43BD-87E6-F1632C0E2BA6}" = Microsoft Expression Studio 2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{ADEEAF2A-9CC7-61AA-FE84-ABA1BC71D4AB}" = TweetDeck
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3498122-091E-4999-9EBE-7513FE904F6A}" = Microsoft Expression Design 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6BB6935-5F1E-4A89-8F08-C71A5E18D914}" = Tweet Adder 2010
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E966F0CC-76B3-11D3-945B-00C04FB1760A}" = BDE_ENT
"{EC9A0711-9823-4DD2-83C4-039886A3ECF6}" = Melodyne 3.2 Demo
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7F2B66A-DAAA-473D-951D-DF26FB8D7CD7}" = CodeGear Delphi and C++Builder 2009 Help System
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FD59BB38-9826-4EC0-B09E-A53FFFDC7523}" = CodeGear Delphi and C++Builder 2009 Database Pack
"{FDEC8D4C-FF2B-4F10-BF1E-4AEDCB98D4A9}" = Mediachase Screen Capture
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Blend_2.0.1523.0" = Microsoft Expression Blend 2
"Boost Libraries for C++Builder 2009" = Boost Libraries for C++Builder 2009
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1007
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000
"CCProxy_is1" = CCProxy 2010 Build on 20100308
"CloneDVD2" = CloneDVD2
"CodeGear Delphi and C++Builder 2009 Database Pack" = CodeGear Delphi and C++Builder 2009 Database Pack
"CodeGear Delphi and C++Builder 2009 Help System" = CodeGear Delphi and C++Builder 2009 Help System
"CodeGear RAD Studio 2009" = CodeGear RAD Studio 2009
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Design_5.0.1379.0" = Microsoft Expression Design 2
"DiskAid_is1" = DiskAid 3.11
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-WebPrint" = Easy-WebPrint
"Encoder_2.0.1406.0" = Microsoft Expression Encoder 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"Family Tree Builder" = MyHeritage Family Tree Builder
"FileZilla Client" = FileZilla Client 3.2.4.1
"Finale NotePad 2008" = Finale NotePad 2008
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FL Studio 9" = FL Studio 9
"Forte Free" = Forte Free 2.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Gamers.IRC" = Gamers.IRC 5.30
"Google Calendar Sync" = Google Calendar Sync
"Gothic 1_is1" = Gothic 1
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"GSview 4.9" = GSview 4.9
"Guild Wars" = GUILD WARS
"Hardcore" = Hardcore
"HashCalc_is1" = HashCalc 2.02
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IL Download Manager" = IL Download Manager
"InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"JDownloader" = JDownloader
"Jeyo Mobile Extender 2.5 f¨¹r Outlook_is1" = Jeyo Mobile Extender 2.5 f¨¹r Outlook
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Music Cleaning Lab 2008 deluxe D" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.0.0 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Video deluxe 2008 D" = MAGIX Video deluxe 2008 7.5.0.20 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mixxx" = Mixxx 1.7.2
"Morsen" = Morsen 2009.5.66 
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nimbuzz" = Nimbuzz 1.1.1
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PartyPoker" = PartyPoker
"PocketNester" = PocketNester
"PoiZone" = PoiZone
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Proxifier_is1" = Proxifier version 2.8
"Puente Nuevo 1" = Puente Nuevo 1
"PunkBusterSvc" = PunkBuster Services
"Rave Reports 7.6.0 BE_is1" = Rave Reports 7.6.0 BE
"Sakura" = Sakura
"Sawer" = Sawer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 11020" = TrackMania Nations Forever
"Steam App 13140" = America's Army 3
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIMELEFT3_is1" = TimeLeft
"Toxic Biohazard" = Toxic Biohazard
"TreeSize Free_is1" = TreeSize Free V2.3.3
"TrueCrypt" = TrueCrypt
"Tunnelier" = Bitvise Tunnelier 4.29 (remove only)
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 0.9.9
"WIDI Recognition System Pro 4.03" = WIDI Recognition System Pro 4.03 (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XWeb" = Microsoft Expression Web 2
"ZDF heute.de" = ZDF heute.de Screen Saver
"ZeroTimer_is1" = ZeroTimer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"Dropbox" = Dropbox
"Google Translator" = Google Translator
"PDF-Analyzer 4.0" = PDF-Analyzer 4.0
"www.mondgesaenge.de - G2ADB" = Gothic II Addon-Datenbank
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Vielen Dank schon mal im Vorraus

Liebe Grüße

Thore

cosinus · 04.06.2010, 14:37

Sieht rel. unauffällig aus, aber mir fielen diese Proxyeinträge auf. Hast Du die da eingetragen? Ist das so gewollt?

Code:

ATTFilter

FF - prefs.js..network.proxy.socks: "212.113.5.2."
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "212.113.5.2."
FF - prefs.js..network.proxy.ssl_port: 80

HH-EM4 · 04.06.2010, 14:50

Bei Firefox hab ich eigentlich keinen solchen Proxy drinnen. Und in Opera sowieso nicht. Aber danke für den Hinweis, mein Firefox funktioniert wieder (der hat schon länger nicht mehr funktioniert - als Proxy war localhost - also 127.0.0.1 eingetragen o.O, aber nicht 212.113.5.2..)

Und was ist mit den Funden von Malwarebytes? Versuchen zu löschen? Mit Avira hat's ja nicht geklappt...

cosinus · 04.06.2010, 15:12

Ja, die Dinger mit Malwarebytes bitte löschen.

HH-EM4 · 04.06.2010, 15:24

Okay. Nach dem Löschen habe ich folgendes Log bekommen:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4167

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

04.06.2010 16:16:21
mbam-log-2010-06-04 (16-16-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 653620
Laufzeit: 3 Stunde(n), 36 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Thore Hansen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMGPLAIE\system64[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Thore Hansen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMGPLAIE\scchost3[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Thore Hansen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9Z8QEBP\scchost3[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Thore Hansen\Downloads\Cryptload_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Thore Hansen\Downloads\Cryptload_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\Windows\System32\iebho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\iebho0D.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\iebho1E.dll (Trojan.BHO) -> Quarantined and deleted 
successfully.

Soll ich jetzt erneut einen Scan mit Malwarebytes (oder mit etwas anderem) durchführen, um zu kontrollieren, ob wirklich alles weg ist?

cosinus · 04.06.2010, 15:44

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

HH-EM4 · 05.06.2010, 13:29

So... jetzt kommt erstmal das GMER Log.
Kleine Anmerkung: Obwohl alle Programme beendet waren, kam gegen Mitte des Scans eine Meldung der Benutzerkonntensteuerung, die ein Java-Update zulassen wollte. Zum Glück kam das im Hintergrund und ich musste nicht die Maus bewegen. Glaubt ihr, dass sich das negativ auf den Scan ausgewirkt hat? Muss ich ihn wiederholen?

GMER Log: GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-05 14:24:01
Windows 6.0.6001 Service Pack 1
Running: ss1po7qm.exe; Driver: C:\Users\THOREH~1\AppData\Local\Temp\kxloqpow.sys


---- System - GMER 1.0.15 ----

SSDT            9FED5E7C                                                                                                                                          ZwCreateThread
SSDT            9FED5E68                                                                                                                                          ZwOpenProcess
SSDT            9FED5E6D                                                                                                                                          ZwOpenThread
SSDT            9FED5E77                                                                                                                                          ZwTerminateProcess

INT 0x51        ?                                                                                                                                                 86C2ABF8
INT 0x51        ?                                                                                                                                                 86C2ABF8
INT 0x72        ?                                                                                                                                                 86C2ABF8
INT 0x82        ?                                                                                                                                                 86C2ABF8
INT 0x92        ?                                                                                                                                                 85027BF8
INT 0x92        ?                                                                                                                                                 86C2ABF8
INT 0x92        ?                                                                                                                                                 86C2ABF8
INT 0x92        ?                                                                                                                                                 86C2ABF8
INT 0x92        ?                                                                                                                                                 85027BF8
INT 0xA2        ?                                                                                                                                                 86C2ABF8
INT 0xB1        ?                                                                                                                                                 84692BF8
INT 0xB1        ?                                                                                                                                                 84692BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!KeInsertQueue + 411                                                                                                                  82085A58 4 Bytes  [7C, 5E, ED, 9F] {JL 0x60; IN EAX, DX; LAHF }
.text           ntoskrnl.exe!KeInsertQueue + 5E1                                                                                                                  82085C28 4 Bytes  [68, 5E, ED, 9F]
.text           ntoskrnl.exe!KeInsertQueue + 5FD                                                                                                                  82085C44 4 Bytes  [6D, 5E, ED, 9F] {INSD ; POP ESI; IN EAX, DX; LAHF }
.text           ntoskrnl.exe!KeInsertQueue + 811                                                                                                                  82085E58 4 Bytes  [77, 5E, ED, 9F] {JA 0x60; IN EAX, DX; LAHF }
?               System32\Drivers\spmk.sys                                                                                                                         Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                          section is writeable [0x8E80A340, 0x3EE687, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                             8AAE64CB 5 Bytes  JMP 86C2A1D8 
.reloc          C:\Windows\system32\drivers\acehlp10.sys                                                                                                          section is executable [0x8E59DB80, 0x37FC7, 0xE0000060]
.text           a93ztbrn.SYS                                                                                                                                      8E5F5000 22 Bytes  [26, 92, 3C, 82, 10, 91, 3C, ...]
.text           a93ztbrn.SYS                                                                                                                                      8E5F5017 181 Bytes  [00, 32, 37, 34, 8A, 3D, 35, ...]
.text           a93ztbrn.SYS                                                                                                                                      8E5F50CE 73 Bytes  [00, 00, 00, 00, 01, C2, 03, ...]
.text           a93ztbrn.SYS                                                                                                                                      8E5F5118 185 Bytes  [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text           a93ztbrn.SYS                                                                                                                                      8E5F51D2 22 Bytes  [E0, C2, E2, 84, E3, 46, E6, ...]
.text           ...                                                                                                                                               
.text           ad5ugqtp.SYS                                                                                                                                      8E65B000 22 Bytes  [26, 92, 3C, 82, 10, 91, 3C, ...]
.text           ad5ugqtp.SYS                                                                                                                                      8E65B017 83 Bytes  [00, 32, 37, 34, 8A, 3D, 35, ...]
.text           ad5ugqtp.SYS                                                                                                                                      8E65B06B 97 Bytes  [82, 30, 09, 06, 82, E0, FE, ...]
.text           ad5ugqtp.SYS                                                                                                                                      8E65B0CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6A, ...]
.text           ad5ugqtp.SYS                                                                                                                                      8E65B0DA 12 Bytes  [00, 00, 02, 00, 00, 00, 25, ...]
.text           ...                                                                                                                                               
.reloc          C:\Windows\system32\drivers\acedrv10.sys                                                                                                          section is executable [0xA0CF7000, 0x459C1, 0xE0000060]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                            section is writeable [0xA0D3D300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                            section is writeable [0xA0D80300, 0x1BEE, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                             846922D8
IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                 [8A26AC4C] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                    [8A26ACA0] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                         [8A23A6D2] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                          [8A23A040] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                  [8A23A7FC] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                                         [8A23A0BE] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                   [8A23A13C] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                              846932D8
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                              86C2A2D8
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                [8A24A048] \SystemRoot\System32\Drivers\spmk.sys
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortNotification]                                                                        000000DC
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                      000000A2
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                      00000333
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                  000003D8
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                       0000024D
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                00000201
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                       000001EF
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortStallExecution]                                                                      0000031F
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                    000000A1
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortRequestCallback]                                                                     0000025C
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                               000003BE
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                00000215
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                     000000DD
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortMoveMemory]                                                                          00000190
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                           00000182
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                              00000363
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                00000258
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortReadPortUshort]                                                                      0000030E
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                0000017E
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortInitialize]                                                                          00000254
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                       0000019E
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                   000000AB
IAT             \SystemRoot\System32\Drivers\a93ztbrn.SYS[NTOSKRNL.exe!KeTickCount]                                                                               00000281
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortNotification]                                                                        CC000CC2
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                      83EC8B55
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                      575320EC
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                  458DFF33
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                       8D5750FC
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                5750F845
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                       8957046A
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortStallExecution]                                                                      75E8FC7D
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                    BB0001E8
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortRequestCallback]                                                                     000000EA
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                               850FC33B
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                0000012B
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                     0FFC7D39
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortMoveMemory]                                                                          00012284
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                           458D5600
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                              106A50F4
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                38335668
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortReadPortUshort]                                                                      FC75FF36
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                D1E85757
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortInitialize]                                                                          8B0001E7
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                       1BDEF7F0
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                   23D6F7F6
IAT             \SystemRoot\System32\Drivers\ad5ugqtp.SYS[NTOSKRNL.exe!KeTickCount]                                                                               FFFFF104
IAT             \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint]                                                                             86B822D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                             [73FB88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                              [73FF98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                          [73FBB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                    [73FAFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                              [73FB7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                           [73FAEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                               [73FEB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                  [73FBBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                          [73FB074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                           [73FB06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                            [73FA71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                    [7403D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                       [73FD7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                          [73FAE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                    [73FA697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                   [73FA69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2236] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                      [73FB2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                            8502A1F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                           Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                                              846951F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                  86A491F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                  86A491F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                  86A491F8
Device          \Driver\sptd \Device\395611377                                                                                                                    spmk.sys
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                                  86AE91F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                                  86A491F8
Device          \FileSystem\cdfs \Cdfs                                                                                                                            86AD61F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                               C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                               1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                            0x55 0x2F 0xF5 0x4F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                      0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                               C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                               0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                            0x01 0x29 0x30 0xB1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                      0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                   0xCF 0x30 0x85 0x80 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                             0xE6 0x8F 0x32 0x4A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)                                                   
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)                                                   
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                              
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                   C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                   1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                0x55 0x2F 0xF5 0x4F ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                              
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                   C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                   0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                0x01 0x29 0x30 0xB1 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                       0xCF 0x30 0x85 0x80 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                               
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                 0xE6 0x8F 0x32 0x4A ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10070400000000000F01FEC\Usage@OutlookMAPI2Intl_1031  1019548873
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName                                                                         C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy92.gthr
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber                                                                       92
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointSignature                                                             a2d28d31-5fdb-4d89-a6ac-815d4ab5350c

---- EOF - GMER 1.0.15 ----

--- --- ---

Ich fang jetzt mal mit dem OSAM Scan an. Das Log poste ich dann.

Liebe Grüße

Thore

HH-EM4 · 05.06.2010, 13:56

Okay... hier kommt das OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:55:01 on 05.06.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.53

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a93ztbrn" (a93ztbrn) - "Microsoft Corporation" - C:\Windows\system32\drivers\a93ztbrn.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys
"ad5ugqtp" (ad5ugqtp) - "Microsoft Corporation" - C:\Windows\system32\drivers\ad5ugqtp.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"AEGIS Protocol (IEEE 802.1x) v3.4.5.0" (AegisP) - "Meetinghouse Data Communications" - C:\Windows\System32\DRIVERS\AegisP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxloqpow" (kxloqpow) - ? - C:\Users\THOREH~1\AppData\Local\Temp\kxloqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - ? - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll  (File not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? -   (File not found)
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Expression Studio 2\Web 2\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} "Web Sites" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\12\BIN\FPNSE.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\WEB2~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? -   (File not found)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? -   (File not found)
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} "Windows Live Family Safety Browser Helper Class" - ? -   (File not found)
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - ? -   (File not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Thore Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - ? - C:\Users\Thore Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"fssui" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"ProfilerU" - "Saitek" - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"TrayServer" - "MAGIX AG" - C:\Program Files\MAGIX\Video_deluxe_2008\TrayServer.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"BlackfishSQL" (BlackfishSQL) - "CodeGear" - C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"Proxifier NSP" - " " - C:\Windows\system32\PrxerNsp.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PROXIFIER LSP" - "Initex Software" - C:\Windows\system32\PrxerDrv.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Vielen Dank!

Thore

cosinus · 05.06.2010, 22:40

Sieht unauffällig aus. Und das Java-Update während GMER aktiv war, sollte eigentlich kein Problem sein.
Gabs in der Zwischenzeit noch weitere Funde? Oder ist der Rechner jetzt soweit wieder ok?

HH-EM4 · 06.06.2010, 09:12

Hab jetzt noch mal einen vollständigen Scan mit Avira gemacht und nichts gefunden.

Code:

ATTFilter

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 5. Juni 2010  23:58

Es wird nach 2189644 Virenstämmen gesucht.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (Service Pack 1)  [6.0.6001]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : NOTEBOOK

Versionsinformationen:
BUILD.DAT      : 9.0.0.422     21701 Bytes  09.03.2010 10:23:00
AVSCAN.EXE     : 9.0.3.10     466689 Bytes  21.11.2009 12:06:31
AVSCAN.DLL     : 9.0.3.0       49409 Bytes  13.02.2009 11:04:10
LUKE.DLL       : 9.0.3.2      209665 Bytes  20.02.2009 10:35:44
LUKERES.DLL    : 9.0.2.0       13569 Bytes  26.01.2009 09:41:59
VBASE000.VDF   : 7.10.0.0   19875328 Bytes  06.11.2009 12:06:31
VBASE001.VDF   : 7.10.1.0    1372672 Bytes  19.11.2009 12:06:31
VBASE002.VDF   : 7.10.3.1    3143680 Bytes  20.01.2010 17:08:39
VBASE003.VDF   : 7.10.3.75    996864 Bytes  26.01.2010 17:35:16
VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 14:01:54
VBASE005.VDF   : 7.10.6.82   2494464 Bytes  15.04.2010 19:14:20
VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 16:06:02
VBASE007.VDF   : 7.10.7.219      2048 Bytes  02.06.2010 16:06:02
VBASE008.VDF   : 7.10.7.220      2048 Bytes  02.06.2010 16:06:03
VBASE009.VDF   : 7.10.7.221      2048 Bytes  02.06.2010 16:06:03
VBASE010.VDF   : 7.10.7.222      2048 Bytes  02.06.2010 16:06:05
VBASE011.VDF   : 7.10.7.223      2048 Bytes  02.06.2010 16:06:06
VBASE012.VDF   : 7.10.7.224      2048 Bytes  02.06.2010 16:06:06
VBASE013.VDF   : 7.10.7.225      2048 Bytes  02.06.2010 16:06:06
VBASE014.VDF   : 7.10.7.226      2048 Bytes  02.06.2010 16:06:06
VBASE015.VDF   : 7.10.7.227      2048 Bytes  02.06.2010 16:06:06
VBASE016.VDF   : 7.10.7.228      2048 Bytes  02.06.2010 16:06:06
VBASE017.VDF   : 7.10.7.229      2048 Bytes  02.06.2010 16:06:07
VBASE018.VDF   : 7.10.7.230      2048 Bytes  02.06.2010 16:06:07
VBASE019.VDF   : 7.10.7.231      2048 Bytes  02.06.2010 16:06:07
VBASE020.VDF   : 7.10.7.232      2048 Bytes  02.06.2010 16:06:07
VBASE021.VDF   : 7.10.7.233      2048 Bytes  02.06.2010 16:06:07
VBASE022.VDF   : 7.10.7.234      2048 Bytes  02.06.2010 16:06:07
VBASE023.VDF   : 7.10.7.235      2048 Bytes  02.06.2010 16:06:09
VBASE024.VDF   : 7.10.7.236      2048 Bytes  02.06.2010 16:06:10
VBASE025.VDF   : 7.10.7.237      2048 Bytes  02.06.2010 16:06:10
VBASE026.VDF   : 7.10.7.238      2048 Bytes  02.06.2010 16:06:10
VBASE027.VDF   : 7.10.7.239      2048 Bytes  02.06.2010 16:06:10
VBASE028.VDF   : 7.10.7.240      2048 Bytes  02.06.2010 16:06:11
VBASE029.VDF   : 7.10.7.241      2048 Bytes  02.06.2010 16:06:11
VBASE030.VDF   : 7.10.7.242      2048 Bytes  02.06.2010 16:06:11
VBASE031.VDF   : 7.10.7.251     73728 Bytes  04.06.2010 17:08:16
Engineversion  : 8.2.2.6  
AEVDF.DLL      : 8.1.2.0      106868 Bytes  23.04.2010 19:03:13
AESCRIPT.DLL   : 8.1.3.31    1352058 Bytes  02.06.2010 16:07:21
AESCN.DLL      : 8.1.6.1      127347 Bytes  18.05.2010 15:53:44
AESBX.DLL      : 8.1.3.1      254324 Bytes  23.04.2010 19:03:13
AERDL.DLL      : 8.1.4.6      541043 Bytes  15.04.2010 19:47:45
AEPACK.DLL     : 8.2.1.1      426358 Bytes  20.03.2010 19:01:00
AEOFFICE.DLL   : 8.1.1.0      201081 Bytes  18.05.2010 15:53:44
AEHEUR.DLL     : 8.1.1.33    2724214 Bytes  05.06.2010 17:08:18
AEHELP.DLL     : 8.1.11.5     242038 Bytes  02.06.2010 16:06:18
AEGEN.DLL      : 8.1.3.10     377205 Bytes  02.06.2010 16:06:16
AEEMU.DLL      : 8.1.2.0      393588 Bytes  23.04.2010 19:03:12
AECORE.DLL     : 8.1.15.3     192886 Bytes  18.05.2010 15:53:43
AEBB.DLL       : 8.1.1.0       53618 Bytes  23.04.2010 19:03:12
AVWINLL.DLL    : 9.0.0.3       18177 Bytes  12.12.2008 07:47:56
AVPREF.DLL     : 9.0.3.0       44289 Bytes  10.09.2009 16:54:46
AVREP.DLL      : 8.0.0.7      159784 Bytes  18.02.2010 17:05:18
AVREG.DLL      : 9.0.0.0       36609 Bytes  07.11.2008 14:25:04
AVARKT.DLL     : 9.0.0.3      292609 Bytes  24.03.2009 14:05:37
AVEVTLOG.DLL   : 9.0.0.7      167169 Bytes  30.01.2009 09:37:04
SQLITE3.DLL    : 3.6.1.0      326401 Bytes  28.01.2009 14:03:49
SMTPLIB.DLL    : 9.2.0.25      28417 Bytes  02.02.2009 07:21:28
NETNT.DLL      : 9.0.0.0       11521 Bytes  07.11.2008 14:41:21
RCIMAGE.DLL    : 9.0.0.25    2438913 Bytes  15.05.2009 14:35:17
RCTEXT.DLL     : 9.0.73.0      87297 Bytes  21.11.2009 12:06:30

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Samstag, 5. Juni 2010  23:58

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '155070' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVCM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrcSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BSQLServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SaiMfd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ProfilerU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasyBatteryMgr3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MagicDoctorKbdHk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '83' Prozesse mit '83' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '57' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\hiberfil.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\pagefile.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\Users\Thore Hansen\AppData\Local\Temp\GhWPjq4M.7z.part
    [WARNUNG]   Die Datei konnte nicht gelesen werden!
C:\Users\Thore Hansen\Desktop\X1\XperiaDialer.cab
  [0] Archivtyp: CAB (Microsoft)
    --> XPERIA~1.040
      [WARNUNG]   Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
    [WARNUNG]   Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\Windows\System32\drivers\sptd.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\'
D:\X1 Backup\Intern\SkypeForPocketPC.CAB
  [0] Archivtyp: CAB (Microsoft)
    --> SKYPES~1.999
      [WARNUNG]   Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
    [WARNUNG]   Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.


Ende des Suchlaufs: Sonntag, 6. Juni 2010  03:11
Benötigte Zeit:  3:13:01 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  45256 Verzeichnisse wurden überprüft
 1043385 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      3 Dateien konnten nicht durchsucht werden
 1043382 Dateien ohne Befall
   5429 Archive wurden durchsucht
      8 Warnungen
      2 Hinweise
 155070 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Ich glaube es ist alles weg.

Vielen, vielen Dank. Du bist der Beste

cosinus · 06.06.2010, 13:42

Ok. Dann prüf mal die Updates. Bei Dir fehlt min. das SP2 für Vista!

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

04.06.2010, 15:12	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll - Standard$ TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll Ja, die Dinger mit Malwarebytes bitte löschen. __________________ Logfiles bitte immer in CODE-Tags posten

04.06.2010, 15:44	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll - Standard$ TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus __________________ Logfiles bitte immer in CODE-Tags posten

05.06.2010, 22:40	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll - Standard$ TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll Sieht unauffällig aus. Und das Java-Update während GMER aktiv war, sollte eigentlich kein Problem sein. Gabs in der Zwischenzeit noch weitere Funde? Oder ist der Rechner jetzt soweit wieder ok? __________________ Logfiles bitte immer in CODE-Tags posten

TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2 in C:\Windows\System32\iebho1D.dll