|
Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.Generic!BT nach Internetbetrug gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.07.2010, 15:08 | #1 |
| Trojan.Win32.Generic!BT nach Internetbetrug gefunden Guten Tag, bin in den letzten 2 Wochen über Ebay+PayPal, da diese Accounts übernommen worden um ca. 1500€ betrogen worden. Ein Scan mit AdAware hat Trojan.Win32.Generic!BT innerhalb der Sun Java Application gefunden; nach der Reinigung haben versch. Scans mit Anti-Malware, Norton IS 2010, Avira und AdAware keine weiteren Treffer angezeigt. Habe in der Zwischenzeit Anzeige erstatte, alle Kreditkarten und sonstige Passwörter für Online-Banking gesperrt. Bitte um Hilfe, da ich weder sicher bin, ob wirklich obiger Trojaner der Auslöser war, noch ob ich meinem Rechner überhaupt noch trauen kann. Eine Formatierung der Festplatte möchte ich vermeiden, daher wäre ich um jede Rückmeldung dankbar! Im folgenden befinden sich die letzten LogFiles von Antiware und OTL. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4340 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 23.07.2010 08:47:08 mbam-log-2010-07-23 (08-47-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 367515 Laufzeit: 1 Stunde(n), 4 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter OTL logfile created on: 25.07.2010 15:23:22 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 65,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 35,54 Gb Total Space | 0,55 Gb Free Space | 1,54% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 90,74 Gb Free Space | 60,49% Space Free | Partition Type: NTFS Drive E: | 100,00 Gb Total Space | 92,40 Gb Free Space | 92,40% Space Free | Partition Type: NTFS Drive F: | 50,00 Gb Total Space | 32,74 Gb Free Space | 65,47% Space Free | Partition Type: NTFS Drive G: | 100,00 Gb Total Space | 48,68 Gb Free Space | 48,68% Space Free | Partition Type: NTFS Drive H: | 100,00 Gb Total Space | 36,95 Gb Free Space | 36,95% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive J: | 293,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EGAL Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - E:\Mozilla\Firefox\firefox.exe (Mozilla Corporation) PRC - E:\Mozilla\Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Users\***\Desktop\HiJackThis204.exe (Trend Micro Inc.) PRC - E:\Mozilla\Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - E:\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - E:\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) PRC - E:\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () PRC - C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE (SEIKO EPSON CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation) MOD - E:\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- E:\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NIS) -- E:\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (DAUpdaterSvc) -- H:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (WEBNTACCESS) -- C:\Windows\SysNative\NTACCESS.SYS File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SYMTDIV.SYS (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Ironx64.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMEFA64.SYS (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SRTSP64.SYS (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SRTSPX64.SYS (Symantec Corporation) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ccHPx64.sys (Symantec Corporation) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\DRIVERS\cjusb.sys (REINER SCT) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMDS64.SYS (Symantec Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\Drivers\DgiVecp.sys (Samsung Electronics) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100724.002\EX64.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100724.002\ENG64.SYS (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100723.001\IDSviA64.sys (Symantec Corporation) DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 9D F0 70 29 14 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: close@doubleclick:1.12 FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1 FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {19EB90DC-A456-458b-8AAC-616D91AAFCE1}:0.7 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4 FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: {94B08592-E5B4-45ff-A0BE-C1D975458688}:0.4.1 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7 FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.07.21 17:59:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.07.20 18:10:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: E:\Mozilla\Firefox\components [2010.07.24 17:00:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: E:\Mozilla\Firefox\plugins [2010.07.24 17:00:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: E:\Mozilla\Thunderbird\components [2010.07.21 20:03:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: E:\Mozilla\Thunderbird\plugins [2010.04.10 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.04.10 19:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.25 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\Bärchen\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions [2010.06.18 06:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2009.05.19 19:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.01.17 17:41:58 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2010.02.20 10:36:17 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.04.27 18:06:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.21 08:39:15 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2008.12.26 19:07:34 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2010.01.28 08:41:57 | 000,000,000 | ---D | M] (IE View) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2009.06.04 10:29:47 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2008.12.26 19:07:34 | 000,000,000 | ---D | M] (Exit Button Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{94B08592-E5B4-45ff-A0BE-C1D975458688} [2009.07.07 07:38:18 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.06.02 11:23:40 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2008.12.26 19:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{c1309325-5574-41bc-ab8a-abae2acee24b} [2010.07.10 23:38:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.14 22:24:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2009.10.15 20:02:01 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904} [2010.06.18 06:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.01.21 08:39:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\close@doubleclick [2010.03.26 11:56:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\ctrl-tab@design-noir.de [2009.07.26 13:35:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\savesession@noasobi.net O1 HOSTS File: ([2009.02.14 15:13:57 | 000,292,080 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10058 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EPSON PageSTM InboxIcon01] C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] E:\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Vertrauenswürdige Sites) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{07b98d42-cd08-11dd-b486-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{07b98d42-cd08-11dd-b486-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found O33 - MountPoints2\{5270459f-ccf7-11dd-891e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5270459f-ccf7-11dd-891e-806e6f6e6963}\Shell\AutoRun\command - "" = I:\SetupAssistant.exe -- File not found O33 - MountPoints2\{68864988-dfd2-11dd-8196-001fd0ae54a5}\Shell\AutoRun\command - "" = Torpark.exe O33 - MountPoints2\{be8acdc6-cd0c-11dd-a6a3-001fd0ae54a5}\Shell - "" = AutoRun O33 - MountPoints2\{be8acdc6-cd0c-11dd-a6a3-001fd0ae54a5}\Shell\AutoRun\command - "" = K:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.25 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue [2010.07.23 07:42:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.23 07:41:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.07.22 06:31:39 | 000,029,184 | ---- | C] (REINER SCT) -- C:\Windows\SysNative\drivers\cjusb.sys [2010.07.21 17:51:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Tific [2010.07.21 07:13:43 | 000,053,808 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys [2010.07.20 18:46:06 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys [2010.07.20 18:46:06 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys [2010.07.20 18:46:06 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys [2010.07.20 18:46:05 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys [2010.07.20 18:46:05 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys [2010.07.20 18:46:05 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys [2010.07.20 18:46:05 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys [2010.07.20 18:45:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C [2010.07.20 18:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.07.20 18:10:11 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.07.20 18:09:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2010.07.20 18:09:10 | 000,000,000 | ---D | C] -- C:\Programme\Symantec [2010.07.20 18:07:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2010.07.20 17:57:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.20 17:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.07.20 17:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.07.20 17:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.07.19 20:36:05 | 000,000,000 | ---D | C] -- C:\Users\Bärchen\AppData\Roaming\ImgBurn [2010.07.13 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.07.11 11:58:38 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.07.11 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software [2010.07.11 11:54:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{65893B95-F47B-4483-B883-86BA181E9B54} [2010.07.11 11:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.07.10 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.07.10 09:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.10 09:12:27 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.28 18:53:13 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.06.28 18:53:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.06.26 12:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee ========== Files - Modified Within 30 Days ========== [2010.07.25 15:25:05 | 006,029,312 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.07.25 14:46:38 | 000,010,362 | ---- | M] () -- C:\Users\***\Documents\cc_20100725_144623.reg [2010.07.25 14:19:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.25 14:19:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.25 12:19:58 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2010.07.25 12:19:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.25 12:19:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.25 02:14:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.25 02:14:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{126bd4f8-cfac-11dd-b7b8-00040efc0565}.TMContainer00000000000000000001.regtrans-ms [2010.07.25 02:14:55 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{126bd4f8-cfac-11dd-b7b8-00040efc0565}.TM.blf [2010.07.25 02:14:52 | 002,656,855 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.25 00:00:16 | 002,426,870 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB [2010.07.24 13:16:09 | 000,002,657 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2010.07.23 07:42:20 | 000,000,519 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 07:41:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bärchen\Desktop\HiJackThis204.exe [2010.07.22 06:32:15 | 000,000,394 | ---- | M] () -- C:\Windows\hbcikrnl.ini [2010.07.21 17:56:00 | 001,474,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.21 17:56:00 | 000,643,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.21 17:56:00 | 000,600,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.21 17:56:00 | 000,130,976 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.21 17:56:00 | 000,108,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.21 07:13:14 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010.07.20 18:30:16 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.07.20 18:09:10 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.07.20 18:09:10 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.07.20 18:09:10 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.07.20 18:01:08 | 000,016,142 | ---- | M] () -- C:\Users\***\Documents\cc_20100720_180100.reg [2010.07.19 20:29:34 | 000,000,539 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2010.07.17 12:10:08 | 000,000,773 | ---- | M] () -- C:\Windows\WISO.INI [2010.07.11 11:54:04 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.07.09 13:19:17 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.06 19:28:45 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.07.06 19:28:44 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010.07.03 11:39:44 | 000,001,586 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk ========== Files Created - No Company Name ========== [2010.07.25 14:46:26 | 000,010,362 | ---- | C] () -- C:\Users\***\Documents\cc_20100725_144623.reg [2010.07.23 07:42:20 | 000,000,519 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.22 06:31:34 | 000,060,269 | ---- | C] () -- C:\Windows\SysWow64\cjbc_de.lan [2010.07.21 07:12:15 | 002,426,870 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB [2010.07.20 18:46:06 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat [2010.07.20 18:46:06 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat [2010.07.20 18:46:06 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat [2010.07.20 18:46:06 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat [2010.07.20 18:46:06 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf [2010.07.20 18:46:06 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds.inf [2010.07.20 18:46:06 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf [2010.07.20 18:46:06 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf [2010.07.20 18:46:05 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat [2010.07.20 18:46:05 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat [2010.07.20 18:46:05 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat [2010.07.20 18:46:05 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat [2010.07.20 18:46:05 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf [2010.07.20 18:46:05 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf [2010.07.20 18:46:05 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf [2010.07.20 18:46:05 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf [2010.07.20 18:45:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini [2010.07.20 18:10:11 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.07.20 18:10:11 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.07.20 18:08:36 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010.07.20 18:01:02 | 000,016,142 | ---- | C] () -- C:\Users\***\Documents\cc_20100720_180100.reg [2010.07.19 20:29:34 | 000,000,539 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2010.07.11 14:32:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010.07.11 11:54:04 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.28 18:53:28 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.05.31 17:26:57 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2009.06.27 12:37:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.06.14 16:35:18 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.06.02 17:22:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.06.02 17:21:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.12.19 10:55:21 | 000,000,394 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2008.12.19 10:54:55 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2008.12.19 10:54:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2008.12.19 00:41:39 | 000,000,773 | ---- | C] () -- C:\Windows\WISO.INI [2008.12.18 15:19:04 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2005.04.06 17:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2005.04.06 17:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll ========== LOP Check ========== [2009.06.28 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2008.12.19 00:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2009.10.13 19:03:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH [2008.12.19 10:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign [2009.07.19 18:49:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eDocPrintPro [2009.11.14 10:05:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EverAd [2010.05.29 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoPal Assistant [2010.07.19 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2009.01.03 14:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.02.02 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LetsTrade [2010.04.10 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.07.21 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2010.07.25 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2010.07.25 02:14:58 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD4DD9B9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.07.2010 15:23:22 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\***\Bärchen\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 65,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 35,54 Gb Total Space | 0,55 Gb Free Space | 1,54% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 90,74 Gb Free Space | 60,49% Space Free | Partition Type: NTFS Drive E: | 100,00 Gb Total Space | 92,40 Gb Free Space | 92,40% Space Free | Partition Type: NTFS Drive F: | 50,00 Gb Total Space | 32,74 Gb Free Space | 65,47% Space Free | Partition Type: NTFS Drive G: | 100,00 Gb Total Space | 48,68 Gb Free Space | 48,68% Space Free | Partition Type: NTFS Drive H: | 100,00 Gb Total Space | 36,95 Gb Free Space | 36,95% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive J: | 293,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: EGAL Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Mozilla\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 13 10 40 90 9A E3 C9 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{113611D4-DAD9-4B5B-9010-A336B215D3CE}" = rport=137 | protocol=17 | dir=out | app=system | "{193500F2-EFF3-4984-8B45-8061F2DF184F}" = lport=137 | protocol=17 | dir=in | app=system | "{196D3E1D-9D9D-4077-9B30-D6CB7EC44D35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{34C28B76-EB20-4DF0-B96B-BA420A95D84C}" = rport=139 | protocol=6 | dir=out | app=system | "{6355DAA9-2105-44FF-8D9B-12083FC838AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6D047ECA-7416-4992-AA27-601AF7429024}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6F241EF9-5416-4FD5-99C6-79B2BAC810A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7B8B5023-32A7-4BFD-88E0-CD11E1B420B0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8B3175E4-CB01-46DF-8C9D-127276D3069C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{95F0525E-0A4C-4EF1-9FE8-F3848DF7D4F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B40E5B65-9740-4552-82D6-86F82C16FAF8}" = lport=139 | protocol=6 | dir=in | app=system | "{B4E88BA2-9B05-4DC3-89C4-4885B9FD814B}" = lport=445 | protocol=6 | dir=in | app=system | "{BEAE83EE-A6F2-4214-829B-CA883DA43683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C58F39BF-3E73-460D-8354-CDC0C8FCE299}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C8D380CC-E013-434F-99E7-F0C1CF81D9C9}" = lport=138 | protocol=17 | dir=in | app=system | "{F62C275C-21F3-4F1B-BB90-33A9C7169891}" = rport=138 | protocol=17 | dir=out | app=system | "{F8977966-6067-469A-814A-8ECB169E0998}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FE396B2E-6AE7-43AD-AF17-2237083634DC}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{040EC27B-0FF1-4017-BF4B-56F0A929CE7D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{15BAA520-F7E4-44AF-BF74-75B7185F5F69}" = protocol=17 | dir=in | app=e:\itunes\itunes.exe | "{16AE89A4-3AB9-47C9-B17F-C62A5CDE86A5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1AFED853-02B9-4DA1-9C8E-A9A76CB944AE}" = protocol=17 | dir=in | app=h:\dragon age\bin_ship\daupdatersvc.service.exe | "{1EA093C2-E027-46B7-8289-7DF8EE571002}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1F429D47-DD71-4E1D-BF3B-125DB811DE7C}" = protocol=6 | dir=in | app=e:\itunes\itunes.exe | "{232CB5F0-385F-4A5C-B0C2-D15D3E5B461B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{272C1D80-DBB7-427B-9ADA-150132D11AAF}" = protocol=17 | dir=in | app=h:\dragon age\bin_ship\daorigins.exe | "{32B31C88-3757-4B22-898E-13B9B2549E02}" = protocol=17 | dir=in | app=e:\itunes\itunes.exe | "{355BA61A-9BA6-494A-A434-EBEEB6A296C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3AF1C15C-ABA2-4A2A-8342-167361E43239}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3E10F8EB-80D8-4830-9B6D-182821AD204E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3F17AC36-64FB-4A97-B4F7-59DD4A74FF65}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{49FDDE9F-5FD3-4655-9D63-306BE88018F3}" = protocol=6 | dir=in | app=h:\dragon age\bin_ship\daupdatersvc.service.exe | "{4B1F58A6-A19F-43D6-80ED-FE5A4400E37B}" = protocol=17 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | "{531A3C16-285D-469A-AFF3-14DE3025E3C5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{535B32EA-44E9-4325-AE72-792D14957E04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6C7ECF80-A8CF-4998-A490-7CE3C9BA8FDC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{79ACE09E-4B28-4D05-B5F8-45543443ED2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{81A93C69-7751-447B-BE8F-466A12CF6C33}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8271DE81-C206-414F-A06B-281D2D1134A0}" = protocol=17 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | "{8CF3619C-6683-438B-AC40-B62D0439EAD2}" = protocol=6 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | "{9B992961-8EE5-414B-B634-52A2A8E50D08}" = protocol=6 | dir=in | app=h:\dragon age\daoriginslauncher.exe | "{A5153F39-49C3-4B54-B93B-6191D38CC542}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{AB5CF473-3366-4A29-9C90-2F249EF09BE4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AC1E1571-28E6-45F5-9EFA-16B64C27626D}" = protocol=17 | dir=in | app=h:\dragon age\daoriginslauncher.exe | "{B21C6488-3B20-4B04-8C24-1F5967091993}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B9DFC6F0-F1C1-4081-AF29-68A392AC9E40}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{B9EADF42-1349-44B3-ADB1-84A70856373F}" = protocol=6 | dir=in | app=e:\itunes\itunes.exe | "{C9CF3D13-48C3-4135-B75D-97A9B0A79490}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CC374848-2E36-486E-B014-224A8EC1F9EB}" = protocol=6 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | "{CEE2CEE5-2419-434E-812C-3C84F99271C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D0598890-D3FD-4A85-ADBC-4DC3AEBE4BEC}" = protocol=6 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | "{DB80D281-6AE4-46ED-95CD-9621F40CAD47}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{DF83A8E4-F643-4813-A3C3-20E513FC1E9E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DFDCFB5A-3298-48B4-9C28-FFF3EF5F7360}" = protocol=17 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | "{E1B48FEC-179E-4FD8-8686-851768509F1D}" = protocol=6 | dir=in | app=h:\dragon age\bin_ship\daorigins.exe | "{F74EFF74-6D01-4293-AE1B-D5D84AA65262}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{FE8E45EB-B787-46F5-B3DE-B27A6843FEDF}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "TCP Query User{0A39B5EE-D281-4C71-B65E-86DBEB5B9782}H:\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war\w40kwa.exe | "TCP Query User{1198CF6C-DB6A-41BD-AF97-D27B7AEC5C56}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | "TCP Query User{23A4B6D6-F8E8-42E3-8AF0-B8E4213F8A59}H:\crashday\crashday.exe" = protocol=6 | dir=in | app=h:\crashday\crashday.exe | "TCP Query User{370EF042-2B51-4C9A-AFDA-090C582AB484}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{3DB0B79D-A97B-42C8-B0EB-9FDBEE5A0B79}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe | "TCP Query User{406B9CFE-5DAB-422C-9001-A5DC9FA180EE}C:\windows\syswow64\gctray.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\gctray.exe | "TCP Query User{432D332E-6BF0-4E16-AF7D-8E6D6705CDE9}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | "TCP Query User{505B0700-DB66-40D9-B128-A2792587DABC}H:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war - dark crusade\darkcrusade.exe | "TCP Query User{534CECB8-87DD-42D5-AECC-15AEADC75036}E:\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=e:\mozilla\firefox\firefox.exe | "TCP Query User{B1C3A43F-C0F4-43EE-9A51-0D040FE3F8D3}H:\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war\w40k.exe | "TCP Query User{B96CFB42-1677-4C06-BA72-55EC11EA4F9F}E:\nero 9\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=e:\nero 9\nero 9\nero showtime\showtime.exe | "TCP Query User{C171B52D-871C-46D1-9F1D-60205205A9E8}H:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | "TCP Query User{C551CD5E-1F0B-4FCB-B478-5957EA339121}E:\corel\graphics10\register\navbrowser.exe" = protocol=6 | dir=in | app=e:\corel\graphics10\register\navbrowser.exe | "TCP Query User{F14FA226-44BC-4998-826E-F822AE8F7CA7}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | "TCP Query User{F35850B2-9F62-4F88-A0AB-55D0BBA6DF66}E:\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=e:\mozilla\firefox\firefox.exe | "TCP Query User{F3850ED0-D061-4E35-B9E6-ADCBC0975FD2}H:\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=h:\empire interactive\flatout2\flatout2.exe | "TCP Query User{F9ED5B83-E382-48C5-92FF-EDE0FB5DC04D}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe | "UDP Query User{021B35B6-DD84-4836-9D61-563EFF293CBB}E:\nero 9\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=e:\nero 9\nero 9\nero showtime\showtime.exe | "UDP Query User{3DF17AD6-4ED9-4B96-89B3-E8E8DBB030BE}H:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war - dark crusade\darkcrusade.exe | "UDP Query User{51FC9829-B2D5-487C-A165-C1327DCA12CF}H:\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=h:\empire interactive\flatout2\flatout2.exe | "UDP Query User{68F0FA88-5D4B-4C6B-9612-DB1DBC785DF6}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe | "UDP Query User{7EC8A030-487E-4581-8E32-833062AB522F}E:\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=e:\mozilla\firefox\firefox.exe | "UDP Query User{85E11081-44CA-45CC-A8A3-F40246E28520}H:\crashday\crashday.exe" = protocol=17 | dir=in | app=h:\crashday\crashday.exe | "UDP Query User{95E9F817-CF2E-45BE-BF52-0E16E25CC32E}E:\corel\graphics10\register\navbrowser.exe" = protocol=17 | dir=in | app=e:\corel\graphics10\register\navbrowser.exe | "UDP Query User{98101107-67B5-4253-8F68-AEE295BEAE75}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe | "UDP Query User{9C0B181A-8E3F-4456-A619-A01D70856DA3}H:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | "UDP Query User{A0592741-BB47-470D-8C0D-318CCD398D89}E:\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=e:\mozilla\firefox\firefox.exe | "UDP Query User{B9ED0B2B-998C-4A8A-8934-6162674528AB}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | "UDP Query User{BB52CE20-BE40-4018-8412-AC2ACC9433DB}H:\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war\w40k.exe | "UDP Query User{BCCB0042-A58B-4E3F-92C1-AD9DD1FC64CB}H:\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war\w40kwa.exe | "UDP Query User{BF7E9480-0B06-40DE-946D-70810B98E94D}C:\windows\syswow64\gctray.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\gctray.exe | "UDP Query User{C73916CD-A94E-4CC2-89EB-592A1061FC93}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | "UDP Query User{D696E3ED-3D46-477B-A4D8-730C38DC9A1A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{FA42AD73-9AE7-433B-AC66-C6CF880703DA}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416011FF}" = Java(TM) 6 Update 11 (64-bit) "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON Printer and Utilities" = EPSON Printer Software "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker "{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English "{0ce743ca-9750-4b88-91ba-6c009be96f58}" = "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1ed22f3a-49f2-4800-bc7b-912b0c72dfef}" = "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm "{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5 "{2632b9cf-4f34-4f5e-94ab-452c1d0ebf50}" = "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01 "{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0917.1 "{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing "{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista "{5435FF3C-48CF-4B34-85E1-2C95673EB254}" = Dawn of War - Soulstorm "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{65827785-6561-4c68-a9f3-3fd8cc0ef493}" = Nero InCD-Reader "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2 "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common "{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10 "{a06885b6-cb6f-4dae-aa6b-bff1d0a610f0}" = SecurDisc Viewer "{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008 "{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition) "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition "{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static "{CCA3335D-2BA0-4C31-8A90-D6B50CDE452F}" = WISO Mein Geld 2010 Professional "{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{dd55df5e-bd7b-4ef7-87fb-54418ac24c42}" = "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E0B5D570-6CFB-11D1-9D52-0000C01B10EE}" = Xcalibur "{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5 "AVMWLANCLI" = AVM FRITZ!WLAN "AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "CCleaner" = CCleaner "CorelDRAW 10" = CorelDRAW 10 "eDocPrintPro" = eDocPrintPro "FoxyTunesForFirefox" = FoxyTunes for Firefox "Free Studio_is1" = Free Studio version 4.2 "Gothic" = Gothic "Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ImgBurn" = ImgBurn "InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0917.1 "Junction Link Magic_is1" = Junction Link Magic 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Medion GoPal Assistant" = Medion GoPal Assistant 4.03.003 "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5) "NIS" = Norton Internet Security "NIST MS Search and AMDIS" = NIST MS Search and AMDIS "Samsung Universal Print Driver" = Samsung Universal Print Driver "Steam App 500" = Left 4 Dead "UltimateDefrag V1 FREE Public Domain Version" = UltimateDefrag V1 FREE Public Domain Version "Uninstall_is1" = Uninstall 1.0.0.1 "UT3 CBP3 Vol 1" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1 "UT3 CBP3 Vol 2" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2 "UT3 CBP3 Vol 3" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3 "UT3 CBP3 Vol 4" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 4 "Warcraft III" = Warcraft III "WinRAR archiver" = WinRAR "WISO Mein Geld 2010 Professional" = WISO Mein Geld 2010 Professional "XviD" = XviD MPEG-4 Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6) "UT3 CBP3 Vol 1" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1 "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.03.2010 09:28:32 | Computer Name = Egal | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824, Ausnahmecode 0xc0000005, Fehleroffset 0x0002ac0f, Prozess-ID 0x1234, Anwendungsstartzeit 01cac11ebd3ad2e8. Error - 11.03.2010 09:38:39 | Computer Name = Egal | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc, fehlerhaftes Modul atioglxx.dll, Version 6.14.10.9232, Zeitstempel 0x4b0c9a24, Ausnahmecode 0xc0000005, Fehleroffset 0x006d3567, Prozess-ID 0x13e4, Anwendungsstartzeit 01cac11ec74b06b8. Error - 11.03.2010 09:39:15 | Computer Name = Egal | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824, Ausnahmecode 0xc0000005, Fehleroffset 0x0002ac0f, Prozess-ID 0x8f8, Anwendungsstartzeit 01cac1203bcc79f8. Error - 11.03.2010 09:49:32 | Computer Name = Egal | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc, fehlerhaftes Modul atioglxx.dll, Version 6.14.10.9232, Zeitstempel 0x4b0c9a24, Ausnahmecode 0xc0000005, Fehleroffset 0x006d3567, Prozess-ID 0x1154, Anwendungsstartzeit 01cac12043d25ed8. Error - 12.03.2010 02:43:30 | Computer Name = Egal | Source = WinMgmt | ID = 10 Description = Error - 12.03.2010 12:29:51 | Computer Name = Egal | Source = WinMgmt | ID = 10 Description = Error - 12.03.2010 12:37:59 | Computer Name = Egal | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824, Ausnahmecode 0xc0000005, Fehleroffset 0x0002ac0f, Prozess-ID 0x111c, Anwendungsstartzeit 01cac2025d6fdaf3. Error - 13.03.2010 04:11:53 | Computer Name = Egal | Source = WinMgmt | ID = 10 Description = Error - 13.03.2010 04:29:58 | Computer Name = Egal | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Nero 9\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 13.03.2010 13:04:53 | Computer Name = Egal | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 09.01.2010 13:08:37 | Computer Name = Egal | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 22.07.2010 01:01:12 | Computer Name = Egal | Source = Service Control Manager | ID = 7026 Description = Error - 23.07.2010 01:24:09 | Computer Name = Egal | Source = Service Control Manager | ID = 7000 Description = Error - 23.07.2010 01:24:09 | Computer Name = Egal | Source = Service Control Manager | ID = 7026 Description = Error - 23.07.2010 01:33:22 | Computer Name = Egal | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 24.07.2010 03:38:56 | Computer Name = Egal | Source = Service Control Manager | ID = 7000 Description = Error - 24.07.2010 03:38:56 | Computer Name = Egal | Source = Service Control Manager | ID = 7026 Description = Error - 24.07.2010 11:02:18 | Computer Name = Egal | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 25.07.2010 06:20:00 | Computer Name = Egal | Source = Service Control Manager | ID = 7000 Description = Error - 25.07.2010 06:20:01 | Computer Name = Egal | Source = Service Control Manager | ID = 7026 Description = Error - 25.07.2010 06:47:13 | Computer Name = Egal | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. < End of report > |
25.07.2010, 15:23 | #2 |
| Trojan.Win32.Generic!BT nach Internetbetrug gefunden Oh je, hier noch der Inhalt vom Bootkit Remover:
__________________Code:
ATTFilter Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6 002), 64-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00100000 Boot sector MD5 is: aee13e6dcce7de588755e391c3ec8ef7 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive1 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; Press any key to quit... |
25.07.2010, 15:53 | #3 |
/// Malware-holic | Trojan.Win32.Generic!BT nach Internetbetrug gefunden kannst du mir mal den mbr hochladen?
__________________start suchen (ausführen) tippe cmd.exe strg+ großschreibung+enter drücken nachfrage mit ja bestätigen gib dann ein: remover.exe dump \\.\PhysicalDrive0 c:\mbr.mbr programm sollte den mbr nun in eine neue datei schreiben. wenn nicht, kopiere remover.exe nach c:\windows\system32 und noch mal: remover.exe dump \\.\PhysicalDrive0 c:\mbr.mbr dann exit enter auf c: ist nun eine mbr.mbr die hier hochladen: http://www.trojaner-board.de/54791-a...ner-board.html desweiteren rate ich dir an, formatiere den pc, da du mit geld am pc zu tun hast, ist das, meiner meinung nach der sicherste weg, du hast ja schon geld verloren, und möchtest ja sicher unter allen umständen vermeiden, dass das noch mal passiert. hast du denn in einer mail oder so deine zugangsdaten angegeben? oder auf irgend ner website? das problem ist, unter 64 bit stehen uns nicht alle tools zur verfügung, deswegen ist ne prüfung nur bedingt möglich. wenn du anzeige erstattet hast, solltest du vllt, befor du formatierst, bei der polizei anfragen, ob sie n image zur beweissicherung benötigen. du solltest dich dann um die sicherheit deines paypal kontos kümmern. zb gibts hier etwas: https://www.paypal-deutschland.de/si...chluessel.html so desweiteren solltest du dich, falls du online banking betreibst, von deiner bank über sicherere verfahren beraten lassen, die trojaner werden immer besser und daher muss jeder, der wert darauf legt, sein geld zu behalten, mit den gefahren mit gehen. es ist vllt eine investition nötig, kostet aber nicht sonderlich viel und du hast ja selbst erlebt, was passiert. setze nach dem formatieren folgendes um: http://www.trojaner-board.de/74052-s...-internet.html als firewall könntest du zb die comodo nehmen, da sie gute schtzkomponennten bietet, wie zb proactiven schutz, ähnlich wie sonar. um das surfen sicherer zu machen, würde ich Sandboxie empfehlen. http://www.trojaner-board.de/71542-a...sandboxie.html es ist weiterhin zu empfehlen, sich, wenn du mit dem programm auskommst, ne lizenz zu besorgen, die kostet 25 € und ist dein ganzes leben lang gültig, du kannst die weiterhin auf allen pcs in deinem haushalt einsetzen. aus der sandbox kommen 99 % aller trojaner nicht raus, sie sind gelöscht, wenn du die sandbox entleerst. Geändert von markusg (25.07.2010 um 16:01 Uhr) |
25.07.2010, 16:16 | #4 |
| Trojan.Win32.Generic!BT nach Internetbetrug gefunden Danke für die schnelle Antwort: mbr.mbr hab ich Euch soeben hochgeladen Zu deinen Tipps bzw. Fragen: 1) Auf Mails habe ich nicht reagiert, kann eigentlich nur sein, dass Zugangsdaten über die Tastatur mitgeschnitten bzw. geklaut worden sind. 2) Polizei hat mir schon jegliche Hoffnung genommen, IP-Adressen können sie nur noch nach wirklichen Kapitalverbrechen vernünftig nutzen; der Beamte hat mir jegliche Hoffnung genommen, dass Verfahren wird schon bald eingestellt, den Rechner wollte er nicht haben; 2) Den Sicherheitsschlüssel bei PayPal hab ich sofort danach, aber eben erst danach eingeführt; da PayPal bei mir die einzige Schwachstelle ist, werde ich meinen Account trotzdem kündigen 3) Bin der Meinung, dass meine Vorkehrungen ansonsten gut sind; Überweisungen EC nur über HBCI mit Chipkarte und externem Pin-Pad; 4) Hab nun Norton Internet Security 2010 drauf, selbiges fungiert nun auch als Firewall und ist unter dem Sicherheitszenter auch eingetragen; ein Programm (OTL?) hat allerdings keine Firewall angezeigt, das fand ich auch komisch 5) Sandboxie werde ich beherzigen: Arbeitet das Programm denn vernünftig mit meiner jetzigen Antivir (Norton Internet Security) zusammen? Gibt es denn trotz Vista eine Chance das Formatieren zu umgehen? Da hab ich echt Panik vor, bei den ganzen Partitionen, Bildern und Daten. Gruss Fishburne |
25.07.2010, 17:08 | #5 |
/// Malware-holic | Trojan.Win32.Generic!BT nach Internetbetrug gefunden 2) Den Sicherheitsschlüssel bei PayPal hab ich sofort danach, aber eben erst danach eingeführt; da PayPal bei mir die einzige Schwachstelle ist, werde ich meinen Account trotzdem kündigen der account sollte nun sicher sein und mit Sandboxie bist du dann noch sicherer. 3) Bin der Meinung, dass meine Vorkehrungen ansonsten gut sind; Überweisungen EC nur über HBCI mit Chipkarte und externem Pin-Pad; ok, dann bist du in der hinsicht optimal geschützt denke ich, das ist aber kaum irgendwer. berücksichtige trotzdem den andern link, dein schutz muss noch weiter optimiert werden 4. firewall sollte laufen, otl zeigt das in prozessen bzw drivern an. 5. ja tut es aja noch ne anmerkung, du nutzt ja die nis, da brauchst du dann doch kein comodo. wegen der format frage, das beste ists zu formatieren, du musst ja nur c: formatieren, übrigens ist da sowieso kaum platz das ist auch nicht sonderlich günstig :-) Drive C: | 35,54 Gb Total Space | 0,55 Gb Free Space | 1,54% Space Free | Partition Type: NTFS nur noch 500 mb |
25.07.2010, 17:16 | #6 | |
| Trojan.Win32.Generic!BT nach Internetbetrug gefundenZitat:
Ich weiß das Limux am sichersten ist, aber was würdest du von Seiten MS empfehlen Vista oder 7? Wann kann ich denn mit einer Auswertung bezgl. der LogFiles+MBR rechnen? Gruss Fishburne |
25.07.2010, 17:31 | #7 |
/// Malware-holic | Trojan.Win32.Generic!BT nach Internetbetrug gefunden das log sehe ich mir erst mal noch nicht an, da wir ja noch übers formatieren reden, es reicht c: zu formatieren, die andern partitionen können so bleiben wie sie sind. ich würd dann, wenn du die möglichkeit hast, auf windows7 wechseln. naja das platzproblem könnte dann schon gelöst es kommt ja darauf an ob dann die gleiche menge an programmen etc instaliert wird. |
25.07.2010, 17:33 | #8 |
| Trojan.Win32.Generic!BT nach Internetbetrug gefunden Auf C ist eigentlich nur Windows, die Partition ist recht klein gewählt, alle Programme sind bei mir unter E: Ich frag nur deshalb nach den Logs weil ich immer noch die leise Hoffnung habe, das Formatieren zu vermeiden! :-) Gruss Fishburne |
25.07.2010, 17:42 | #9 |
/// Malware-holic | Trojan.Win32.Generic!BT nach Internetbetrug gefunden wenn du nen vertrauenswürdiges system haben willst, mit dem online zahlungen möglich sein sollen dann, eher nicht. evtl. solltest du dir zusätzlich ein imageprogramm wie true image zulegen, damit du nächstes mal das formatieren sparen kannst und das system zurücksetzen kannst |
Themen zu Trojan.Win32.Generic!BT nach Internetbetrug gefunden |
64-bit, acroiehelper.dll, ad-aware, adblock, alternate, avira, c:\windows\system32\rundll32.exe, components, converter, desktop, downloader, e-banking, ebay, error, excel, festplatte, firefox, firefox.exe, hijack, hijackthis, home, home premium, iexplore.exe, install.exe, intrusion prevention, kaspersky, kreditkarte, langs, location, media center, microsoft office word, mozilla thunderbird, mp3, msvcp90.dll, ntdll.dll, office 2007, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, richtlinie, safer networking, scan, schattenkopien, security, security update, senden, shell32.dll, shortcut, software, sparbuch, studio, symantec, syswow64, trojan.win32.generic, trojan.win32.generic!bt, trojaner, version. |