| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Postbank Trojaner, 40 Tan's eingebenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2010, 23:36
| #1 |
| |  Postbank Trojaner, 40 Tan's eingeben Hi an alle, wie andere auch hat mich heute der Trojaner erwischt, der nach dem Login die Eingabe von 40 Tans will. Folgender Text erscheint mit den Feldern für die Tan-Eingabe: "Zur Zeit befindet sich eine neue Online Banking Anwendung in der Testphase, wodurch einige Kundendaten teilweise beschädigt wurden. Aus diesem Grund bitten wir Sie, 40 TAN's einzugeben, damit Sie Online Banking weiterhin nutzen könnten." Die Online-PIN für das Konto habe ich über einen anderen Rechner sofort geändert, bei der Bank rufe ich gleich morgen an. Jetzt hab ich schon bei einigen anderen Threads gelesen, die das selbe Problem betrifft, dass komplettes Formatieren das sinnvollste ist. Ich wäre auch bereit alles komplett plattzumachen, ich weiß nur nicht wie, sodass zu 100% nichtsmehr drauf ist! Vor ca. 2 Wochen hat sich der PC ab und zu nach kurzer Meldung selbst heruntergefahren. Anbei die Logs von RSIT und Malware RSIT log PHP-Code: PHP-Code: Malware PHP-Code: Vielen Dank schonmal für eure Hilfe!!!! |
|
03.08.2010, 23:55
| #2 |
| /// Selecta Jahrusso   | Postbank Trojaner, 40 Tan's eingeben Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Könntest Du die Logfiles einfach normal hier posten ? start --> ausführen --> notepad (reinschreiben) Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter @echo off
cd "%systemdrive%"
tskill Lytahuez >nul
tskill Axdizudtu >nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "{9599B891-B3AB-01EE-9996-FF90B901626D}" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "{61E40788-7B4F-0725-7BBE-93A23B993E42}" /f
del /f /q "%appdata%\Axdizudtu.exe"
del /f /q "%appdata%\Lytahuez.exe"
del %0
Wähle bei Dateityp alle Dateien aus. Doppelklich auf die file.bat. Vista- User: Mit Rechtsklick "als Administrator starten" Rechner neu starten Schritt 2 Downloade Dir bitte Load.exe
Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf. Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________ |
|
04.08.2010, 00:52
| #3 |
| | Postbank Trojaner, 40 Tan's eingeben Hi, danke für deine schnelle Hilfe um die Uhrzeit!!!
__________________Also hab alles wie beschrieben gemacht, allerdings ist mir Gmer.exe beim Scannen nach gut 2min. abgeschmiert. Es kam das Fenster von Vista "Programm funktioniert nichtmehr" Als nächstes kam dann ein Fehler "CCC.exe Debugger fehlt"; die Meldung war nur kurz zu sehn, der Rechner ist dann abgestürzt. Ich habe mich allerdings strikt an die Anweisungen gehalten: AntiVir deaktiviert, Programme und unnötige Prozesse (zb. "iTunesHelper") geschlossen. Malware Log Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4386 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 04.08.2010 01:29:32 mbam-log-2010-08-04 (01-29-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 130226 Laufzeit: 7 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Viele Grüße |
|
04.08.2010, 00:58
| #4 |
| | Postbank Trojaner, 40 Tan's eingeben Doppelpost (Firefox abgestürzt) |
|
04.08.2010, 10:26
| #5 |
| /// Selecta Jahrusso | Postbank Trojaner, 40 Tan's eingeben Versuch GMER bitte im abgesicherten Modus. Entferne den Hacken rechts bei Sections und IAT/EAT. Ich bräuchte auch die OTL Logfiles 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
04.08.2010, 13:02
| #6 |
| | Postbank Trojaner, 40 Tan's eingeben Hi, so jetzt versuch ich zum 4. mal was zu posten, hoffentlich klappts! Also Gmer.exe stürzt beim Punkt "Volume Shadow Copy1" ab. Auch wenn ichs ohne Sections und IAT/EAT laufen lass. Der abgesicherte Modus funktioniert auch nich wie er sollte...es wird zwar geladen, aber es erscheint nur ein schwarzer Bildschrim mit einer niedrig-aufgelösten Maus. Nach ca. ner halben Minute bootet der PC dann selbstständig neu! Hier mal die Logs von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.08.2010 13:14:10 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tob\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 38,46 Gb Free Space | 13,34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 232,83 Gb Total Space | 83,88 Gb Free Space | 36,03% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOB-PC Current User Name: Tob Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.04 01:16:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tob\Desktop\MFTools\OTL.exe PRC - [2010.07.02 15:09:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009.12.09 01:18:08 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.11.15 20:31:08 | 000,049,152 | ---- | M] () -- C:\TOOLS\VPN Alt. - Connector\dtpd.exe PRC - [2009.11.15 20:29:10 | 000,716,800 | ---- | M] () -- C:\TOOLS\VPN Alt. - Connector\iked.exe PRC - [2009.11.15 20:26:42 | 000,536,576 | ---- | M] () -- C:\TOOLS\VPN Alt. - Connector\ipsecd.exe PRC - [2009.09.22 19:29:54 | 001,528,320 | ---- | M] (Elgato Systems) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2009.06.22 02:46:17 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.06.14 23:12:28 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.06.14 23:12:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.06.14 22:09:50 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.05.15 22:39:46 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.05.15 22:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.05.15 22:39:44 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.29 19:56:28 | 000,176,128 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWR.exe PRC - [2009.04.29 17:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 06:11:16 | 007,399,968 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.04.11 04:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2009.04.09 02:56:14 | 001,071,624 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.04.02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe PRC - [2009.04.02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Programme\AskBarDis\bar\bin\AskService.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.12 02:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.12 02:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.09.23 14:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (SafeList) ========== MOD - [2010.08.04 01:16:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tob\Desktop\MFTools\OTL.exe MOD - [2009.09.25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.05.15 22:40:08 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll MOD - [2009.05.14 23:03:00 | 000,268,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\sysenv.dll MOD - [2009.05.14 23:02:48 | 000,120,104 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\PSDProtect.dll MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2009.04.11 08:28:22 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2009.04.11 08:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.04.11 08:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.21 04:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.21 04:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll MOD - [2008.01.21 04:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll ========== Win32 Services (SafeList) ========== SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.09 01:18:08 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.11.15 20:31:08 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\TOOLS\VPN Alt. - Connector\dtpd.exe -- (dtpd) SRV - [2009.11.15 20:29:10 | 000,716,800 | ---- | M] () [Auto | Running] -- C:\TOOLS\VPN Alt. - Connector\iked.exe -- (iked) SRV - [2009.11.15 20:26:42 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\TOOLS\VPN Alt. - Connector\ipsecd.exe -- (ipsecd) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.19 22:23:36 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331) SRV - [2009.06.14 23:12:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.05.15 22:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.29 17:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2009.04.11 04:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009.04.02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade) SRV - [2009.04.02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Programme\AskBarDis\bar\bin\AskService.exe -- (ASKService) SRV - [2009.02.12 02:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.09.23 14:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008.09.23 14:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2009.12.09 01:18:08 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.19 02:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt) DRV - [2009.11.19 02:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet) DRV - [2009.11.08 23:12:31 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.07.22 16:02:46 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.22 16:02:46 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.14 23:47:20 | 004,989,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009.06.14 22:23:10 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.06.14 22:09:50 | 004,740,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 16:46:08 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2009.05.05 16:46:08 | 000,014,336 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.04.11 02:50:12 | 002,358,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.04.01 21:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.26 21:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2009.02.21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.12 02:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2009.02.06 20:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.12.02 22:48:18 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.10.09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.10.09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.10.09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.02 00:27:34 | 000,456,096 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700) DRV - [2008.04.17 10:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.08.22 15:26:32 | 000,018,448 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZCinema_SRS_i386.sys -- (ZCinema_TSHD) DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://simple.fatal-vortex.de/user_login.fv" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.02 15:10:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\TOOLS\Firefox - Browser\components [2010.07.25 20:23:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\TOOLS\Firefox - Browser\plugins [2010.07.25 20:23:47 | 000,000,000 | ---D | M] [2009.07.20 15:11:24 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\mozilla\Extensions [2010.08.03 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\mozilla\Firefox\Profiles\1gulekis.default\extensions [2010.05.01 15:29:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tob\AppData\Roaming\mozilla\Firefox\Profiles\1gulekis.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.21 21:55:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Tob\AppData\Roaming\mozilla\Firefox\Profiles\1gulekis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.30 01:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tob\AppData\Roaming\mozilla\Firefox\Profiles\1gulekis.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.05 20:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tob\AppData\Roaming\mozilla\Firefox\Profiles\1gulekis.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\TOOLS\TerraTec Home Cinema - DVB-T\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\TOOLS\iTunes - Ipod\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{61E40788-7B4F-0725-7BBE-93A23B993E42}] C:\Users\Tob\AppData\Roaming\Axdiz\udtu.exe (Zhjln Orftvii Fockjn) O4 - HKCU..\Run: [MoRUN.net Sticker Lite] C:\Programme\MoRUN.net\StickerLite\sticker.exe (MoRUN.net) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - Startup: C:\Users\Tob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk = C:\Users\Tob\AppData\Roaming\Microsoft\Installer\{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe (Macrovision Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tob\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Tob\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tob\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a5856d68-ccab-11de-89d0-001f16a5aeeb}\Shell - "" = AutoRun O33 - MountPoints2\{a5856d68-ccab-11de-89d0-001f16a5aeeb}\Shell\AutoRun\command - "" = D:\Borderlands.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.08.04 01:21:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.04 01:21:12 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.04 01:14:06 | 000,000,000 | ---D | C] -- C:\Users\Tob\Desktop\MFTools [2010.08.04 00:07:32 | 000,000,000 | ---D | C] -- C:\Users\Tob\AppData\Roaming\Malwarebytes [2010.08.04 00:07:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.04 00:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.04 00:07:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.04 00:07:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.04 00:04:21 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.04 00:04:20 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.30 01:13:00 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.29 11:11:26 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2010.07.28 20:19:23 | 000,069,632 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.07.28 20:16:17 | 000,000,000 | ---D | C] -- C:\Programme\Starcraft [2010.07.28 13:50:10 | 000,000,000 | ---D | C] -- C:\Users\Tob\AppData\Roaming\CyberLink [2010.07.28 13:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2010.07.28 13:50:07 | 000,000,000 | ---D | C] -- C:\Users\Tob\Documents\CyberLink [2010.07.23 15:03:39 | 000,000,000 | ---D | C] -- C:\Users\Tob\AppData\Roaming\Leadertech [2010.07.23 15:02:44 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.07.23 15:02:12 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010.07.19 11:35:57 | 000,000,000 | ---D | C] -- C:\Programme\MoRUN.net [2010.07.13 20:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.07 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Tob\AppData\Local\AOL [2010.07.07 10:17:26 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.07.04 23:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.07.04 23:32:41 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.07.04 23:28:08 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.07.04 15:40:25 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.07.02 15:10:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared [2010.07.02 15:09:59 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.07.02 15:09:58 | 000,000,000 | ---D | C] -- C:\Programme\Real [2010.07.02 15:09:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real [2010.07.02 15:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010.07.02 15:09:53 | 000,000,000 | ---D | C] -- C:\Users\Tob\AppData\Roaming\Real [2010.06.30 01:05:10 | 000,000,000 | ---D | C] -- C:\Users\Tob\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.30 01:04:34 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2009.06.22 12:26:47 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 90 Days ========== [2010.08.04 13:14:11 | 003,407,872 | -HS- | M] () -- C:\Users\Tob\NTUSER.DAT [2010.08.04 13:10:57 | 000,002,535 | ---- | M] () -- C:\Users\Tob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk [2010.08.04 13:10:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.04 13:10:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 13:10:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.04 13:10:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 13:10:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.04 13:09:21 | 3147,608,064 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 13:09:16 | 297,487,569 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.04 13:07:02 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.04 13:07:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.04 13:07:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.04 13:07:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.04 13:07:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.04 12:52:00 | 000,524,288 | -HS- | M] () -- C:\Users\Tob\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.04 12:52:00 | 000,065,536 | -HS- | M] () -- C:\Users\Tob\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.04 12:51:58 | 002,589,139 | -H-- | M] () -- C:\Users\Tob\AppData\Local\IconCache.db [2010.08.04 01:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.04 01:21:13 | 000,000,737 | ---- | M] () -- C:\Users\Tob\Desktop\NTREGOPT.lnk [2010.08.04 01:21:13 | 000,000,718 | ---- | M] () -- C:\Users\Tob\Desktop\ERUNT.lnk [2010.08.04 01:16:33 | 000,284,915 | ---- | M] () -- C:\Users\Tob\Desktop\Gmer.zip [2010.08.04 01:12:39 | 000,410,784 | ---- | M] () -- C:\Users\Tob\Desktop\Load.exe [2010.08.04 00:07:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 12:38:30 | 000,184,320 | ---- | M] () -- C:\Users\Tob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.31 18:19:35 | 010,940,544 | R--- | M] () -- C:\Users\Tob\Desktop\la-sprung-wurf-stoß.pdf [2010.07.30 01:14:07 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.29 22:42:55 | 000,059,264 | ---- | M] () -- C:\Users\Tob\Documents\2836_172753335004_631765004_6652734_7639776_n.jpg [2010.07.29 22:42:05 | 000,047,513 | ---- | M] () -- C:\Users\Tob\Documents\2836_172753360004_631765004_6652736_1984299_n.jpg [2010.07.29 11:16:20 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic V.lnk [2010.07.29 11:10:35 | 000,000,001 | ---- | M] () -- C:\Windows\System32\SI.bin [2010.07.28 20:30:07 | 000,030,439 | ---- | M] () -- C:\Windows\scunin.dat [2010.07.28 20:30:06 | 000,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2010.07.28 20:30:06 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif [2010.07.27 17:45:33 | 000,041,984 | ---- | M] () -- C:\Users\Tob\Desktop\Nacherfüllung.doc [2010.07.27 17:45:24 | 000,019,570 | ---- | M] () -- C:\Users\Tob\Desktop\Nacherfüllung.docx [2010.07.27 11:25:10 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.07.23 15:02:46 | 000,001,932 | ---- | M] () -- C:\Users\Tob\Desktop\Z Cinema.lnk [2010.07.21 16:45:38 | 000,036,310 | ---- | M] () -- C:\Users\Tob\Documents\cc_20100721_164531.reg [2010.07.16 17:17:22 | 000,291,185 | R--- | M] () -- C:\Users\Tob\Documents\VWL_Makro_zusammenfassung.pdf [2010.07.16 17:13:01 | 004,235,621 | R--- | M] () -- C:\Users\Tob\Documents\einfach-lernen-makrokonomie.pdf [2010.07.09 14:08:42 | 000,002,032 | ---- | M] () -- C:\Users\Tob\AppData\Local\d3d9caps.dat [2010.07.08 16:39:28 | 000,187,906 | ---- | M] () -- C:\Users\Tob\Documents\Reagibilitäten Makro.PDF [2010.07.08 15:34:17 | 000,117,989 | ---- | M] () -- C:\Users\Tob\Documents\Makro MC Liste.PDF [2010.07.08 15:31:24 | 000,028,993 | ---- | M] () -- C:\Users\Tob\Documents\makro klausur+lösung.PDF [2010.07.04 15:40:27 | 000,000,808 | ---- | M] () -- C:\Users\Tob\Desktop\CCleaner.lnk [2010.07.02 15:10:48 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010.07.02 15:09:59 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.06.30 01:05:06 | 000,001,036 | ---- | M] () -- C:\Users\Tob\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.22 15:50:33 | 000,011,059 | ---- | M] () -- C:\Users\Tob\Documents\Mappe1.xlsx [2010.06.22 14:06:09 | 000,298,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.03 10:47:40 | 000,024,576 | ---- | M] () -- C:\Users\Tob\Desktop\Volleyball Profil.xls ========== Files Created - No Company Name ========== [2010.08.04 01:34:04 | 297,487,569 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.08.04 01:30:12 | 000,293,376 | ---- | C] () -- C:\Users\Tob\Desktop\gmer.exe [2010.08.04 01:21:13 | 000,000,737 | ---- | C] () -- C:\Users\Tob\Desktop\NTREGOPT.lnk [2010.08.04 01:21:13 | 000,000,718 | ---- | C] () -- C:\Users\Tob\Desktop\ERUNT.lnk [2010.08.04 01:14:10 | 000,284,915 | ---- | C] () -- C:\Users\Tob\Desktop\Gmer.zip [2010.08.04 01:12:38 | 000,410,784 | ---- | C] () -- C:\Users\Tob\Desktop\Load.exe [2010.08.04 00:07:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.31 18:19:35 | 010,940,544 | R--- | C] () -- C:\Users\Tob\Desktop\la-sprung-wurf-stoß.pdf [2010.07.30 01:14:07 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.29 22:42:55 | 000,059,264 | ---- | C] () -- C:\Users\Tob\Documents\2836_172753335004_631765004_6652734_7639776_n.jpg [2010.07.29 22:42:04 | 000,047,513 | ---- | C] () -- C:\Users\Tob\Documents\2836_172753360004_631765004_6652736_1984299_n.jpg [2010.07.29 11:16:20 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic V.lnk [2010.07.29 11:10:35 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010.07.28 20:19:25 | 000,030,439 | ---- | C] () -- C:\Windows\scunin.dat [2010.07.28 20:19:23 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif [2010.07.27 17:45:31 | 000,041,984 | ---- | C] () -- C:\Users\Tob\Desktop\Nacherfüllung.doc [2010.07.27 17:45:23 | 000,019,570 | ---- | C] () -- C:\Users\Tob\Desktop\Nacherfüllung.docx [2010.07.23 15:02:46 | 000,002,535 | ---- | C] () -- C:\Users\Tob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk [2010.07.23 15:02:46 | 000,001,932 | ---- | C] () -- C:\Users\Tob\Desktop\Z Cinema.lnk [2010.07.21 16:45:33 | 000,036,310 | ---- | C] () -- C:\Users\Tob\Documents\cc_20100721_164531.reg [2010.07.16 17:17:27 | 000,291,185 | R--- | C] () -- C:\Users\Tob\Documents\VWL_Makro_zusammenfassung.pdf [2010.07.16 17:13:01 | 004,235,621 | R--- | C] () -- C:\Users\Tob\Documents\einfach-lernen-makrokonomie.pdf [2010.07.08 16:40:00 | 000,187,906 | ---- | C] () -- C:\Users\Tob\Documents\Reagibilitäten Makro.PDF [2010.07.08 15:34:42 | 000,117,989 | ---- | C] () -- C:\Users\Tob\Documents\Makro MC Liste.PDF [2010.07.08 15:31:48 | 000,028,993 | ---- | C] () -- C:\Users\Tob\Documents\makro klausur+lösung.PDF [2010.07.04 15:40:27 | 000,000,808 | ---- | C] () -- C:\Users\Tob\Desktop\CCleaner.lnk [2010.07.02 15:10:48 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010.06.03 10:47:39 | 000,024,576 | ---- | C] () -- C:\Users\Tob\Desktop\Volleyball Profil.xls [2010.05.31 11:52:07 | 000,011,059 | ---- | C] () -- C:\Users\Tob\Documents\Mappe1.xlsx [2010.01.09 21:46:27 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2009.12.25 19:07:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.11.08 23:12:30 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.07.23 16:34:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.22 18:33:18 | 000,000,281 | ---- | C] () -- C:\Windows\game.ini [2009.07.22 16:02:46 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.22 16:02:46 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.06.22 12:18:44 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2009.06.22 02:57:59 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.06.22 02:46:31 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2009.04.01 02:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.04.01 02:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.04.01 02:46:05 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.04.01 02:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.04.17 10:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2006.12.09 04:54:38 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugg1l3.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009.07.19 23:14:47 | 000,000,000 | -HSD | M] -- C:\Users\Tob\AppData\Roaming\.# [2009.12.15 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Acer [2009.04.08 20:21:40 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Acer GameZone Console [2009.12.13 14:59:58 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Ascaron Entertainment [2009.11.19 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Axdiz [2010.07.23 00:36:10 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Azureus [2009.11.08 23:21:02 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\DAEMON Tools Pro [2010.06.30 01:05:10 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.20 16:28:51 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\eSobi [2010.08.04 12:50:54 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\ICQ [2010.07.29 10:39:55 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Iheb [2009.11.04 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\JCreator [2010.07.23 15:03:39 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Leadertech [2010.07.29 23:59:49 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Lyta [2009.10.28 19:58:12 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Octoshape [2009.07.20 15:00:03 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\QIP [2009.07.26 14:45:49 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\TerraTec [2009.07.22 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Ubisoft [2010.08.04 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Tob\AppData\Roaming\Yxewa [2010.08.04 12:52:15 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008.02.06 01:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.08.04 13:09:21 | 3147,608,064 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 13:09:16 | 3461,197,824 | -HS- | M] () -- C:\pagefile.sys [2009.06.20 10:32:16 | 000,015,911 | -HS- | M] () -- C:\Patch.rev [2009.06.22 12:26:50 | 000,000,192 | RHS- | M] () -- C:\Preload.rev [2009.06.22 02:42:39 | 000,002,581 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.30 23:49:52 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.01.21 04:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2006.12.09 04:54:16 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\sugg1pc.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2008.12.05 00:19:40 | 000,308,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-04 10:51:53 ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3064D21D < End of report > |
|
04.08.2010, 13:05
| #7 |
| | Postbank Trojaner, 40 Tan's eingeben Extras LOG OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.08.2010 13:14:10 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tob\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 38,46 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232,83 Gb Total Space | 83,88 Gb Free Space | 36,03% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOB-PC
Current User Name: Tob
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\TOOLS\Firefox - Browser\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\TOOLS\VLC - Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\TOOLS\VLC - Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B9C0F9-2BB5-4253-8408-83B58D5275D2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{077B9185-90D9-45EE-A5E7-B86129BD6BFB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0D0E3822-9571-4313-95C3-5E1D4C490D55}" = rport=137 | protocol=17 | dir=out | app=system |
"{2A962130-D730-4641-A6A9-91228E6FEF67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3596825D-F768-40CA-B40C-63969CD74CB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FBAF46C-B89F-4400-AFA7-81BEE82A8604}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4210EDA7-BBCC-4847-82BF-FE60EC995B4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{6AD1BA8D-0078-4ADD-A072-D8F1DDE0581B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{751E0560-7D01-45E3-8451-37BEE210988F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7972DD4C-515A-4818-A191-7447D7DA508C}" = rport=139 | protocol=6 | dir=out | app=system |
"{83C90FE1-3799-41F4-AF59-97E2A1F11624}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A52AC74-FC77-48DD-95CB-BE1C2C3B72DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C37A2EA-57A4-44EB-B43E-E8E78012786E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D1571D9-3739-46C0-B6FA-394856D15EE4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F242D7E-5580-4EC1-BA8B-4F566BE2E225}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9ED3DC09-FB19-4FCA-A52F-D82AC806BE4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F2DD93F-C408-4A90-BECC-FE5BC4EC8385}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B7AECB67-EDAC-442A-9F1A-021FE7847DB1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B973B9D7-7983-440A-8624-978348A0919A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C15D8103-4455-4AD5-814A-2F60341D90A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{C3C67A11-7BFC-48D3-925B-689943770BC1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D225118B-AE4E-427F-A5E7-21F3BBC2B28A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3B27969-DCA8-4661-A0F5-E01B6D69F44A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E60F38D2-26B1-4479-9428-F33473FAC373}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EE1CE2CC-90D9-4FC3-9EE9-EF746839A272}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1EEC5C1-C1A0-4D49-A025-82BDEC70C033}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F26B31FD-AA7D-4C64-A989-DB931F05FA3D}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5080C5A-38B9-44F1-98DB-83540EA8C6C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F07D2B-0659-4979-9693-481E25D525C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0956670A-D103-4482-B89F-FF4F131A3537}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0A5AE0FA-E472-4393-B979-D3CCB94A9C6B}" = protocol=6 | dir=in | app=c:\tools\itunes - ipod\itunes.exe |
"{1213B9CB-AA9E-4520-AA8C-0410E4EB3401}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{13928713-18D2-4371-9261-B929817D7940}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1696AE61-A1D5-4096-B3BE-06146875F469}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{172B75C8-1920-4C5D-BDB0-9F43FE08AB86}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1C0C3D0A-86F7-43EE-9689-693FEF231110}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1CB5BCC5-288D-47E1-A4F4-82689D29D71A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{217BAF05-0307-4AFF-BE70-10C22DBE3C43}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{221F7CDC-3F76-479A-84C3-D39EEDD36D09}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2DCB8C26-A974-4599-9EE4-81A981F99CC0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3347C064-B59E-4307-BCB6-F665D98A7820}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{384B1BF3-40C8-40D6-A856-8923DCA98507}" = protocol=6 | dir=in | app=c:\games\anno1404 - demo\tools\benchmark.exe |
"{3A204B4B-0B1D-4094-8345-EE9F9BD5A731}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FAD6E5C-C8B8-46B8-B817-E93EB4BBAD9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4122F383-1AB3-4F7C-8C3E-5C9B41AA51F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4293BC2B-2187-421D-8D05-F809F64B157E}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{44974B93-7A2D-450C-8B8C-9C7ED223EDF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{455DAB52-5EED-4944-B30E-93DB73AD59DD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4AE295B1-606C-465F-9A97-AFD4A07F89E5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{521A710D-1585-4C80-B83B-1E5791FD3E31}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5663F339-5C25-4D85-80FD-D88D44DD7CCC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{61E796A0-B1D5-4E5F-A901-7BC4663FC504}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{661D9833-DE3C-48CE-81A9-2C86369E569E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67EF2014-5625-484E-974B-30B0789CB88A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{75D18523-5092-491F-B7D5-C9924163F172}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{7B1F9D89-C0DD-4DA5-831C-01104D7E2292}" = protocol=6 | dir=in | app=c:\tools\itunes - ipod\itunes.exe |
"{7B27BC8D-B3B2-4AE0-84E5-1A40CA9C118E}" = protocol=17 | dir=in | app=c:\games\anno1404 - demo\tools\benchmark.exe |
"{7B4B98CB-C3EB-4186-A514-07CB586687B8}" = protocol=17 | dir=in | app=c:\games\sacred 2\system\sacred2.exe |
"{7CCA114E-7F1E-4201-9249-1592C58FB105}" = protocol=17 | dir=in | app=c:\tools\terratec home cinema - dvb-t\insttool.exe |
"{7FC09488-DD3D-4275-9220-5E7139001FE8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{833FD8DF-04C0-48E9-948F-9B4B765AFB2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F115C76-FAE1-4923-BBF7-A564842CC123}" = protocol=6 | dir=in | app=c:\games\sacred 2\system\sacred2.exe |
"{9059E77F-AF60-41D8-BFE0-A61C6A378DED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{91236E16-E5D4-4E2D-BBA0-FC6A988743EB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{914D1763-6067-4ED0-95D9-356776CA9407}" = protocol=6 | dir=in | app=c:\games\sacred 2\system\s2gs.exe |
"{9F05290D-0D73-4A99-AC42-9B59996FD82F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A24ED176-1D5C-4A38-86D9-0B95852A7B15}" = protocol=6 | dir=in | app=c:\games\anno1404 - demo\anno4.exe |
"{A52E8F37-A281-41BB-A942-73CC7B2323EC}" = protocol=17 | dir=in | app=c:\tools\itunes - ipod\itunes.exe |
"{ABE53C14-6E2D-4CCD-B991-751A6EBD5585}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD5678BB-7D29-4A8B-872C-BEBBF72C8E92}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AE42203B-94F8-4A94-8AC4-A4F96A3F70B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{BD15B8FC-8ADF-4C22-B9E1-2090CF0BF4D9}" = protocol=6 | dir=in | app=c:\tools\terratec home cinema - dvb-t\cinergydvr.exe |
"{BD38BE55-14CC-4928-BE42-EB21E7527E00}" = protocol=17 | dir=in | app=c:\tools\terratec home cinema - dvb-t\cinergydvr.exe |
"{C0F4A603-5B87-474A-9A3B-54B25720C6D6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C68F69A2-5142-4E9B-9CF5-7672170F6DAD}" = protocol=17 | dir=in | app=c:\games\sacred 2\system\s2gs.exe |
"{C778DC4A-570A-4375-8CDB-E71B054F48A3}" = protocol=17 | dir=in | app=c:\tools\terratec home cinema - dvb-t\tvtvsetup\tvtv_wizard.exe |
"{CA53BB30-C0C1-48D4-8E84-3064D514F6B5}" = protocol=6 | dir=in | app=c:\tools\terratec home cinema - dvb-t\tvtvsetup\tvtv_wizard.exe |
"{CEDA5F8E-708A-441E-BE28-89E77431ADD5}" = protocol=17 | dir=in | app=c:\tools\itunes - ipod\itunes.exe |
"{DBED485C-5D15-4DBA-A0FA-AA1ACDF872A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF71D745-E655-4156-9955-A74FBFC2082B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F3C5BC56-5207-461B-B47E-06707157029E}" = protocol=17 | dir=in | app=c:\games\anno1404 - demo\anno4.exe |
"{F6B5A9FA-C4C6-46F1-9CCF-26FEB2F5BA6F}" = protocol=6 | dir=in | app=c:\tools\terratec home cinema - dvb-t\insttool.exe |
"TCP Query User{0A7C6547-87B0-4209-9B8B-A287EBCB501A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{13E19AAF-8262-454C-90E1-BED5895735A7}C:\games\rise and fall\riseandfall.exe" = protocol=6 | dir=in | app=c:\games\rise and fall\riseandfall.exe |
"TCP Query User{197ABF14-DD70-45C8-B8CD-C38E9416D7D3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{29975C3E-FC03-409E-9212-0F04E9D11A85}C:\tools\vuze - torrent\azureus.exe" = protocol=6 | dir=in | app=c:\tools\vuze - torrent\azureus.exe |
"TCP Query User{34CF053D-3F90-4BD9-BE2B-7023B7EC2229}C:\tools\firefox - browser\firefox.exe" = protocol=6 | dir=in | app=c:\tools\firefox - browser\firefox.exe |
"TCP Query User{353B1D51-B1A9-439E-9116-E00DD797B80C}C:\users\tob\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\tob\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{3B1E7B92-28EC-4F48-A3A6-ED87C061682B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{3C1AC6EB-AB11-453E-B270-E4E2B640DC47}C:\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\games\borderlands\binaries\borderlands.exe |
"TCP Query User{4685CCE1-F797-4CC8-BE61-32151E106BBE}C:\tools\icq - messenger\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\tools\icq - messenger\icq6.5\icq.exe |
"TCP Query User{630F6005-06B9-4C4A-99D7-AA89978F931A}C:\tools\icq - messenger\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\tools\icq - messenger\icq6.5\icq.exe |
"TCP Query User{63AE365F-D494-4C81-B404-45183D3194CD}C:\tools\firefox - browser\firefox.exe" = protocol=6 | dir=in | app=c:\tools\firefox - browser\firefox.exe |
"TCP Query User{65DF8C0C-B4A4-4877-A59A-FAA0980114E7}C:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe |
"TCP Query User{7AF20748-0296-436F-B5A1-E104DCCF9085}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{86EEFDF4-FD95-4211-B0BF-60A09BF3A3F2}C:\games\sacred 2\system\s2gs.exe" = protocol=6 | dir=in | app=c:\games\sacred 2\system\s2gs.exe |
"TCP Query User{8CEE3030-1266-4E67-BEDF-1E02E03AEE79}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{910EB437-3CA6-4FF9-9821-724A7D616DB8}C:\games\cnc zh\game.dat" = protocol=6 | dir=in | app=c:\games\cnc zh\game.dat |
"TCP Query User{94C576FC-B70E-4B58-A66E-5B83B0EFABDB}C:\program files\morun.net\stickerlite\sticker.exe" = protocol=6 | dir=in | app=c:\program files\morun.net\stickerlite\sticker.exe |
"TCP Query User{AD3DEAB4-CE2D-40E9-ADFF-27B45CD37ED6}C:\program files\java\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\bin\java.exe |
"TCP Query User{B721C148-D489-491A-AA7C-0AEABDDDDF3D}C:\games\pro evo 2010\pes2010.exe" = protocol=6 | dir=in | app=c:\games\pro evo 2010\pes2010.exe |
"TCP Query User{CBA727BF-86E6-42AA-9AF7-87D9962C625B}C:\tools\vuze - torrent\azureus.exe" = protocol=6 | dir=in | app=c:\tools\vuze - torrent\azureus.exe |
"TCP Query User{CCC0EA10-A15C-4FA7-A4EB-62A7D0EB22B0}C:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe |
"UDP Query User{05AA250B-AC01-489A-B689-F69ACFD639D0}C:\tools\icq - messenger\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\tools\icq - messenger\icq6.5\icq.exe |
"UDP Query User{0919DA04-ABD7-4F10-A00D-1091768A1645}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{22ADE35E-FBA7-4D68-8649-BEAD24F4F897}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{251BE4FF-5AD0-4968-8819-98D264181B9B}C:\games\rise and fall\riseandfall.exe" = protocol=17 | dir=in | app=c:\games\rise and fall\riseandfall.exe |
"UDP Query User{27608CCC-8DF3-4797-84DC-4D45A49D8AAD}C:\games\sacred 2\system\s2gs.exe" = protocol=17 | dir=in | app=c:\games\sacred 2\system\s2gs.exe |
"UDP Query User{27684F34-4A1E-47B7-BAA0-5043CAE025C9}C:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe |
"UDP Query User{35B4B12E-5DBB-4FCB-B970-CC729A09B213}C:\tools\vuze - torrent\azureus.exe" = protocol=17 | dir=in | app=c:\tools\vuze - torrent\azureus.exe |
"UDP Query User{3D60CF3E-8000-479D-B6B9-09C14C4F1FBA}C:\users\tob\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\tob\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{49371899-240D-4A43-A5D3-34250E0A6CC7}C:\tools\vuze - torrent\azureus.exe" = protocol=17 | dir=in | app=c:\tools\vuze - torrent\azureus.exe |
"UDP Query User{4A2B7F55-B756-4350-B89C-8716158B262F}C:\tools\firefox - browser\firefox.exe" = protocol=17 | dir=in | app=c:\tools\firefox - browser\firefox.exe |
"UDP Query User{7D9833D0-C6C3-4826-AD6A-EA9BE1203388}C:\tools\firefox - browser\firefox.exe" = protocol=17 | dir=in | app=c:\tools\firefox - browser\firefox.exe |
"UDP Query User{874D343A-ADDA-4571-80B8-754721ED7D33}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{97AD7233-E397-4967-AF59-B1F737A55947}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{988AE714-6915-4C2B-B36E-C5EAD1D5E404}C:\program files\morun.net\stickerlite\sticker.exe" = protocol=17 | dir=in | app=c:\program files\morun.net\stickerlite\sticker.exe |
"UDP Query User{AC281528-D2D3-4D01-BF4F-FB6F32362FEC}C:\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\games\borderlands\binaries\borderlands.exe |
"UDP Query User{B4A2705C-85F4-4AF8-A4A2-67BF9CDA0AD6}C:\program files\java\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\bin\java.exe |
"UDP Query User{BBA718F3-737A-4F86-9F06-8BFF21094CDD}C:\tools\icq - messenger\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\tools\icq - messenger\icq6.5\icq.exe |
"UDP Query User{C35AFF7B-D9AF-4A7E-84B6-6621E41904FA}C:\games\pro evo 2010\pes2010.exe" = protocol=17 | dir=in | app=c:\games\pro evo 2010\pes2010.exe |
"UDP Query User{CBE946D4-AC0D-4CB6-8616-1FB542F1A311}C:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\tools\terratec home cinema - dvb-t\versioncheck\versioncheck.exe |
"UDP Query User{E22BE656-7BFD-4FAB-B3DE-479486EE1962}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F9641B49-FE36-4993-A9D5-8882282381CE}C:\games\cnc zh\game.dat" = protocol=17 | dir=in | app=c:\games\cnc zh\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0B41341B-4BC2-7CB0-8178-C5D0AD92EEF2}" = CCC Help Greek
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F5A95A6-7A7E-93E7-C77B-470FD9B667F8}" = CCC Help Turkish
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{11712A95-9F9C-2DF6-580D-B62FE3B98768}" = PX Profile Update
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}" = Catalyst Control Center - Branding
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{229F7A4D-6E3B-EB2C-9110-6DEA56E99108}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{26EF1B32-0812-5340-5F35-70DD616E8AE1}" = Catalyst Control Center InstallProxy
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2FB5CC56-872B-A0D7-A525-EBF9DB08689B}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{38EA4830-58AE-65AD-A8B3-6064D394D7ED}" = CCC Help Czech
"{39718956-7340-3DFE-3A35-14C91DC9D63D}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}" = Z Cinema
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3F88036C-CF12-1114-459A-E266572C017E}" = CCC Help Chinese Standard
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4955AA6E-8C6B-A5B9-B18E-E16384E33B50}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B7FE3B3-9A06-285A-EB91-BC3CA6D60AD8}" = CCC Help Polish
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4CDE854F-E21C-135B-ED5A-8E9F82B0007E}" = ATI Catalyst Install Manager
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{603C6F75-DE85-0E39-9D68-938113A2F5E6}" = Catalyst Control Center Graphics Full Existing
"{620797B0-A022-4B57-A95E-CD7DD0325014}" = MoRUN.net Sticker Lite
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6513AD91-DA94-2BD0-E568-432993A4D6BE}" = Skins
"{66E54441-49CF-BA7C-31F8-2B0E8F6ED16C}" = CCC Help Italian
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{721E52C2-EA00-C621-3684-D970952071F9}" = CCC Help Finnish
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{750E150C-26FE-7E07-173B-51E79256A923}" = CCC Help Dutch
"{756E414B-D957-3C82-84D4-A3C287F8EB6A}" = CCC Help Japanese
"{75B384B3-01D1-7483-7F5E-266FB8B17C07}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B18FBCB-A4B6-50E7-ABC6-8DE3544A3252}" = Catalyst Control Center InstallProxy
"{7D6A6201-8191-7F50-E56B-E06A060419F2}" = CCC Help Russian
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0CED3C4-8144-59C4-C5F4-2EA55F34B9B5}" = CCC Help Hungarian
"{A5BADEDF-5C2E-D41B-CDB7-4EF1126EFAC8}" = CCC Help Norwegian
"{A8BEBC07-B5D5-8717-835D-52A06E8436FE}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAEC5400-3AAA-EE21-ABAB-6817E92A1CAD}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE30124B-94BE-4ECC-CA37-25A1773442F0}" = CCC Help Spanish
"{AF5C4D9B-90F3-F13A-1B4C-C3B715D3DBF4}" = ccc-core-static
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B55DB8FF-D820-556E-A1A3-33DBAE66A4D3}" = Catalyst Control Center Graphics Full New
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BE43F19F-EE18-E389-BBF5-37C27AF16661}" = CCC Help English
"{BEFBFA98-AC1C-427F-8257-2E513FAF52B4}" = Overlord II - DEMO
"{C53895B8-ABF5-A16E-3415-B8CE794420BD}" = ccc-utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDE4E96-8001-EE93-6F25-96A7E1A87AC9}" = CCC Help Portuguese
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.85.525
"{D1FAA013-337E-EE72-B238-47A32B2B8314}" = CCC Help Swedish
"{D7645CC1-EB78-3481-FBC4-EBC525488E3C}" = Catalyst Control Center Core Implementation
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E283C37C-C781-586F-CA53-5175CB8C4519}" = CCC Help Thai
"{EAE682E9-A523-7972-B39B-75674154AF1F}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Vuze Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.02.12
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"FUSSBALL MANAGER 10 DEMO" = FUSSBALL MANAGER 10 DEMO
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"IrfanView" = IrfanView (remove only)
"JCreator LE_is1" = JCreator LE 4.50
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Picasa 3" = Picasa 3
"Port Royale 2" = Port Royale 2
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Rise And Fall" = Rise And Fall (remove only)
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SopCast" = SopCast 3.2.8
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X3-Reunion2.0.02DE_is1" = X3: Reunion v2.0.02
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
04.08.2010, 13:25
| #8 |
| /// Selecta Jahrusso | Postbank Trojaner, 40 Tan's eingeben Schritt 1 deinstalliere bitte Vuze Toolbar Ask Toolbar (falls vorhanden) Schritt 2
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{61E40788-7B4F-0725-7BBE-93A23B993E42}] C:\Users\Tob\AppData\Roaming\Axdiz\udtu.exe (Zhjln Orftvii Fockjn)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
[2010.07.21 21:55:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Tob\AppData\Roaming\mozilla\Firefox\Profiles\1gulekis.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
Schritt 3 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button. Schritt 4 Sophos Antirootkit Scanner
Schritt 5 Starte bitte OTL.exe und klicke auf den Quick Scan Button. Bitte poste in Deiner nächsten Antwort OTLFix Log defogger_disable.txt sarccan.log otl.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
09.08.2010, 12:44
| #9 |
| /// Selecta Jahrusso | Postbank Trojaner, 40 Tan's eingeben Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PN an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere eröffnet bitte einen eigenen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Postbank Trojaner, 40 Tan's eingeben |
| 32 bit, 40 tan, 40 tans, antivir, antivir guard, ask toolbar, askbar, avgntflt.sys, avira, bereit, bonjour, browser, converter, desktop, device driver, diagnostics, error, firefox, flash player, fontcache, google, hdaudio.sys, hijack, hijackthis, hilfe!!, home, home premium, iastor.sys, install.exe, kunde, launch, libusb0.sys, locker, logfile, mp3, msiexec, msiexec.exe, mywinlocker, office 2007, plug-in, popup, problem, programdata, realtek, remote control, senden, software, sptd.sys, start menu, system, tan's, trojaner, usb 2.0, usbvideo.sys, vista 32, vista 32 bit, windows, windows-defender |
Textbox.
.
Linear-Darstellung
