SDfix startet nicht (vs. winudpmgr.exe Trojaner)

febus · 03.06.2010, 15:18

Hey,

ich habe ein Problem mit dem Programm SDfix. Dieses wurde empfohlen auf ht_p://www.bleepingcomputer.com/startups/winudpmgr.exe-23094.html um den dort angezeigten Trojaner zu löschen.

Nun habe ich alle Punkte, die auf der Seite unter "How to use" angezeigt werden, befolgt und bin nicht weitergekommen.
Versuche ich nämlich, im abges. Modus das Programm zu starten, leuchtet nur kurz ein blaues Kästchen auf, danach passiert nichts weiter.

Ich fahre mit Windows Vista 32 Home auf einem Fujitsu Amilo Xi 1554.
Auf den Trojaner bin ich mit HijackThis aufmerksam geworden.

Kennt jemand das Problem?
Ich wäre für jede Hilfe sehr dankbar.

Beste Grüße, Felix

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:17, on 03.06.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O4 - Global Startup: Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f3e89e327439) (gupdate1c9f3e89e327439) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6239 bytes

Code:

ATTFilter

Logfile of random's system information tool 1.07 (written by random/random)
Run by Felix at 2010-06-03 16:18:48
Microsoft® Windows Vista™ Home Premium  
System drive C: has 19 GB (27%) free of 69 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:18:52, on 03.06.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Felix\Desktop\RSIT.exe
C:\Program Files\trend micro\Felix.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O4 - Global Startup: Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f3e89e327439) (gupdate1c9f3e89e327439) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6359 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115076939-1105052490-2296333666-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115076939-1105052490-2296333666-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{1FA59953-7E30-4B98-8E98-1D9955FF7B30}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-21 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-20 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-14 1006264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-27 815104]
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-21 2064736]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
C:\Program Files\FreePDF_XP\fpassist.exe [2009-09-05 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reg]
C:\ProgramData\fsc-reg\fscreg.exe [2007-06-13 280592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBPlayer]
C:\Program Files\MB application\MBPlayer.exe [2006-12-19 48640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmplayer.exe]
C:\Users\Felix\AppData\Roaming\Adobe\mmplayer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
C:\Program Files\pdf24\PDFBackend.exe [2009-09-25 206992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2006-11-01 3772416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-27 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
C:\tb_eula\EULALauncher.NET.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-05-20 3561720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Miranda IM.lnk - C:\Program Files\Miranda IM\miranda32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷"
"c:\asflkldnm9hdg3sdfffnaf.exe"="c:\asflkldnm9hdg3sdfffnaf.exe:*:Enabled:Windows UDP Control Center"
"c:\asflknaf.exe"="c:\asflknaf.exe:*:Enabled:Windows Messenger"
"c:\asfldf43pijknaf.exe"="c:\asfldf43pijknaf.exe:*:Enabled:Windows Messenger"
"c:\a35ldf43pijknaf.exe"="c:\a35ldf43pijknaf.exe:*:Enabled:Windows Messenger"
"c:\a35ldf4343knaf.exe"="c:\a35ldf4343knaf.exe:*:Enabled:Windows Messenger"
"c:\a35ld9343knaf.exe"="c:\a35ld9343knaf.exe:*:Enabled:Windows Messenger"
"c:\a35ldf93knaf.exe"="c:\a35ldf93knaf.exe:*:Enabled:Windows Messenger"
"c:\a35ldf493knaf.exe"="c:\a35ldf493knaf.exe:*:Enabled:Windows Messenger"
"c:\a35ldf493k9af.exe"="c:\a35ldf493k9af.exe:*:Enabled:Windows Messenger"
"c:\a35ldf49k3k9af.exe"="c:\a35ldf49k3k9af.exe:*:Enabled:Windows Messenger"
"c:\a35ldf49k3fk9af.exe"="c:\a35ldf49k3fk9af.exe:*:Enabled:Windows Messenger"
"c:\a35ldf49k3fhk9af.exe"="c:\a35ldf49k3fhk9af.exe:*:Enabled:Windows Messenger"
"c:\a35ldf49k3ifhk9af.exe"="c:\a35ldf49k3ifhk9af.exe:*:Enabled:Windows Messenger"
"C:\Users\Felix\AppData\Local\Temp\eraseme_85454.exe"="C:\Users\Felix\AppData\Local\Temp\eraseme_85454.exe:*:Enabled:Windows UDP Control Center"
"C:\Users\Felix\AppData\Local\Temp\eraseme_67384.exe"="C:\Users\Felix\AppData\Local\Temp\eraseme_67384.exe:*:Enabled:Windows UDP Control Center"
"C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe"="C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe:*:Enabled:PPStream Installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dc041a0-5a38-11de-bf61-001060d010e9}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe
shell\open\command - J:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b627ca8c-2fdc-11de-bcaa-001060d010e9}]
shell\AutoRun\command - F:\System\Security\DriveGuard.exe -run
shell\Explore\command - F:\System\Security\DriveGuard.exe -run
shell\Open\command - F:\System\Security\DriveGuard.exe -run


======List of files/folders created in the last 1 months======

2010-06-03 15:40:38 ----A---- C:\Windows\ntbtlog.txt
2010-06-03 15:36:19 ----D---- C:\SDFix
2010-06-03 15:31:28 ----D---- C:\rsit
2010-06-03 14:19:11 ----D---- C:\Users\Felix\AppData\Roaming\Malwarebytes
2010-06-03 14:19:02 ----D---- C:\ProgramData\Malwarebytes
2010-06-03 14:19:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-22 18:34:28 ----D---- C:\Program Files\Zattoo4
2010-05-15 15:46:22 ----D---- C:\Program Files\JRE
2010-05-13 12:05:38 ----D---- C:\c2950d10e50d243e1ce7b9
2010-05-12 23:10:06 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-05-12 23:10:00 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-05-12 23:10:00 ----A---- C:\Windows\system32\pbsvc.exe
2010-05-12 23:09:52 ----D---- C:\ProgramData\id Software

======List of files/folders modified in the last 1 months======

2010-06-03 16:18:52 ----D---- C:\Program Files\Trend Micro
2010-06-03 16:14:46 ----D---- C:\Windows\Temp
2010-06-03 16:14:39 ----D---- C:\Windows\System32
2010-06-03 16:14:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-03 16:14:38 ----D---- C:\Windows\inf
2010-06-03 16:07:46 ----D---- C:\Windows\Prefetch
2010-06-03 15:53:40 ----D---- C:\Windows\system32\Tasks
2010-06-03 15:48:13 ----D---- C:\Windows
2010-06-03 15:23:04 ----D---- C:\Windows\system32\drivers
2010-06-03 15:08:46 ----RD---- C:\Program Files
2010-06-03 15:06:45 ----D---- C:\Program Files\WC3Banlist
2010-06-03 15:05:02 ----D---- C:\Windows\Debug
2010-06-03 14:30:07 ----D---- C:\Windows\Microsoft.NET
2010-06-03 14:28:27 ----RSHD---- C:\RECYCLER
2010-06-03 14:19:02 ----HD---- C:\ProgramData
2010-06-03 13:59:13 ----D---- C:\Windows\Minidump
2010-06-03 13:59:06 ----SD---- C:\Windows\Downloaded Program Files
2010-06-03 12:55:18 ----SHD---- C:\System Volume Information
2010-06-01 00:10:13 ----D---- C:\Users\Felix\AppData\Roaming\Skype
2010-06-01 00:06:08 ----D---- C:\Users\Felix\AppData\Roaming\skypePM
2010-05-31 11:29:09 ----D---- C:\Windows\system32\catroot2
2010-05-28 02:23:29 ----D---- C:\Users\Felix\AppData\Roaming\foobar2000
2010-05-15 15:49:27 ----SHD---- C:\Windows\Installer
2010-05-15 15:49:27 ----D---- C:\Program Files\OpenOffice.org 3
2010-05-15 15:48:13 ----RSD---- C:\Windows\assembly
2010-05-15 15:46:43 ----RSD---- C:\Windows\Fonts
2010-05-15 15:36:23 ----D---- C:\Windows\winsxs
2010-05-12 23:10:00 ----D---- C:\Windows\system32\LogFiles
2010-05-11 20:38:33 ----D---- C:\Users\Felix\AppData\Roaming\Azureus
2010-05-11 20:38:27 ----D---- C:\Torrents
2010-05-04 01:01:29 ----D---- C:\ProgramData\DivX
2010-05-04 01:00:33 ----D---- C:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-03-15 29512]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-09-21 395312]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-29 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-29 25888]
R3 BthAvrcp;Bluetooth-AVRCP-Profil; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 15872]
R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-01 1644968]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]
S3 ai1hjue9;ai1hjue9; C:\Windows\system32\drivers\ai1hjue9.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2010-06-03 139336]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-04-03 47872]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-05-12 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-06-03 214720]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c9f3e89e327439;Google Update Service (gupdate1c9f3e89e327439); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-23 133104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-20 655624]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S4 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-15 916760]
S4 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]

-----------------EOF-----------------

cosinus · 04.06.2010, 09:39

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

febus · 04.06.2010, 14:29

Hallo cosinus,

vielen Dank für deine Antwort.

Ich habe gestern schon einmal den Malwarebytes Scan laufen lassen (siehe erster Log), die 2. Logfile ist dem beigefügt. OTL+Extras-Log am Ende:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4166

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

03.06.2010 14:28:27
mbam-log-2010-06-03 (14-28-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 122851
Laufzeit: 7 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4166

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

04.06.2010 15:01:22
mbam-log-2010-06-04 (15-01-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 296850
Laufzeit: 1 Stunde(n), 31 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Torrents\Photoshop CS4 (Keygen and tutorial)\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Felix\Desktop\ajo\Adobe CS4 Master Collection Keygen.rar Folder\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Code:

ATTFilter

OTL logfile created on: 04.06.2010 15:05:22 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Felix\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 18,30 Gb Free Space | 27,17% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 24,49 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive E: | 32,70 Gb Total Space | 9,50 Gb Free Space | 29,06% Space Free | Partition Type: NTFS
Drive F: | 279,46 Gb Total Space | 4,50 Gb Free Space | 1,61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FELIX-PC
Current User Name: Felix
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Felix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Miranda IM\miranda32.exe ( )
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Felix\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.08.14 16:44:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.21 14:10:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 21:45:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 11:41:44 | 000,000,000 | ---D | M]
 
[2008.06.24 20:43:00 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions
[2010.06.04 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions
[2009.09.05 12:41:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.08.13 19:38:53 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010.01.23 23:34:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.21 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\qt49vg03.default\extensions\firegestures@xuldev.org
[2010.04.10 14:21:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.15 12:44:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.15 12:44:44 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.15 12:44:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.15 12:44:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.15 12:44:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ( )
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0dc041a0-5a38-11de-bf61-001060d010e9}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe -- File not found
O33 - MountPoints2\{0dc041a0-5a38-11de-bf61-001060d010e9}\Shell\open\command - "" = J:\RECYCLER\S-1-6-22-2434476501-1644491937-600003330-1213\winudpmgr.exe -- File not found
O33 - MountPoints2\{b627ca8c-2fdc-11de-bcaa-001060d010e9}\Shell\AutoRun\command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{b627ca8c-2fdc-11de-bcaa-001060d010e9}\Shell\Explore\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{b627ca8c-2fdc-11de-bcaa-001060d010e9}\Shell\Open\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = RECYCLER\launch.exe
O33 - MountPoints2\F\Shell\open\command - "" = RECYCLER\launch.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = RECYCLER\launch.exe
O33 - MountPoints2\I\Shell\open\command - "" = RECYCLER\launch.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.04 15:04:30 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2010.06.03 15:36:19 | 000,000,000 | ---D | C] -- C:\SDFix
[2010.06.03 15:31:28 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.03 14:35:08 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\Autoruns
[2010.06.03 14:19:11 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes
[2010.06.03 14:19:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.03 14:19:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.03 14:19:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 14:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.22 18:34:28 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[2010.05.15 15:46:22 | 000,000,000 | ---D | C] -- C:\Programme\JRE
[2010.05.13 12:05:38 | 000,000,000 | ---D | C] -- C:\c2950d10e50d243e1ce7b9
[2010.05.12 23:18:23 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\PunkBuster
[2010.05.12 23:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[1 C:\Users\Felix\Desktop\*.tmp files -> C:\Users\Felix\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.04 15:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.04 15:05:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.04 15:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1FA59953-7E30-4B98-8E98-1D9955FF7B30}.job
[2010.06.04 15:04:54 | 002,621,440 | -HS- | M] () -- C:\Users\Felix\NTUSER.DAT
[2010.06.04 15:01:49 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\assivlu.sys
[2010.06.04 14:36:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115076939-1105052490-2296333666-1000UA.job
[2010.06.04 14:25:37 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 14:25:37 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 13:43:43 | 000,139,336 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.06.04 13:43:29 | 000,214,720 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.06.04 13:31:25 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.04 13:31:25 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.04 13:31:25 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.04 13:31:25 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.04 13:31:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.04 13:27:01 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2010.06.04 12:25:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.04 12:25:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.04 01:53:46 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.04 01:53:41 | 002,049,257 | -H-- | M] () -- C:\Users\Felix\AppData\Local\IconCache.db
[2010.06.03 15:38:41 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115076939-1105052490-2296333666-1000Core.job
[2010.06.03 15:36:13 | 001,529,241 | ---- | M] () -- C:\Users\Felix\Desktop\SDFix.exe
[2010.06.03 15:29:25 | 000,824,681 | ---- | M] () -- C:\Users\Felix\Desktop\RSIT.exe
[2010.06.03 15:06:22 | 000,002,888 | ---- | M] () -- C:\Users\Felix\Documents\cc_20100603_150603.reg
[2010.06.03 15:05:52 | 000,029,842 | ---- | M] () -- C:\Users\Felix\Documents\cc_20100603_150542.reg
[2010.06.03 14:19:06 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 14:11:41 | 000,001,880 | ---- | M] () -- C:\Users\Felix\Desktop\HijackThis.lnk
[2010.06.02 18:50:09 | 000,000,000 | ---- | M] () -- C:\Users\Felix\AppData\Local\prvlcl.dat
[2010.06.02 12:12:04 | 060,620,360 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.05.24 21:28:24 | 000,000,600 | ---- | M] () -- C:\Users\Felix\PUTTY.RND
[2010.05.22 18:35:06 | 000,017,408 | ---- | M] () -- C:\Users\Felix\AppData\Local\WebpageIcons.db
[2010.05.16 00:01:15 | 000,077,376 | ---- | M] () -- C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.15 23:58:55 | 002,436,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.12 23:10:00 | 002,373,712 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[1 C:\Users\Felix\Desktop\*.tmp files -> C:\Users\Felix\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.04 15:01:49 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\assivlu.sys
[2010.06.03 15:36:12 | 001,529,241 | ---- | C] () -- C:\Users\Felix\Desktop\SDFix.exe
[2010.06.03 15:29:23 | 000,824,681 | ---- | C] () -- C:\Users\Felix\Desktop\RSIT.exe
[2010.06.03 15:06:08 | 000,002,888 | ---- | C] () -- C:\Users\Felix\Documents\cc_20100603_150603.reg
[2010.06.03 15:05:44 | 000,029,842 | ---- | C] () -- C:\Users\Felix\Documents\cc_20100603_150542.reg
[2010.06.03 14:19:06 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 14:11:41 | 000,001,880 | ---- | C] () -- C:\Users\Felix\Desktop\HijackThis.lnk
[2010.05.22 18:34:33 | 000,017,408 | ---- | C] () -- C:\Users\Felix\AppData\Local\WebpageIcons.db
[2010.05.12 23:18:36 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.12 23:18:27 | 000,214,720 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.12 23:10:06 | 000,214,720 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.05.12 23:10:00 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.05.12 23:10:00 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.11.07 17:08:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.06.29 10:22:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.06.29 10:22:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.31 22:39:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.26 22:57:07 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009.02.26 22:55:45 | 000,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2009.02.26 22:55:45 | 000,000,062 | ---- | C] () -- C:\Windows\powerlist.ini
[2009.02.26 22:55:31 | 000,001,365 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009.02.26 22:55:31 | 000,000,558 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009.02.25 23:34:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.02.12 19:05:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.30 17:12:37 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007.10.11 21:14:15 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007.08.14 16:54:43 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007.08.14 16:42:34 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005.08.02 23:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 04.06.2010 15:05:22 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Felix\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 18,30 Gb Free Space | 27,17% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 24,49 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive E: | 32,70 Gb Total Space | 9,50 Gb Free Space | 29,06% Space Free | Partition Type: NTFS
Drive F: | 279,46 Gb Total Space | 4,50 Gb Free Space | 1,61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FELIX-PC
Current User Name: Felix
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"c:\asflkldnm9hdg3sdfffnaf.exe" = c:\asflkldnm9hdg3sdfffnaf.exe:*:Enabled:Windows UDP Control Center -- File not found
"c:\asflknaf.exe" = c:\asflknaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\asfldf43pijknaf.exe" = c:\asfldf43pijknaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf43pijknaf.exe" = c:\a35ldf43pijknaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf4343knaf.exe" = c:\a35ldf4343knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ld9343knaf.exe" = c:\a35ld9343knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf93knaf.exe" = c:\a35ldf93knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf493knaf.exe" = c:\a35ldf493knaf.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf493k9af.exe" = c:\a35ldf493k9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3k9af.exe" = c:\a35ldf49k3k9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3fk9af.exe" = c:\a35ldf49k3fk9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3fhk9af.exe" = c:\a35ldf49k3fhk9af.exe:*:Enabled:Windows Messenger -- File not found
"c:\a35ldf49k3ifhk9af.exe" = c:\a35ldf49k3ifhk9af.exe:*:Enabled:Windows Messenger -- File not found
"C:\Users\Felix\AppData\Local\Temp\eraseme_85454.exe" = C:\Users\Felix\AppData\Local\Temp\eraseme_85454.exe:*:Enabled:Windows UDP Control Center -- File not found
"C:\Users\Felix\AppData\Local\Temp\eraseme_67384.exe" = C:\Users\Felix\AppData\Local\Temp\eraseme_67384.exe:*:Enabled:Windows UDP Control Center -- File not found
"C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe" = C:\Program Files\PPStream\update\ppstreamsetup-update090811.exe:*:Enabled:PPStream Installer -- (PPStream Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14FD022A-2351-43AE-9B0B-F653E55A06D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{35E3A108-DE26-4A6B-A03F-EEE27492EC66}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{37C092AF-1ED3-490A-AD02-40E9FB4A53AB}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{3823C52B-B224-47C3-8EE2-D38CA124BC61}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{39BB8FDC-828F-4DC9-9D86-51F45563E777}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3FEEF757-583D-486F-AFE2-B9BAF98872C8}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{55A7BD94-7168-495A-8FAC-BD3BEEC634A7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{822BD0DA-0A33-4F56-A161-D42DE7661143}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{96BF99A9-BDD5-4194-8EB7-255315D3CF8D}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{A85A840C-E737-422B-993E-AAFD4D55A839}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{AACE9668-B0BF-4865-A12A-EF37F183C704}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{B14D1781-F466-40C9-894D-9C99F7191EAE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B595FF32-523A-4A22-BDD5-A39FE908FA4E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B62023B7-376B-4E4D-A29C-6B1119901F41}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{C68BCBBE-E587-4A14-B4AE-B4986B081D53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CAFD5111-FADE-46BE-8F56-246865E7729D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CCEB4AB7-A042-4856-8F26-3ACA390BB50F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D5E68FC9-1EDD-48F0-A972-68FE08D87B2D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{EC5C24D0-910E-4CA5-A786-5AF80B2D7D35}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F420C1C8-1046-47D8-9DAE-4D9C6CB2FF68}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{F727905B-929E-4459-A2FE-D408F3D2EBF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B4C608-EC8E-4FE1-88F3-A8428E52ABC5}" = protocol=6 | dir=in | app=e:\programme\league of legends\game\league of legends.exe | 
"{0AA1A9C8-42DB-4301-9D98-BACD996F0EEF}" = protocol=17 | dir=in | app=e:\programme\league of legends\air\lolclient.exe | 
"{0AEC979D-E7B7-4FE0-91B1-D90AA77B5EAB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{105A8E81-1021-4252-9862-A9B2E60323E1}" = protocol=6 | dir=in | app=e:\programme\league of legends\air\lolclient.exe | 
"{1D3807EB-AB50-4A74-886D-10C5B025C052}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{20BCBEF2-2F5C-4986-A434-682D15E5C998}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{2668B3DB-01FC-40EC-BF60-1FC08619C676}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{291D56F2-47FD-4A70-A6FC-745E08DE4017}" = protocol=6 | dir=in | app=e:\programme\league of legends\air\lolclient.exe | 
"{3714BBDF-0B8F-44C3-BD5B-2A7CDDFD7AD6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3FCB044C-12BF-46D0-AA55-94B43181C29E}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{4BD7E12E-3F86-4A7C-8816-58775E350AE8}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{565877E7-EB4F-4B34-961F-C83363A58BFB}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{68889327-F9BF-4DA2-A23A-AF79A921FC9B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{69775C51-2C5B-4C51-A7BA-347781868CBE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{73A0262F-15D9-49FA-ABFB-D1637FCB0279}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76433CC0-A53D-44D0-A29B-2926CDF845A8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{76DD62AB-7271-414C-AC17-AC06F848E762}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{7B8A46EF-71C1-45B1-BC2C-251F6A06A0DF}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{82A5B35D-8879-4F44-ACA1-6DB0FAF71673}" = protocol=6 | dir=in | app=e:\programme\league of legends\lol.launcher.exe | 
"{84919FDF-01AF-4533-A0D6-9898A588B05D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{84C903AF-FA9A-43F4-9626-18A8E2D1A33B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{8EA5343A-5D92-41DC-BE94-1BD0FA18DA35}" = protocol=17 | dir=in | app=e:\programme\league of legends\game\league of legends.exe | 
"{9B9D5522-E455-48CC-906D-00794BB9A78E}" = protocol=6 | dir=in | app=e:\programme\league of legends\game\league of legends.exe | 
"{9C8A2E11-1D7D-4094-8126-05278E3227AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A624BFE7-E580-457E-BE64-617AA1886E1D}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{A9A5B63B-5EF7-49C0-93A4-CD13A2502284}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{B0B8C3AB-37EB-43FC-AD14-EFBC0913D2A5}" = protocol=17 | dir=in | app=e:\programme\league of legends\air\lolclient.exe | 
"{B43B6059-C715-48FE-8E07-5C0425AB7688}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{D4B73129-57BB-4CE0-AAE7-3F052D4210EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D572AB4D-24B2-4895-A94D-DF17D04DA9D4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{DCBBBD6F-8203-4C83-AC7F-A633C027C262}" = protocol=17 | dir=in | app=e:\programme\league of legends\lol.launcher.exe | 
"{ECBD72CF-5362-4A16-992E-84F612542123}" = protocol=17 | dir=in | app=e:\programme\league of legends\game\league of legends.exe | 
"{F09E1619-D938-4D47-B860-BFD6A8E371F2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{FDE513AE-5B7E-47A7-BD8A-D488D0E05C5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{05006FB7-09FC-4A96-B01F-68F110EE3EEA}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{0C01547D-2CCB-4173-B0C6-656C5D2038D8}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{14D79DA0-B7D2-43CC-BAB3-6F6D52713148}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{1D7FCBCB-B72E-47B7-850E-7BF98D2ABBE7}C:\users\felix\downloads\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\felix\downloads\loleudownloader.exe | 
"TCP Query User{24FEC84B-49E8-49B4-8AFE-C8C8D96414C5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{26010DD5-1599-466A-83C9-DB4854C8CAA8}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{3D9D5580-C173-4965-88CD-E2EFE23BC864}C:\users\felix\desktop\pickup.listchecker.exe" = protocol=6 | dir=in | app=c:\users\felix\desktop\pickup.listchecker.exe | 
"TCP Query User{5CFA77BE-A61D-4043-9B5C-D7749E348BA4}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{6452DB22-F258-44CB-8910-67DDD7E64370}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{722C2C91-1F82-4A6B-8F4F-E578E0296955}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{855C0212-14E5-4D97-ACB3-6134C841799B}E:\programme\anno1701\anno1701.exe" = protocol=6 | dir=in | app=e:\programme\anno1701\anno1701.exe | 
"TCP Query User{952E3CF5-78F2-4967-B65C-F5FA69C1456F}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{9D5016CE-0E7D-4269-A5DF-CFF7988382AF}E:\programme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\programme\warcraft iii\war3.exe | 
"TCP Query User{A1D41552-799D-4DEC-9CDB-1B778EAA6A4E}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{A271C991-21C2-4B61-AB67-652CDEE01C32}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{A3537D6E-B634-40F9-B10B-C83CBC3ED281}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{B07AAE01-4A11-409C-ADA7-1B25CB1C1509}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{BBB4B2B4-490F-4615-B7FD-61B2AB7E1926}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{BC2377B5-46C1-4BB1-87AA-95F42B3E98DD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{BF1E9B89-E013-4685-91B7-F6450FB748BC}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{C7D9334A-D439-4C9D-B3BC-9DA0B59C7D09}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{CC5C90E7-1231-4E4D-974D-3948C5EEDBC5}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{D0BD2B4D-7DF2-4438-A806-4E1263FD9054}E:\programme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\programme\warcraft iii\war3.exe | 
"TCP Query User{D1F5A237-D55E-4FA9-8794-2CEB57B92ADF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{F15CD3BB-D1FC-439F-9720-7CB3D9D79E7E}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{12300AD9-3879-49E3-A7BB-F3CE40C58419}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{14180D95-8A5E-4BA5-9579-BB839D1317D4}C:\users\felix\desktop\pickup.listchecker.exe" = protocol=17 | dir=in | app=c:\users\felix\desktop\pickup.listchecker.exe | 
"UDP Query User{180F0B14-D0FF-4972-9E0A-58C50E83131D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{19BB9A33-2D09-4EC8-87F4-CE9F790A1A17}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{1C259867-F8AD-45BE-A3F9-D8119265DDA6}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{224072EC-5ECB-4BEC-B259-E3D0297F5D80}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{29959CE2-645C-4D83-B8A5-8381F404DFAB}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{3CC8C42E-8358-45EB-88B8-5B168816F755}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{49557CF5-7FAD-4C35-9642-E52B27F6EEC7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{55476C47-AD6A-4DD8-BEE1-133D569B0E1B}E:\programme\anno1701\anno1701.exe" = protocol=17 | dir=in | app=e:\programme\anno1701\anno1701.exe | 
"UDP Query User{57D68092-A96B-43F0-B2FC-466DFC8E0796}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{630E3277-830A-4A74-BD9E-7DC0C865578C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{6949D924-2EFA-44C9-B7AF-F4A63C7BB1BF}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{717F0E4A-0E46-41B0-9E4F-8A49E20E10DB}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{80772E7B-6678-4538-AD8E-A0F159D958A0}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{87A60456-13A9-4651-943E-A69CA9A318A2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{97550BBE-0E34-4A93-A9F2-9A5CD7B52178}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{AE7A3B4E-4E30-4730-A999-D0675B2E307E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{BA5A2F76-4528-4A0E-940C-34682592FF0F}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{BC4B62A9-60CF-4EDA-A88D-1B27DB777BCB}C:\users\felix\downloads\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\felix\downloads\loleudownloader.exe | 
"UDP Query User{BF4D6D41-94AA-4894-A547-531E34C0F6AA}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{C4902257-F83D-4D1F-A8E8-24C33CAC0FA8}E:\programme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\programme\warcraft iii\war3.exe | 
"UDP Query User{DF834114-4F66-4C8F-9AC5-7B088A0F7E89}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{E19A1A0F-C3BE-4100-80F9-AE5497397AEA}E:\programme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\programme\warcraft iii\war3.exe | 
"UDP Query User{FA080297-8D25-4530-A8B7-C8C8779D668D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02FF6822-32F3-ABDC-AB28-BADD33B179E3}" = Catalyst Control Center Localization Spanish
"{03137E91-D58D-58D1-436E-36344646B3ED}" = Catalyst Control Center Localization French
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9BE735-8E58-579D-38D4-21AAD1078CB3}" = Catalyst Control Center Localization Italian
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2865A8C7-1B0D-51E9-3BD2-266D3DD93352}" = CCC Help English
"{2F69743D-7DAE-4531-A620-F00CF4AE9D99}" = CCC Help Italian
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{321A415E-BEAE-3EFE-2264-27E438B33706}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35D3072F-0774-8F06-6206-36AFC7204C72}" = Catalyst Control Center Localization Japanese
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37EAF661-98E1-5582-2AEF-BF6C81BCC4BC}" = Catalyst Control Center Localization Korean
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ADEA896-0F0A-BFE8-6C65-5D02505F43CA}" = CCC Help Swedish
"{3B23A70B-B838-1C3E-F911-624EBB63BB39}" = Catalyst Control Center Localization German
"{3B2BCE7B-C9BE-8BCD-1107-72A99059266F}" = CCC Help Chinese Traditional
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{409A5CF6-961C-A49A-32F1-D1542BE07650}" = Catalyst Control Center Localization Swedish
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C47DA93-303F-4165-918B-BCBAD9099DB8}" = Russisch für Deutsche - empfohlen
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}" = Opera 9.27
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61B73ACB-FBE9-EA0D-831D-38B3907B6056}" = CCC Help Dutch
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66014086-AC67-A425-ABDE-1652B322E977}" = CCC Help Korean
"{66707D40-272D-7C9A-CA53-983515730096}" = Catalyst Control Center Localization Chinese Traditional
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B5D479C-92D4-B303-4C31-50CC1460A9F2}" = CCC Help Japanese
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{8073DF82-5740-187C-7453-64D2689FD0AD}" = CCC Help Spanish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9C02D4CB-2373-9A0B-E3C5-2613A1B4A7FF}" = Catalyst Control Center Graphics Previews Vista
"{A0B987C7-1AA7-6A59-F7BB-5026406A7866}" = Catalyst Control Center Localization Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA3DDA7B-A960-51C2-69C5-86F3AFB3E074}" = Catalyst Control Center InstallProxy
"{AB1F2BA8-F45A-9AC3-ACC2-5890D7C8A24F}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2A4B681-FAE7-9942-09D0-44BAB8147AB5}" = CCC Help Portuguese
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C4601137-FDD1-4579-BE2D-1FBF093FB906}" = ccc-Branding
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC670BBB-364E-A336-10D1-97034B1529D7}" = CCC Help Chinese Standard
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6CD7A9-7528-0934-CE5A-0B165764E367}" = Catalyst Control Center Localization Portuguese
"{CEE5F860-7FAB-80D0-E7CF-022C18B95E25}" = ATI Catalyst Install Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E824B078-B8DD-29F1-04DF-65C5D2468B44}" = CCC Help German
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0)
"841F246A60607D129BAE7F771CB55E7B3EF8BCF8" = Windows Driver Package - Intel (NETw2v32) net  (11/01/2006 9.1.0.111)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"AVG9Uninstall" = AVG Free 9.0
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"foobar2000" = foobar2000 v0.9.4.5
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"LastFM_is1" = Last.fm 1.5.4.24567
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.24
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MusicBrainz Picard" = MusicBrainz Picard 0.7.2
"PPLive" = PPLive 2.0
"PPS_is1" = PPS
"PPStream" = PPStream V2.6.86.8898 Final
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TVAnts 1.0" = TVAnts 1.0
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLems_is1" = WinLems 1.24
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.03.2009 19:13:29 | Computer Name = Felix-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 19.03.2009 07:34:50 | Computer Name = Felix-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 19.03.2009 23:18:59 | Computer Name = Felix-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 20.03.2009 12:16:10 | Computer Name = Felix-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 20.03.2009 16:14:37 | Computer Name = Felix-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 20.03.2009 16:14:37 | Computer Name = Felix-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 20.03.2009 16:14:37 | Computer Name = Felix-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 20.03.2009 16:14:43 | Computer Name = Felix-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
 einem nicht unterstützten Abfragetyp aufgerufen.
 
Error - 20.03.2009 16:16:49 | Computer Name = Felix-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
 einem nicht unterstützten Abfragetyp aufgerufen.
 
Error - 20.03.2009 16:22:47 | Computer Name = Felix-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
 einem nicht unterstützten Abfragetyp aufgerufen.
 
[ System Events ]
Error - 03.06.2010 09:41:30 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.06.2010 09:55:34 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.06.2010 09:55:34 | Computer Name = Felix-PC | Source = LSM | ID = 1048
Description = 
 
Error - 03.06.2010 09:55:53 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.06.2010 09:56:00 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.06.2010 09:56:03 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.06.2010 09:56:03 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.06.2010 09:56:03 | Computer Name = Felix-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.06.2010 13:17:50 | Computer Name = Felix-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 03.06.2010 17:54:15 | Computer Name = Felix-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >

cosinus · 04.06.2010, 14:40

Zitat:

Infizierte Dateien:
C:\Torrents\Photoshop CS4 (Keygen and tutorial)\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Felix\Desktop\ajo\Adobe CS4 Master Collection Keygen.rar Folder\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Sry aber Du musst formatieren

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

SDfix startet nicht (vs. winudpmgr.exe Trojaner)

Antiviren-, Firewall- und andere Schutzprogramme: SDfix startet nicht (vs. winudpmgr.exe Trojaner)