|
Log-Analyse und Auswertung: Trojaner ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.08.2010, 11:18 | #1 |
| Trojaner Problem Ich habe trojaner und keine Ahnung , kann mir jemand helfen? ich habe mir HijackThis runtergeladen aber der virus schließt das programm immer wieder |
10.08.2010, 11:23 | #2 |
/// Selecta Jahrusso | Trojaner ProblemEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs drivers32 /all msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\*.wt %systemroot%\system32\*.ruy %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 %systemroot%\system32\ws2help.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
__________________ |
10.08.2010, 11:39 | #3 |
| Trojaner Problem die trojaner verhindern dass ich dass programm aufmache!
__________________was nun |
10.08.2010, 11:42 | #4 |
/// Selecta Jahrusso | Trojaner Problem Drucke dir die Anleitung gegebenfalls aus Downloade Dir bitte OTH ( by Oldtimer ) und speichere die Datei auf dem Desktop. Firefox User: Mit Rechtsklick auf OTH und "Ziel speichern unter" downloaden.
Tut er das nicht klicke in OTH auf Reboot Poste mir die Logfile von Malwarebytes Starte Malwarebytes--> Reiter Scan-Berichte--> klick auf den aktuellsten Bericht--> es öffnet sich automatisch ein Text-Dokument. Sollte Malwarebytes nach dem Reboot nicht starten, teile mir das bitte mit.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie Geändert von Larusso (10.08.2010 um 11:56 Uhr) |
10.08.2010, 12:09 | #5 |
| Trojaner Problem blablabla ist durch trojan.js.offiz infiziert also des steht soo ziemlich bei jeder anwendung ??????? |
10.08.2010, 12:11 | #6 |
/// Selecta Jahrusso | Trojaner Problem Okay, möglichkeit eine CD zu brennen ? Aber vorher, kannst Du in den abgesicherten Modus (mehrmals F8 drücken beim hochfahren) booten und von dort ne OTL Logfile erstellen ?
__________________ --> Trojaner Problem |
10.08.2010, 12:14 | #7 |
| Trojaner Problem oi jetzt wirds zu hoch für mich DD ich bin doch bloßn mädl DDDD ich mach des für mein freund.. mhhh gib mir einen tag um alle sachen aufm laptop zu speichern und dann mach ich weiter |
10.08.2010, 12:42 | #8 |
/// Selecta Jahrusso | Trojaner Problem Welche Sachen auf dem Laptop speichern ? Ich will nur wissen ob du in den abgesicherten Modus booten kannst
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
10.08.2010, 23:07 | #9 |
| Trojaner Problem bevor ich irgendwas ausversehen lösch ne gut ich befolge deine anweisungen wart ^^ so also im abgesicherten modus kann ich sowas schon erstellen nur wohin dann damit wie kann ich des dann speichern ? |
11.08.2010, 11:06 | #10 |
/// Selecta Jahrusso | Trojaner Problem Lass OTL im abgesicherten Modus laufen. Die TextDatei wird dort gespeichert, wo Du OTL hast. Im Idealfall am Desktop. Diese kannst Du mir hier posten. Entweder direkt von dem Rechner aus. Solltest Du mit USB Sticks arbeiten, bitte vorher noch folgendes. Desinfizierung/Absicherung externer Medien Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab. Gehe nun wie folgt vor:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist. Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal. Bitte poste in Deiner nächsten Antwort OTL.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
12.08.2010, 21:11 | #11 |
| Trojaner Problem sorry war gestern nich im internet , ich mach jetzt weiter OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.08.2010 00:13:16 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS-PC Current User Name: Chris Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19723F7B-CAA1-43CC-9091-DAAF9DD68043}" = rport=445 | protocol=6 | dir=out | app=system | "{1BE14ABA-6368-4B2B-AAA3-71EC408A12A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{200AD85A-E3AF-4298-92B8-DB31A3EE85E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5635B58D-CEF8-4FBA-A490-ECF874F60F81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5C329FBD-51FA-4EC5-81C8-24BE18A995E0}" = lport=139 | protocol=6 | dir=in | app=system | "{601D8BD6-1EAC-4E8E-BB69-EC511C26D511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{609F051A-65E6-41E9-84AE-55DA05380B24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{89A87342-DB11-434C-8027-C7D33B728EA5}" = rport=138 | protocol=17 | dir=out | app=system | "{8AC0098E-22AA-4FE5-B1DF-2331307B5F89}" = lport=2869 | protocol=6 | dir=in | app=system | "{8CCF3713-71DD-4450-AA0C-A50FAFFCA809}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AA98656B-6212-4610-8268-9C240D5B05F5}" = lport=137 | protocol=17 | dir=in | app=system | "{B6111C59-6829-4DC7-924A-CF4E5949CA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BA6A7523-6ECE-406D-B13F-821D9794FA6D}" = lport=138 | protocol=17 | dir=in | app=system | "{CCECBB42-0330-430D-AB96-479354DBE5D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CD0F690E-74B1-47F0-896A-6A219C3AE1FC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DD230095-FF8E-454D-B5F3-8ADDFCBDAECF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E24A326C-8A71-4F18-8D4C-265ADE23C3B0}" = lport=445 | protocol=6 | dir=in | app=system | "{E714EE6D-C303-4EEC-8325-C4544C815FEB}" = rport=137 | protocol=17 | dir=out | app=system | "{F8A793F9-F53A-400D-B512-C5B93ABF16C8}" = rport=139 | protocol=6 | dir=out | app=system | "{FB068EA3-7869-4623-AA31-07A873AB2198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1A7D938C-1186-46AC-86EA-A29FE4ADF6C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{23868471-05AC-4437-BE74-D0FD4675BD35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{341C28D5-63EB-475D-97AF-119D412F54E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{3670B0B9-333E-4E75-81BF-6AA04E30E580}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3700563B-4596-45CC-8491-A450409C4710}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{55C57AA7-2225-427E-AF2C-BD5B3843B169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{599A4444-1ECF-407F-B224-8ED8BB9C830B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5C74B49E-FA7B-499F-94CF-51A0B09F3352}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{7A29967D-C17A-452E-A39E-C9B5BC2AAF37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7E9957F6-0A11-4D12-924D-A1D423892D8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7F14B6F1-5986-4208-96C4-2E64163817CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E0E173AE-52D6-4FEB-833C-057EBF81B13B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5994EF0-9C79-4799-B426-E5ED0BD129C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E80D4487-ACEA-4014-B2A2-20F7EE375030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{07EBB499-FC4A-493C-8442-8404091B0BF4}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "TCP Query User{2CBA3293-73D6-4397-9BB9-E818CA21C052}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | "TCP Query User{4C3F0731-6A09-4DEE-8E3A-E5874BA629BB}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "TCP Query User{93A3CD93-3A39-4772-98C0-7AD2F80DB82C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{A7C0A2D3-C62E-40D1-947D-BF5DD0E8E096}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{AE64645B-BEB5-4499-AF2A-B4FD4D172F3E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{AFAE4E58-871B-453D-A2CA-8C481C479C12}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | "TCP Query User{B8C305C1-6319-4BF6-92E9-C0DD64B4A821}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{C18BC198-9B4F-48A7-AC07-009D4ABBE030}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe | "TCP Query User{E4F9ADD7-C3FD-41FF-867D-D69512210575}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | "TCP Query User{FBB8D7AF-EFA2-4988-8A69-7BD3248C4EFD}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | "TCP Query User{FD6F1FA9-92C0-4393-8148-A84DA1E27023}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{038B9636-EF19-49B3-B083-E6CBEF300A53}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{1E4352D8-A796-4285-9787-C158979ADF9C}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "UDP Query User{3752EC1D-A43A-4121-9D05-91123F002C1C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{3D8C6F57-D4C5-46BD-9597-067E3849131A}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | "UDP Query User{5F9F3F19-7C22-44DF-86E1-ED9A747DB4C7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{89544001-3FD6-4F99-8452-B8C57627B797}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{A2B10FA7-B249-463D-B3A4-A190191FC3D8}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | "UDP Query User{DBBBC4AF-A5D8-4C80-B4D9-BDF231B64366}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe | "UDP Query User{E5399A76-9CBD-423D-A66E-2944935B04D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{ECD11967-D409-41AF-8A59-09064D610557}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "UDP Query User{EF34DC72-666F-4D16-89D7-9C8D4FF59176}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | "UDP Query User{FCA4DADF-56E4-4D17-A172-F61E3ACB831F}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{211654D1-F7F8-4FF6-B008-354354354365}_is1" = MaxiVista Demo Server v4.0.10 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D867976-573B-40F7-BE60-7E1A2C9FB35F}_is1" = MaxiVista Demo Anzeigeprogramm v4.0.10 "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D134213-C5F4-4D55-9E36-FEB4C12FD27A}" = PC-Trainer Kfz-Technik "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite "{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator "{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ask Toolbar_is1" = Ask Toolbar "DATEVB00000482.0" = DATEV Installation V.2.6 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EasyBits Magic Desktop" = EasyBits Magic Desktop "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free DVD Video Burner_is1" = Free DVD Video Burner version 1.2 "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "McAfee Security Scan" = McAfee Security Scan "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "NIS" = Norton Internet Security "NSS" = Norton Security Scan "Office2007" = Microsoft Office Home and Student "Postal 2" = Postal 2 "PremElem40" = Adobe Premiere Elements 4.0 "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates "Sweet Home 3D_is1" = Sweet Home 3D version 2.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "T4EPlayer" = T4E Player "TorrentMan Toolbar" = TorrentMan Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 0.9.9 "WinLiveSuite_Wave3" = Windows Live Essentials "Works9se" = Microsoft Works 9.0 SE "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.06.2010 06:35:34 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 25.06.2010 06:36:06 | Computer Name = Chris-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.4.0, Zeitstempel 0x4811da19, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03030303, Prozess-ID 0xe60, Anwendungsstartzeit 01cb14521e6f7f61. Error - 25.06.2010 07:49:06 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 25.06.2010 15:01:27 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 30.06.2010 12:48:01 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/06/30 18:48:01] -------------------------------------------------------- Application: NVC On-demand Scanner Node address: 192.168.2.106 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Zwangi.F' Norman Scanner Engine Information Engine version: 6.05.10 Binary definition file: 6.05 of 2010/06/30 Macro definition file: 6.05 of 2010/06/14 Login information: User 'Chris' on host 'CHRIS-PC'. File infected: c:/Program Files/DriftCity/eu_dcity.exe File quarantined: c:/Program Files/DriftCity/eu_dcity.exe File Unknown message informationc:/Program Files/DriftCity/eu_dcity.exe Error - 30.06.2010 12:48:04 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/06/30 18:48:04] -------------------------------------------------------- Application: NVC On-demand Scanner Node address: 192.168.2.106 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Zwangi.F' Norman Scanner Engine Information Engine version: 6.05.10 Binary definition file: 6.05 of 2010/06/30 Macro definition file: 6.05 of 2010/06/14 Login information: User 'Chris' on host 'CHRIS-PC'. File infected: c:/Program Files/DriftCity/_eu_dcity.exe.zip : eu_dcity.exe File quarantined: c:/Program Files/DriftCity/_eu_dcity.exe.zip Error - 30.06.2010 14:26:00 | Computer Name = Chris-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel 0x4bdfa327, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79, Ausnahmecode 0xc0000005, Fehleroffset 0x001579a2, Prozess-ID 0x107c, Anwendungsstartzeit 01cb1881934a4120. Error - 02.07.2010 03:13:59 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2010 16:36:23 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2010 12:45:37 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:12:23 | Computer Name = Chris-PC | Source = HTTP | ID = 15016 Description = Error - 23.10.2009 21:13:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.08.2010 00:13:16 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS-PC Current User Name: Chris Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19723F7B-CAA1-43CC-9091-DAAF9DD68043}" = rport=445 | protocol=6 | dir=out | app=system | "{1BE14ABA-6368-4B2B-AAA3-71EC408A12A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{200AD85A-E3AF-4298-92B8-DB31A3EE85E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5635B58D-CEF8-4FBA-A490-ECF874F60F81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5C329FBD-51FA-4EC5-81C8-24BE18A995E0}" = lport=139 | protocol=6 | dir=in | app=system | "{601D8BD6-1EAC-4E8E-BB69-EC511C26D511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{609F051A-65E6-41E9-84AE-55DA05380B24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{89A87342-DB11-434C-8027-C7D33B728EA5}" = rport=138 | protocol=17 | dir=out | app=system | "{8AC0098E-22AA-4FE5-B1DF-2331307B5F89}" = lport=2869 | protocol=6 | dir=in | app=system | "{8CCF3713-71DD-4450-AA0C-A50FAFFCA809}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AA98656B-6212-4610-8268-9C240D5B05F5}" = lport=137 | protocol=17 | dir=in | app=system | "{B6111C59-6829-4DC7-924A-CF4E5949CA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BA6A7523-6ECE-406D-B13F-821D9794FA6D}" = lport=138 | protocol=17 | dir=in | app=system | "{CCECBB42-0330-430D-AB96-479354DBE5D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CD0F690E-74B1-47F0-896A-6A219C3AE1FC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DD230095-FF8E-454D-B5F3-8ADDFCBDAECF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E24A326C-8A71-4F18-8D4C-265ADE23C3B0}" = lport=445 | protocol=6 | dir=in | app=system | "{E714EE6D-C303-4EEC-8325-C4544C815FEB}" = rport=137 | protocol=17 | dir=out | app=system | "{F8A793F9-F53A-400D-B512-C5B93ABF16C8}" = rport=139 | protocol=6 | dir=out | app=system | "{FB068EA3-7869-4623-AA31-07A873AB2198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1A7D938C-1186-46AC-86EA-A29FE4ADF6C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{23868471-05AC-4437-BE74-D0FD4675BD35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{341C28D5-63EB-475D-97AF-119D412F54E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{3670B0B9-333E-4E75-81BF-6AA04E30E580}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3700563B-4596-45CC-8491-A450409C4710}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{55C57AA7-2225-427E-AF2C-BD5B3843B169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{599A4444-1ECF-407F-B224-8ED8BB9C830B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5C74B49E-FA7B-499F-94CF-51A0B09F3352}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{7A29967D-C17A-452E-A39E-C9B5BC2AAF37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7E9957F6-0A11-4D12-924D-A1D423892D8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7F14B6F1-5986-4208-96C4-2E64163817CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E0E173AE-52D6-4FEB-833C-057EBF81B13B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5994EF0-9C79-4799-B426-E5ED0BD129C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E80D4487-ACEA-4014-B2A2-20F7EE375030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{07EBB499-FC4A-493C-8442-8404091B0BF4}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "TCP Query User{2CBA3293-73D6-4397-9BB9-E818CA21C052}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | "TCP Query User{4C3F0731-6A09-4DEE-8E3A-E5874BA629BB}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "TCP Query User{93A3CD93-3A39-4772-98C0-7AD2F80DB82C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{A7C0A2D3-C62E-40D1-947D-BF5DD0E8E096}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{AE64645B-BEB5-4499-AF2A-B4FD4D172F3E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{AFAE4E58-871B-453D-A2CA-8C481C479C12}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | "TCP Query User{B8C305C1-6319-4BF6-92E9-C0DD64B4A821}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{C18BC198-9B4F-48A7-AC07-009D4ABBE030}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe | "TCP Query User{E4F9ADD7-C3FD-41FF-867D-D69512210575}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | "TCP Query User{FBB8D7AF-EFA2-4988-8A69-7BD3248C4EFD}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | "TCP Query User{FD6F1FA9-92C0-4393-8148-A84DA1E27023}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{038B9636-EF19-49B3-B083-E6CBEF300A53}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{1E4352D8-A796-4285-9787-C158979ADF9C}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "UDP Query User{3752EC1D-A43A-4121-9D05-91123F002C1C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{3D8C6F57-D4C5-46BD-9597-067E3849131A}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | "UDP Query User{5F9F3F19-7C22-44DF-86E1-ED9A747DB4C7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{89544001-3FD6-4F99-8452-B8C57627B797}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{A2B10FA7-B249-463D-B3A4-A190191FC3D8}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | "UDP Query User{DBBBC4AF-A5D8-4C80-B4D9-BDF231B64366}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe | "UDP Query User{E5399A76-9CBD-423D-A66E-2944935B04D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{ECD11967-D409-41AF-8A59-09064D610557}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | "UDP Query User{EF34DC72-666F-4D16-89D7-9C8D4FF59176}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | "UDP Query User{FCA4DADF-56E4-4D17-A172-F61E3ACB831F}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{211654D1-F7F8-4FF6-B008-354354354365}_is1" = MaxiVista Demo Server v4.0.10 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D867976-573B-40F7-BE60-7E1A2C9FB35F}_is1" = MaxiVista Demo Anzeigeprogramm v4.0.10 "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D134213-C5F4-4D55-9E36-FEB4C12FD27A}" = PC-Trainer Kfz-Technik "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite "{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator "{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ask Toolbar_is1" = Ask Toolbar "DATEVB00000482.0" = DATEV Installation V.2.6 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EasyBits Magic Desktop" = EasyBits Magic Desktop "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free DVD Video Burner_is1" = Free DVD Video Burner version 1.2 "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "McAfee Security Scan" = McAfee Security Scan "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "NIS" = Norton Internet Security "NSS" = Norton Security Scan "Office2007" = Microsoft Office Home and Student "Postal 2" = Postal 2 "PremElem40" = Adobe Premiere Elements 4.0 "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates "Sweet Home 3D_is1" = Sweet Home 3D version 2.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "T4EPlayer" = T4E Player "TorrentMan Toolbar" = TorrentMan Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 0.9.9 "WinLiveSuite_Wave3" = Windows Live Essentials "Works9se" = Microsoft Works 9.0 SE "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.06.2010 06:35:34 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 25.06.2010 06:36:06 | Computer Name = Chris-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.4.0, Zeitstempel 0x4811da19, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03030303, Prozess-ID 0xe60, Anwendungsstartzeit 01cb14521e6f7f61. Error - 25.06.2010 07:49:06 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 25.06.2010 15:01:27 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 30.06.2010 12:48:01 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/06/30 18:48:01] -------------------------------------------------------- Application: NVC On-demand Scanner Node address: 192.168.2.106 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Zwangi.F' Norman Scanner Engine Information Engine version: 6.05.10 Binary definition file: 6.05 of 2010/06/30 Macro definition file: 6.05 of 2010/06/14 Login information: User 'Chris' on host 'CHRIS-PC'. File infected: c:/Program Files/DriftCity/eu_dcity.exe File quarantined: c:/Program Files/DriftCity/eu_dcity.exe File Unknown message informationc:/Program Files/DriftCity/eu_dcity.exe Error - 30.06.2010 12:48:04 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073 Description = Norman Message [2010/06/30 18:48:04] -------------------------------------------------------- Application: NVC On-demand Scanner Node address: 192.168.2.106 -------------------------------------------------------- ALARM: Virus infected: Virus name: 'W32/Zwangi.F' Norman Scanner Engine Information Engine version: 6.05.10 Binary definition file: 6.05 of 2010/06/30 Macro definition file: 6.05 of 2010/06/14 Login information: User 'Chris' on host 'CHRIS-PC'. File infected: c:/Program Files/DriftCity/_eu_dcity.exe.zip : eu_dcity.exe File quarantined: c:/Program Files/DriftCity/_eu_dcity.exe.zip Error - 30.06.2010 14:26:00 | Computer Name = Chris-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel 0x4bdfa327, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79, Ausnahmecode 0xc0000005, Fehleroffset 0x001579a2, Prozess-ID 0x107c, Anwendungsstartzeit 01cb1881934a4120. Error - 02.07.2010 03:13:59 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2010 16:36:23 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2010 12:45:37 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009 Description = Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.10.2009 21:12:23 | Computer Name = Chris-PC | Source = HTTP | ID = 15016 Description = Error - 23.10.2009 21:13:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
12.08.2010, 23:05 | #12 |
/// Selecta Jahrusso | Trojaner Problem Du hast mir 2x die Extras.txt gepostet
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
15.08.2010, 13:44 | #13 |
| Trojaner Problem ja ehm is das das falsche? eh augenblick OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.08.2010 00:13:16 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS-PC Current User Name: Chris Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr PRC - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe ========== Modules (SafeList) ========== MOD - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.06.24 11:35:17 | 000,219,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC) SRV - [2010.06.14 14:29:58 | 000,282,624 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc) SRV - [2010.05.21 13:09:08 | 000,202,056 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas) SRV - [2010.05.18 14:40:06 | 000,301,192 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA) SRV - [2010.05.07 13:48:04 | 000,103,016 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.15 14:14:41 | 000,098,776 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY) SRV - [2010.02.05 05:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Windows\System32\HFGService.dll -- (HFGService) SRV - [2009.12.03 17:03:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2009.10.15 16:50:54 | 000,133,272 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler) SRV - [2009.10.11 16:07:33 | 000,152,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6) SRV - [2009.10.07 14:04:51 | 000,129,928 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves) SRV - [2009.09.03 15:51:12 | 001,765,696 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe -- (MaxiVista_service_D) SRV - [2009.08.22 09:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009.01.08 18:44:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.07.16 15:00:00 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.05.14 12:14:59 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Ngs\Bin\nregsec.sys -- (nregsec) DRV - [2010.05.10 10:06:10 | 000,072,392 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Programme\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC) DRV - [2010.02.05 05:16:10 | 000,066,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp) DRV - [2010.02.05 05:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF) DRV - [2010.02.04 17:35:17 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP) DRV - [2010.01.04 15:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Stopped] -- c:\Programme\Norman\Ngs\Bin\ngs.sys -- (NGS) DRV - [2009.10.14 14:03:28 | 000,023,392 | ---- | M] (Norman ASA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt) DRV - [2009.10.09 14:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio) DRV - [2009.09.11 03:17:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA) DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP) DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI) DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.08.02 02:28:00 | 000,013,696 | ---- | M] (MaxiVista) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mvCmdemo.SYS -- (mvCmdemo) DRV - [2009.08.02 02:28:00 | 000,012,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvvideodemo.sys -- (mvvideodemo) DRV - [2009.07.13 10:00:00 | 000,875,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVEX15.SYS -- (NAVEX15) DRV - [2009.07.13 10:00:00 | 000,087,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVENG.SYS -- (NAVENG) DRV - [2009.07.11 21:34:11 | 000,293,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys -- (IDSVix86) DRV - [2009.05.16 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.05.16 10:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2008.08.06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.04 11:02:46 | 002,161,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.07.29 05:48:56 | 000,418,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28) DRV - [2008.07.16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.07.11 04:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.02.20 23:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.06.08 04:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.25 10:07:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 00:30:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 00:30:41 | 000,000,000 | ---D | M] [2010.02.09 22:14:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions [2009.05.24 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions [2009.05.24 13:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.07.27 00:30:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions [2010.02.10 08:29:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.25 17:34:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.25 17:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.26 18:23:42 | 000,000,873 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\conduit.xml [2010.07.21 15:13:40 | 000,000,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\icqplugin.xml [2010.08.10 23:16:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.27 00:30:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.27 00:30:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.27 00:30:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.27 00:30:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.27 00:30:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Chris\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\RunOnce: [380989] C:\Users\Chris\AppData\Local\380989.exe () O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxiVista Demo Anzeigeprogramm All.lnk = C:\Programme\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ff9d4f9d-6586-11de-8e8b-00238b86cd3c}\Shell\Auto\command - "" = AdobeR.exe e O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.10 13:06:30 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr [2010.08.10 12:33:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2010.08.10 12:14:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2010.08.09 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Novoline [2010.08.02 13:07:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Khanh Musik [2010.07.25 17:35:01 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB [2010.07.25 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.23 18:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.07.20 21:35:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\youtube musik [2010.07.14 21:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D ========== Files - Modified Within 30 Days ========== [2010.08.11 00:10:23 | 000,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat [2010.08.11 00:08:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.11 00:07:34 | 002,883,584 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT [2010.08.10 23:50:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.08.10 23:48:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.10 23:48:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.10 23:48:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.10 23:46:55 | 000,105,472 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.10 23:34:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.10 23:22:06 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.10 23:22:06 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.10 23:22:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.10 23:22:06 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.10 23:22:06 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.10 19:54:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.10 19:54:17 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.10 19:54:17 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.10 19:54:12 | 002,184,090 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db [2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2010.08.10 12:14:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2010.08.10 11:53:31 | 001,211,392 | ---- | M] () -- C:\Users\Chris\AppData\Local\380989.exe [2010.08.09 23:34:10 | 003,546,336 | ---- | M] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg [2010.08.09 22:13:29 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chris.job [2010.08.07 16:55:46 | 000,000,156 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.05 02:51:34 | 000,061,754 | ---- | M] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg [2010.08.02 13:04:58 | 002,106,714 | ---- | M] () -- C:\Users\Chris\Desktop\SharePod396.zip [2010.08.02 09:10:19 | 000,062,026 | ---- | M] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg [2010.07.29 04:34:59 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.07.25 17:34:51 | 000,001,034 | ---- | M] () -- C:\Users\Chris\Desktop\DVDVideoSoft Free Studio.lnk [2010.07.14 21:43:31 | 000,000,866 | ---- | M] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk [2010.07.13 23:40:50 | 000,013,875 | ---- | M] () -- C:\Users\Chris\Desktop\Lebenslauf Christian.docx ========== Files Created - No Company Name ========== [2010.08.10 11:53:31 | 001,211,392 | ---- | C] () -- C:\Users\Chris\AppData\Local\380989.exe [2010.08.09 23:34:08 | 003,546,336 | ---- | C] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg [2010.08.05 02:47:32 | 000,061,754 | ---- | C] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg [2010.08.02 14:04:20 | 000,062,026 | ---- | C] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg [2010.08.02 13:04:42 | 002,106,714 | ---- | C] () -- C:\Users\Chris\Desktop\SharePod396.zip [2010.07.14 21:43:31 | 000,000,866 | ---- | C] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk [2010.07.13 23:11:06 | 000,013,875 | ---- | C] () -- C:\Users\Chris\Desktop\Lebenslauf Christian.docx [2010.04.06 12:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer002.INI [2010.04.06 11:59:30 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2010.04.06 11:59:25 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstart001.INI [2010.04.06 11:56:12 | 000,000,021 | ---- | C] () -- C:\Windows\StartUp.INI [2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\OutN64proc64.dll [2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\InN64proc64.dll [2009.06.01 23:10:33 | 000,572,206 | ---- | C] () -- C:\Windows\System32\_C6DBDLL.DLL [2009.06.01 23:10:33 | 000,402,432 | ---- | C] () -- C:\Windows\System32\C4fox.dll [2009.06.01 23:10:33 | 000,216,064 | ---- | C] () -- C:\Windows\System32\MDI16KH.DLL [2009.06.01 23:04:13 | 000,000,156 | ---- | C] () -- C:\Windows\ptkfz.INI [2009.05.19 22:28:40 | 000,000,156 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.03.16 11:18:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.01.09 02:05:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.01.09 02:05:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2007.01.15 09:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.08.2010 00:13:16 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS-PC Current User Name: Chris Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr PRC - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe ========== Modules (SafeList) ========== MOD - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.06.24 11:35:17 | 000,219,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC) SRV - [2010.06.14 14:29:58 | 000,282,624 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc) SRV - [2010.05.21 13:09:08 | 000,202,056 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas) SRV - [2010.05.18 14:40:06 | 000,301,192 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA) SRV - [2010.05.07 13:48:04 | 000,103,016 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.15 14:14:41 | 000,098,776 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY) SRV - [2010.02.05 05:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Windows\System32\HFGService.dll -- (HFGService) SRV - [2009.12.03 17:03:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2009.10.15 16:50:54 | 000,133,272 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler) SRV - [2009.10.11 16:07:33 | 000,152,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6) SRV - [2009.10.07 14:04:51 | 000,129,928 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves) SRV - [2009.09.03 15:51:12 | 001,765,696 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe -- (MaxiVista_service_D) SRV - [2009.08.22 09:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009.01.08 18:44:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.07.16 15:00:00 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.05.14 12:14:59 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Ngs\Bin\nregsec.sys -- (nregsec) DRV - [2010.05.10 10:06:10 | 000,072,392 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Programme\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC) DRV - [2010.02.05 05:16:10 | 000,066,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp) DRV - [2010.02.05 05:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF) DRV - [2010.02.04 17:35:17 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP) DRV - [2010.01.04 15:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Stopped] -- c:\Programme\Norman\Ngs\Bin\ngs.sys -- (NGS) DRV - [2009.10.14 14:03:28 | 000,023,392 | ---- | M] (Norman ASA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt) DRV - [2009.10.09 14:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio) DRV - [2009.09.11 03:17:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA) DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP) DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI) DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.08.02 02:28:00 | 000,013,696 | ---- | M] (MaxiVista) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mvCmdemo.SYS -- (mvCmdemo) DRV - [2009.08.02 02:28:00 | 000,012,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvvideodemo.sys -- (mvvideodemo) DRV - [2009.07.13 10:00:00 | 000,875,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVEX15.SYS -- (NAVEX15) DRV - [2009.07.13 10:00:00 | 000,087,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVENG.SYS -- (NAVENG) DRV - [2009.07.11 21:34:11 | 000,293,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys -- (IDSVix86) DRV - [2009.05.16 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.05.16 10:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2008.08.06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.04 11:02:46 | 002,161,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.07.29 05:48:56 | 000,418,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28) DRV - [2008.07.16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.07.11 04:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.02.20 23:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.06.08 04:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.25 10:07:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 00:30:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 00:30:41 | 000,000,000 | ---D | M] [2010.02.09 22:14:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions [2009.05.24 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions [2009.05.24 13:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.07.27 00:30:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions [2010.02.10 08:29:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.25 17:34:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.25 17:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.26 18:23:42 | 000,000,873 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\conduit.xml [2010.07.21 15:13:40 | 000,000,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\icqplugin.xml [2010.08.10 23:16:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.27 00:30:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.27 00:30:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.27 00:30:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.27 00:30:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.27 00:30:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Chris\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\RunOnce: [380989] C:\Users\Chris\AppData\Local\380989.exe () O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxiVista Demo Anzeigeprogramm All.lnk = C:\Programme\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ff9d4f9d-6586-11de-8e8b-00238b86cd3c}\Shell\Auto\command - "" = AdobeR.exe e O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.10 13:06:30 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr [2010.08.10 12:33:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2010.08.10 12:14:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2010.08.09 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Novoline [2010.08.02 13:07:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Khanh Musik [2010.07.25 17:35:01 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB [2010.07.25 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.23 18:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.07.20 21:35:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\youtube musik [2010.07.14 21:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D ========== Files - Modified Within 30 Days ========== [2010.08.11 00:10:23 | 000,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat [2010.08.11 00:08:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.11 00:07:34 | 002,883,584 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT [2010.08.10 23:50:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.08.10 23:48:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.10 23:48:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.10 23:48:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.10 23:46:55 | 000,105,472 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.10 23:34:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.10 23:22:06 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.10 23:22:06 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.10 23:22:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.10 23:22:06 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.10 23:22:06 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.10 19:54:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.10 19:54:17 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.10 19:54:17 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.10 19:54:12 | 002,184,090 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db [2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2010.08.10 12:14:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2010.08.10 11:53:31 | 001,211,392 | ---- | M] () -- C:\Users\Chris\AppData\Local\380989.exe [2010.08.09 23:34:10 | 003,546,336 | ---- | M] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg [2010.08.09 22:13:29 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chris.job [2010.08.07 16:55:46 | 000,000,156 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.05 02:51:34 | 000,061,754 | ---- | M] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg [2010.08.02 13:04:58 | 002,106,714 | ---- | M] () -- C:\Users\Chris\Desktop\SharePod396.zip [2010.08.02 09:10:19 | 000,062,026 | ---- | M] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg [2010.07.29 04:34:59 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.07.25 17:34:51 | 000,001,034 | ---- | M] () -- C:\Users\Chris\Desktop\DVDVideoSoft Free Studio.lnk [2010.07.14 21:43:31 | 000,000,866 | ---- | M] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk [2010.07.13 23:40:50 | 000,013,875 | ---- | M] () -- C:\Users\Chris\Desktop\Lebenslauf Christian.docx ========== Files Created - No Company Name ========== [2010.08.10 11:53:31 | 001,211,392 | ---- | C] () -- C:\Users\Chris\AppData\Local\380989.exe [2010.08.09 23:34:08 | 003,546,336 | ---- | C] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg [2010.08.05 02:47:32 | 000,061,754 | ---- | C] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg [2010.08.02 14:04:20 | 000,062,026 | ---- | C] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg [2010.08.02 13:04:42 | 002,106,714 | ---- | C] () -- C:\Users\Chris\Desktop\SharePod396.zip [2010.07.14 21:43:31 | 000,000,866 | ---- | C] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk [2010.07.13 23:11:06 | 000,013,875 | ---- | C] () -- C:\Users\Chris\Desktop\Lebenslauf Christian.docx [2010.04.06 12:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer002.INI [2010.04.06 11:59:30 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2010.04.06 11:59:25 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstart001.INI [2010.04.06 11:56:12 | 000,000,021 | ---- | C] () -- C:\Windows\StartUp.INI [2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\OutN64proc64.dll [2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\InN64proc64.dll [2009.06.01 23:10:33 | 000,572,206 | ---- | C] () -- C:\Windows\System32\_C6DBDLL.DLL [2009.06.01 23:10:33 | 000,402,432 | ---- | C] () -- C:\Windows\System32\C4fox.dll [2009.06.01 23:10:33 | 000,216,064 | ---- | C] () -- C:\Windows\System32\MDI16KH.DLL [2009.06.01 23:04:13 | 000,000,156 | ---- | C] () -- C:\Windows\ptkfz.INI [2009.05.19 22:28:40 | 000,000,156 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.03.16 11:18:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.01.09 02:05:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.01.09 02:05:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2007.01.15 09:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > |
15.08.2010, 14:37 | #14 |
/// Selecta Jahrusso | Trojaner Problem Speichere bitte die angehängte Fix.txt auf deinen USB Stick Starte OTL und klicke auf den FIX Button. Du wirst nun gefragt ob du eine Datei einfügen willst. Bestätige dies mit JA und navigiere zu der FIX.txt auf deinem USB Stick. Klicke öffnen. Nun sollte sich ein Text in der CustomScan Box befinden. Ist dies der Falle klicke erneut auf den FIX Button. Der Rechner wird neu starten. Berichte ob Du nun in den Normalmodus booten kannst
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
15.08.2010, 15:07 | #15 |
| Trojaner Problem hat funktioniert da is jetztn fenster mit dem text : All processes killed Error: Unable to interpret <[emptytemp]> in the current context! Error: Unable to interpret <[reboot]> in the current context! OTL by OldTimer - Version 3.2.9.1 log created on 08152010_160212 Files\Folders moved on Reboot... Registry entries deleted on Reboot... .. und ja die lästigen fenster mit den virusen erscheinen nich mehr |
Themen zu Trojaner Problem |
ahnung, hijack, hijackthis, immer wieder, proble, problem, programm, runtergeladen, schließ, schließt, troja, trojaner, trojaner problem, virus |