.scr datei via studivz PN empfangen

Dummkopf2010 · 11.09.2010, 01:44

Ich verstehe leider überhaupt nichts von dieser ganzen Thematik und werde aus den Themen, die Ähnlichkeit mit meinem haben, nicht wirklich schlau.

Ich habe via Studivz eine PN von einem Freund empfangen, mit folgendem Inhalt:

hey na wie gehts dir?
weißt du vielicht wer das auf dem foto ist?
hxxp://tinyurl.com/11-08-2010-jpg

Klug wie ich bin, denke ich zu nachtschlafender Zeit nicht darüber nach und öffne die Datei (Ausführen, nicht speichern). Die Informationen, die ich über die Datei dort im Nachhinein bekommen konnte, sind folgende:

92.241.190.25
Screen Saver 333 kb
11_08_2010.scr

Nach "erfolgreichem" Ausühren, öffnet sich tatsächlich auch ein Foto mit mir unbekannten Menschen und ganz kurz erscheint ein schwarzes Fenster mit Text, das ebensoschnell auch wieder verschwindet.

Aktuell lasse ich gerade Malwarebyte laufen und warte auf ein Ergebnis.

Kann mir jemand sagen, was weiterhin zu tun ist, bzw. ob sich die Problematik / Lösungswege dieser Datei wesentlich von der anderer Dateien unterscheiden?

Vielen Dank für eure Hilfe.

john.doe · 11.09.2010, 11:37

Hallo Dummkopf2010 und

Zitat:

hey na wie gehts dir?
weißt du vielicht wer das auf dem foto ist?
hxxp://tinyurl.com/11-08-2010-jpg

Auf so etwas würde ich nicht einmal klicken, wenn mir jemand mit Peitschenhieben droht. Ich hoffe, du hast daraus gelernt. Ansonsten ist alles weitere nutzlos.

Hier die Analyse von VT:

Code:

ATTFilter

File name: 
11_08_20102.scr
Submission date: 
2010-09-11 06:02:47 (UTC)
Current status: 
finished
Result: 
2 /43 (4.7%)	VT Community

not reviewed
 Safety score: - 

Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2010.09.11.00	2010.09.11	-
AntiVir	8.2.4.50	2010.09.10	-
Antiy-AVL	2.0.3.7	2010.09.11	-
Authentium	5.2.0.5	2010.09.10	-
Avast	4.8.1351.0	2010.09.10	-
Avast5	5.0.594.0	2010.09.10	-
AVG	9.0.0.851	2010.09.11	-
BitDefender	7.2	2010.09.11	-
CAT-QuickHeal	11.00	2010.09.10	-
ClamAV	0.96.2.0-git	2010.09.11	BC.Heuristic.Trojan.SusPacked.BF-3.A
Comodo	6038	2010.09.11	-
DrWeb	5.0.2.03300	2010.09.11	-
Emsisoft	5.0.0.37	2010.09.10	-
eSafe	7.0.17.0	2010.09.07	-
eTrust-Vet	36.1.7848	2010.09.10	-
F-Prot	4.6.1.107	2010.09.01	-
F-Secure	9.0.15370.0	2010.09.11	-
Fortinet	4.1.143.0	2010.09.10	-
GData	21	2010.09.11	-
Ikarus	T3.1.1.88.0	2010.09.10	-
Jiangmin	13.0.900	2010.09.11	-
K7AntiVirus	9.63.2494	2010.09.10	-
Kaspersky	7.0.0.125	2010.09.11	-
McAfee	5.400.0.1158	2010.09.11	-
McAfee-GW-Edition	2010.1B	2010.09.11	Heuristic.LooksLike.Win32.Suspicious.C!88
Microsoft	1.6103	2010.09.11	-
NOD32	5441	2010.09.10	-
Norman	6.06.06	2010.09.10	-
nProtect	2010-09-11.01	2010.09.11	-
Panda	10.0.2.7	2010.09.10	-
PCTools	7.0.3.5	2010.09.11	-
Prevx	3.0	2010.09.11	-
Rising	22.64.04.03	2010.09.10	-
Sophos	4.57.0	2010.09.11	-
Sunbelt	6861	2010.09.11	-
SUPERAntiSpyware	4.40.0.1006	2010.09.11	-
Symantec	20101.1.1.7	2010.09.11	-
TheHacker	6.7.0.0.014	2010.09.11	-
TrendMicro	9.120.0.1004	2010.09.11	-
TrendMicro-HouseCall	9.120.0.1004	2010.09.11	-
VBA32	3.12.14.0	2010.09.08	-
ViRobot	2010.9.8.4031	2010.09.11	-
VirusBuster	12.64.27.1	2010.09.10	-
Additional information
Show all 
MD5   : 7f5bdc23301281f5d95bfc44adca832b
SHA1  : f5be775716bf3a0d5ece2f704f5368dede6224d5
SHA256: 1dc054587eb0b3a61ac2a7096dd20d8922c5e1c2ecefaef13ada3c2ac6b7ae43
ssdeep: 6144:plbHcUrtpYoCrIMqRadZeTw4lO7EeZBCTtyznwaQ9SbFNcD:ppHRpYsMteTwFQeZYAznAg
vu
File size : 340992 bytes
First seen: 2010-09-10 16:26:32
Last seen : 2010-09-11 06:02:47
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
TrID: 
Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
sigcheck: 
publisher....: Microsoft
copyright....: Copyright (c) Microsoft 2010
product......: netframe2Stahubbb
description..: netframe2Stahubbb
original name: Wuddi00000005ahamitjpg.exe
internal name: Wuddi00000005ahamitjpg.exe
file version.: 1.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x530E0
timedatestamp....: 0x4C8A58CB (Fri Sep 10 16:11:55 2010)
machinetype......: 0x14C (Intel I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.rsrc, 0x2000, 0x4EA5C, 0x4EC00, 7.9, c8e521cc773b300167f26a3f9d681c8d
.text, 0x52000, 0x431C, 0x4400, 5.78, a21bdbb43e094c5b0f3559dda31c1af0
.reloc, 0x58000, 0xC, 0x200, 0.12, 3b86a05a3bd2d0d7a1e3d769b1a31fab

[[ 1 import(s) ]]
mscoree.dll: _CorExeMain
Symantec reputation:Suspicious.Insight

Das nur zwei etwas erkennen, ist in deinem Fall nichts Positives, sondern eher das Gegenteil. Das ist garantiert ein Schädling. Was er genau macht, weiß ich noch nicht, doch sei auf das Schlimmste gefasst.

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

1.) Klick auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die Liste unter Punkt 2 (nur Alternative B) ab. Poste alle drei Logs.

ciao, andreas

markusg · 11.09.2010, 11:46

poste das Malwarebytes log.
kannst du noch mal im posteingang schauen ob das wirklich der ganze link war, sende ihn mir per pm, wenn du die original datei hast, dann lad sie zu uns hoch bitte.
http://www.trojaner-board.de/54791-a...ner-board.html
dein bekannter hat evtl. auch nen trojaner auf dem pc, gib ihm bitte bescheid.

john.doe · 11.09.2010, 11:47

Da ein KTler übernommen hat, ziehe ich mich zurück. Halte dich an seine Anweisungen.

Ich bin raus, Andreas

Edit: Datei ist rausgeschickt.

markusg · 11.09.2010, 12:01

a ok danke.

john.doe · 11.09.2010, 12:05

yw

ciao, andreas

Dummkopf2010 · 11.09.2010, 15:21

Vielen Dank für eure Mühen bisher. Ich hoffe, ich hab das richtig gemacht, here it is:

Datenbank Version: 4591

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

11.09.2010 03:50:56
mbam-log-2010-09-11 (03-50-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 384164
Laufzeit: 3 Stunde(n), 26 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
C:\Users\Daniel\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Users\Daniel\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
C:\Users\Daniel\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\Daniel\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.

PS: Ja, das war tatsaechlich der ganze Link. Finde keinen Speicherort der Datei, da ich nur auf "Ausführen" statt auf "speichern unter" geklickt hatte.

markusg · 11.09.2010, 15:47

das passt schon so. hast du die funde entfernen lassen? wenn ja, weiter hiermit:
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide.

Dummkopf2010 · 11.09.2010, 17:13

OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.09.2010 17:09:01 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Daniel
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,73 Gb Total Space | 35,31 Gb Free Space | 25,27% Space Free | Partition Type: NTFS
Drive D: | 93,15 Gb Total Space | 59,27 Gb Free Space | 63,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 30,33 Mb Total Space | 1,68 Mb Free Space | 5,53% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Daniel\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe (Cognizance Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Daniel\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll ()
MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe File not found
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (TeamViewer) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (SCM_Service) -- C:\Windows\System32\WinService.exe ()
SRV - (lxbf_device) -- C:\Windows\System32\lxbfcoms.exe ( )
SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll (Cognizance Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (tvtool) -- C:\Program Files\TVTool\tvtool.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SCMNdisP) -- C:\Windows\system32\DRIVERS\scmndisp.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (cFosNT) -- C:\Windows\System32\Drivers\cFosNT.sys (cFos Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lilaweiss.de/index.php?include=treffpunkt_anz
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://193.192.248.219:3128/"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "193.192.248.219:3128"
FF - prefs.js..network.proxy.gopher: "193.192.248.219:3128"
FF - prefs.js..network.proxy.http: "193.192.248.219:3128"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "193.192.248.219:3128"
FF - prefs.js..network.proxy.ssl: "193.192.248.219:3128"
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.30 19:07:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.06 12:40:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.01 18:18:31 | 000,000,000 | ---D | M]
 
[2008.11.29 05:20:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2010.06.15 02:08:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\rjpe8eb2.default\extensions
[2009.10.14 20:30:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\rjpe8eb2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.15 02:07:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\rjpe8eb2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.06.10 02:47:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\rjpe8eb2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.06.15 02:07:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\rjpe8eb2.default\extensions\illimitux@illimitux.net
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\rjpe8eb2.default\searchplugins\icqplugin.xml
[2010.04.15 16:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.27 02:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.01.08 02:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
O3 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: [EPSON SX510W Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: [HKCU] C:\Users\Daniel\AppData\Roaming\install\sv_chost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-638473920-1088491357-2327974481-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1219093472 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://webmail.saxion.nl/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24b14649-5a72-11dd-9031-001cbfc068f0}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{ba393ee6-e991-11de-86ea-001e8c24e9f7}\Shell\AutoRun\command - "" = 3n8awsyg.exe
O33 - MountPoints2\{ba393ee6-e991-11de-86ea-001e8c24e9f7}\Shell\open\Command - "" = 3n8awsyg.exe
O33 - MountPoints2\{d64cc576-ba45-11dd-a997-001e8c24e9f7}\Shell\AutoRun\command - "" = F:\ -- File not found
O33 - MountPoints2\{d64cc576-ba45-11dd-a997-001e8c24e9f7}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk - C:\PROGRA~1\CISCOS~1\CLEANA~1\CCAAGE~1.EXE - (Cisco Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk - C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Daniel\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: cFos - Tip of the Day - hkey= - key= - C:\cFosNT\setup.exe (cFos Software GmbH)
MsConfig - StartUpReg: cFosDNT - hkey= - key= - C:\cFosNT\cfosdnt.exe (cFos Software GmbH)
MsConfig - StartUpReg: CognizanceTS - hkey= - key= - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll File not found
MsConfig - StartUpReg: etMonitor - hkey= - key= - C:\Windows\etMon.exe (EMPIA Technology Corporation)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= -  File not found
MsConfig - StartUpReg: PowerForPhone - hkey= - key= - C:\Program Files\P4P\P4P.exe ()
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Veoh - hkey= - key= - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe File not found
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe File not found
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0980CF06-BB5B-D470-65EA-FDBBF5A2CF84} - Internet Explorer
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FF6B319B-72D3-7856-406E-3E78D351F8C8} - Microsoft Windows Media Player
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.11 17:06:22 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\OTL.exe
[2010.09.11 00:22:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2010.09.11 00:22:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.11 00:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.11 00:22:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.11 00:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.11 00:21:53 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Daniel\mbam-setup.exe
[2010.09.11 00:20:01 | 000,176,320 | ---- | C] (Symantec Corporation) -- C:\Users\Daniel\symantec.exe
[2010.09.11 00:10:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\install
[2010.08.16 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\GMATPrep
[2008.08.12 18:10:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2008.08.12 18:10:26 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2008.08.12 18:10:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2008.08.12 18:10:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2008.08.12 18:10:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2008.08.12 18:10:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2008.08.12 18:10:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll
[2008.08.12 18:10:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2008.08.12 18:10:26 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2008.08.12 18:10:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2008.08.12 18:10:26 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2008.08.12 18:10:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll
[2008.07.26 13:29:44 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.11 17:15:26 | 004,718,592 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat
[2010.09.11 17:09:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.11 17:06:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\OTL.exe
[2010.09.11 16:17:27 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.11 16:15:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.09.11 16:14:25 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.11 16:14:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 16:14:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 16:14:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.11 16:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.11 03:53:37 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat{0f7791d3-a81f-11de-9139-001e8c24e9f7}.TMContainer00000000000000000001.regtrans-ms
[2010.09.11 03:53:37 | 000,065,536 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat{0f7791d3-a81f-11de-9139-001e8c24e9f7}.TM.blf
[2010.09.11 03:53:33 | 003,812,025 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2010.09.11 00:22:30 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 00:22:09 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Daniel\mbam-setup.exe
[2010.09.11 00:20:05 | 000,176,320 | ---- | M] (Symantec Corporation) -- C:\Users\Daniel\symantec.exe
[2010.09.11 00:03:53 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9DBEE1B5-F58B-442D-BC4E-541851737A46}.job
[2010.09.09 18:13:48 | 000,041,950 | ---- | M] () -- C:\Users\Daniel\CV_Basic.pdf
[2010.09.09 18:11:17 | 000,041,937 | ---- | M] () -- C:\Users\Daniel\Deutsch.pdf
[2010.09.09 18:10:34 | 000,018,565 | ---- | M] () -- C:\Users\Daniel\Desktop\CV_Basic.docx
[2010.09.09 18:03:47 | 000,040,215 | ---- | M] () -- C:\Users\Daniel\CV_DEUTSCH.pdf
[2010.09.09 17:10:01 | 000,597,579 | ---- | M] () -- C:\Users\Daniel\Gleichertigkeit Paderborn.pdf
[2010.09.09 17:05:25 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Daniel.job
[2010.09.08 18:39:00 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2010.09.05 19:44:58 | 000,010,057 | ---- | M] () -- C:\Users\Daniel\dscf7651.jpg
[2010.09.02 23:04:37 | 001,736,694 | ---- | M] () -- C:\Users\Daniel\Patti.bmp
[2010.09.01 18:18:32 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.31 04:09:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.31 04:09:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.31 04:09:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.31 04:09:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.31 04:09:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.25 20:43:31 | 000,025,232 | ---- | M] () -- C:\Users\Daniel\Olli.pdf
[2010.08.17 01:06:32 | 000,100,824 | ---- | M] () -- C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.16 21:11:56 | 002,302,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.16 17:04:59 | 000,002,070 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\GMATPrep(TM).lnk
[2010.08.16 17:04:59 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\GMATPrep (TM).lnk
 
========== Files Created - No Company Name ==========
 
[2010.09.11 03:52:54 | 000,003,086 | ---- | C] () -- C:\Users\Daniel\mbam-log-2010-09-11 (03-52-21).txt
[2010.09.11 03:51:17 | 000,002,831 | ---- | C] () -- C:\Users\Daniel\mbam-log-2010-09-11 (03-50-56).txt
[2010.09.11 00:22:30 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.09 18:13:47 | 000,041,950 | ---- | C] () -- C:\Users\Daniel\CV_Basic.pdf
[2010.09.09 18:11:16 | 000,041,937 | ---- | C] () -- C:\Users\Daniel\Deutsch.pdf
[2010.09.09 18:03:47 | 000,040,215 | ---- | C] () -- C:\Users\Daniel\CV_DEUTSCH.pdf
[2010.09.09 17:10:00 | 000,597,579 | ---- | C] () -- C:\Users\Daniel\Gleichertigkeit Paderborn.pdf
[2010.09.09 17:08:56 | 000,009,573 | ---- | C] () -- C:\Users\Daniel\PADERBORN.txt
[2010.09.05 19:45:07 | 000,010,057 | ---- | C] () -- C:\Users\Daniel\dscf7651.jpg
[2010.09.03 13:42:33 | 000,319,786 | ---- | C] () -- C:\Users\Daniel\PADERBORN.pdf
[2010.09.02 23:08:16 | 001,736,694 | ---- | C] () -- C:\Users\Daniel\Patti.bmp
[2010.08.25 20:43:31 | 000,025,232 | ---- | C] () -- C:\Users\Daniel\Olli.pdf
[2010.08.24 03:28:36 | 003,239,128 | ---- | C] () -- C:\Users\Daniel\Deutsch.jpg.pdf
[2010.08.16 17:04:59 | 000,002,070 | ---- | C] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\GMATPrep(TM).lnk
[2010.08.16 17:04:59 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\GMATPrep (TM).lnk
[2010.08.03 19:29:15 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.07.16 18:28:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.04.15 16:40:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.11.30 03:48:51 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.07.22 07:39:15 | 000,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2009.03.24 04:43:38 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.19 01:15:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.09.21 00:59:15 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll
[2008.09.21 00:59:15 | 000,005,515 | ---- | C] () -- C:\Windows\fmachine.ini
[2008.08.12 18:24:35 | 000,000,101 | ---- | C] () -- C:\Windows\lexstat.ini
[2008.08.12 18:10:27 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2008.08.12 18:10:26 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2008.07.27 18:35:26 | 000,129,126 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\nvModes.001
[2008.07.27 18:35:21 | 000,129,126 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\nvModes.dat
[2008.07.26 16:30:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.26 13:29:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.06 18:50:22 | 000,073,216 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.03 22:28:13 | 000,024,064 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\UserTile.png
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007.05.03 17:59:00 | 000,053,248 | ---- | C] () -- C:\Windows\etRunDLL.dll
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.01.12 10:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005.09.13 17:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005.04.03 01:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[1998.05.06 06:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2010.01.18 00:55:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AllDup
[2010.02.02 18:26:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Atari
[2008.10.13 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus
[2010.08.11 13:05:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Belastingdienst
[2009.12.30 17:56:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BitTorrent
[2009.11.17 12:25:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CiscoCAA
[2008.08.07 22:05:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DeepBurner
[2010.09.11 03:52:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Desktopicon
[2010.02.03 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DNA
[2010.07.23 12:52:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Epson
[2009.11.30 23:27:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2010.08.16 21:16:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2010.09.11 00:10:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\install
[2009.06.29 04:05:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech
[2008.08.02 15:21:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera
[2008.07.26 13:25:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PeerNetworking
[2009.10.06 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ScummVM
[2008.09.10 19:34:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2009.10.21 17:12:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Windows Live Writer
[2010.01.02 17:50:56 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\CiscoCAA
[2009.05.15 10:48:59 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DeepBurner
[2010.05.25 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ
[2009.04.20 06:55:41 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2010.09.08 18:39:00 | 000,000,242 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2010.09.11 03:53:46 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.11 00:03:53 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9DBEE1B5-F58B-442D-BC4E-541851737A46}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.17 09:10:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Adobe
[2010.01.18 00:55:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AllDup
[2010.02.02 18:26:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Atari
[2008.10.13 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus
[2010.08.11 13:05:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Belastingdienst
[2009.12.30 17:56:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BitTorrent
[2009.11.17 12:25:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CiscoCAA
[2008.08.07 22:05:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DeepBurner
[2010.09.11 03:52:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Desktopicon
[2010.06.07 08:22:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DivX
[2010.02.03 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DNA
[2009.11.19 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Download Manager
[2010.01.09 04:14:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\dvdcss
[2010.07.23 12:52:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Epson
[2008.08.07 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Google
[2009.11.30 23:27:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2010.08.16 21:16:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2008.07.01 02:46:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Identities
[2010.09.11 00:10:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\install
[2008.07.26 13:32:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\InstallShield
[2009.06.29 04:05:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech
[2008.07.07 20:32:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Macromedia
[2010.09.11 00:22:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Media Center Programs
[2010.04.15 16:18:09 | 000,000,000 | --SD | M] -- C:\Users\Daniel\AppData\Roaming\Microsoft
[2009.06.15 09:42:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Move Networks
[2008.11.29 05:20:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla
[2008.08.02 15:21:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera
[2008.08.02 15:28:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PC Tools
[2008.07.26 13:25:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PeerNetworking
[2010.03.09 14:43:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Real
[2009.10.06 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ScummVM
[2010.09.10 03:11:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Skype
[2010.09.10 03:10:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\skypePM
[2008.09.10 19:34:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2008.08.07 00:57:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\vlc
[2008.08.19 10:46:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Winamp
[2009.10.21 17:12:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Windows Live Writer
[2008.09.15 03:09:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2008.07.27 20:03:16 | 001,172,472 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniel\AppData\Roaming\install\sv_chost.exe
[2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.06.15 09:42:29 | 000,034,062 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2010.07.06 14:33:53 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Daniel\AppData\Roaming\Real\Update\setup3.10\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
[1994.05.17 12:15:00 | 000,052,116 | R--- | M] () -- C:\BOOTMKR.EXE
[1994.03.10 11:19:04 | 000,005,009 | R--- | M] () -- C:\CDPLAY.EXE
[1993.11.23 22:36:12 | 000,254,196 | R--- | M] () -- C:\DOS4GW.EXE
[1994.05.10 17:03:32 | 000,254,663 | R--- | M] () -- C:\SAMNMAX.EXE
[1994.03.11 17:50:52 | 000,121,139 | R--- | M] () -- C:\SETMUSE.EXE
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2006.11.08 20:33:24 | 000,269,824 | ---- | M] (Intel Corporation) MD5=11C62D1CE575B18E342F9F765C8206F2 -- C:\Windows\ConfigSetRoot\Drivers\Robson\V0.60.0.1046_Vista32_64\Winall\Driver\iaStor.sys
[2006.11.08 21:05:16 | 000,535,320 | ---- | M] (Intel Corporation) MD5=15D4EA429EA5D625BF8EBF544ECA9370 -- C:\Windows\ConfigSetRoot\Drivers\Robson\V0.60.0.1046_Vista32_64\Winall\Driver64\IaStor.sys
[2007.09.29 17:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Preload\IMSM\64BIT\IASTOR.SYS
[2007.09.29 17:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Preload\TURBOMEM\WINALL\DRIVER64\IASTOR.SYS
[2007.02.13 00:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Windows\ConfigSetRoot\Drivers\Robson\V1.0.0.1082_logo_Vista32_64\Winall\Driver64\IaStor.sys
[2007.09.29 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Preload\IMSM\32BIT\IASTOR.SYS
[2007.09.29 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Preload\TURBOMEM\WINALL\DRIVER\IASTOR.SYS
[2007.09.29 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.02.13 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\ConfigSetRoot\Drivers\Robson\V1.0.0.1082_logo_Vista32_64\Winall\Driver\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010.06.26 08:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:73232FF4A8D33468
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

--- --- ---

Dummkopf2010 · 11.09.2010, 17:14

EXTRASOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11.09.2010 17:09:01 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Daniel
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,73 Gb Total Space | 35,31 Gb Free Space | 25,27% Space Free | Partition Type: NTFS
Drive D: | 93,15 Gb Total Space | 59,27 Gb Free Space | 63,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 30,33 Mb Total Space | 1,68 Mb Free Space | 5,53% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F7834E-0E2A-4944-989D-03EB397BDD0A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{047AEA84-12AF-42FF-ACB6-35325EF74FE0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{080D5827-85EA-4EBF-92CF-FCFE331277AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{09E5DBCD-2C34-488D-8326-D7F890C2EE4C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0BB69DD5-3EDF-4ADE-A4C2-AF0C635EBCC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0C540DD6-DE49-4EB6-9AD5-A3946C0BA3F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0EEC652C-A48A-4486-B2CE-B146373F518A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F738EB3-07A5-43FB-94E7-3D41C3173FED}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29CF5699-D1C4-459F-83A9-95254BA0F657}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2A61ABF4-F8E7-4D22-A4D0-CB2C4A9BC0D2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{3377D9A5-0427-4812-9BB8-F9364C17AF09}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{45964896-8FE0-44A2-9226-BC0DFAE6F2C9}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{462333A3-7E4F-496E-8891-E3B2E259007E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{46397405-B6E5-4501-BF50-B866CF17EE63}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{47DF5BF9-2BAB-45BB-BC1B-96C76FC09C2D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{47FE6E79-A434-4672-A2CC-AD4C9CC44053}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{48DDB805-8044-4F89-B345-B84E3B153321}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4D1A2D2F-7A16-4C69-92AC-C89B2ECA95C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4DDE4C2B-3131-4351-AF60-C558CE194BFE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{63EE765E-4A4A-48C5-9CA9-A3159D1EA645}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6475395E-278F-4363-A01A-FDD5A8EFBFE4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{74F9EF52-C331-476B-A7BC-01C8374E7F65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7D8EECFD-2AB8-4EA5-A478-9A24BBC3DE42}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{97DFFDAA-B915-4AEA-9864-2AA2D3C10D6E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{97EAED76-E709-456A-BB2F-632DF07A4E40}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{9AAE6DBC-2529-4EAE-8B80-9177D891C842}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{9CF17C5F-DF96-4654-A436-D166DFDC6093}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DF92CF7-8908-43A2-B4F7-9455E8FD61E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A194183C-2605-47A4-B548-409BFC273F35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A20D1D43-7954-4B10-B70C-553D94F16E0E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A53AA3B1-5126-4EDE-94BE-8A40EB4B3005}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ACFB07A8-BDFC-41C4-8B5C-8070CF80C3E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8BDC438-BCEA-4825-92E7-EDE8AC90786C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CA2732C0-9E93-4EA4-9948-8D755B318D2C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CC0B888A-AB9E-4F91-9A2D-CBE3F4220A46}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D0B48459-FB8D-4D6B-AE50-21557EC268D0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{D610E267-7C85-493C-AD54-F7666F0EB54B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D91C30A7-367D-40D1-9D1C-C5BD7993319A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DB42CCC0-1B6E-4014-ACAF-048489F644F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DC474A32-5CAE-4DCA-90AC-9D639EEA12C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FCC4A366-2236-4A28-BA16-162269930FFC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FD48DFC0-8A34-4788-AABD-9CBF92851B19}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0045733F-67E8-4C70-AF66-33293B4226EB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{068E5FD8-ACB6-4972-9206-FFF1767A01B9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{080264C5-B24F-40D5-B290-0AD9A82F10E1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{11AACF1F-91B3-440A-85C6-EB95258CB35C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{16AD7F79-CC29-4BFB-988D-8B654E9B4306}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{18EA7A0F-C484-41DF-9756-3E9D54A9B7F4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{1E45078F-CCAB-4079-8747-8DAA97871167}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1EA7ECFA-9A3C-4F26-ABFC-4389C1BDEEBB}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{223CB4FE-1C9D-4118-9DA5-D4BFDE1A15DB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{25D33094-5553-4819-95A0-0FF56F1A6271}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4AE13D2C-0C71-4167-9BD4-913C06A65EFE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4B0822FF-3DEF-4621-B97F-51D86A55203F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{4B395782-B577-4918-B67F-542AABE13022}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{4D2307EC-1383-4B79-9B35-498771611BB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{56F91D56-A3C6-40B0-97C0-EA819F92DA08}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{5899DBD4-A50D-4084-A5CD-ECA097B58489}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{68D1594F-5EB3-4311-B104-49FA330F3B58}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7775865D-6ACC-4AFB-BE54-00D98192B936}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{7B19478C-81D9-4240-96ED-5350597E69E1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{84F04AB6-28CB-4981-A6DD-28C230CF98D5}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{882C72BB-2FBD-46CA-B41B-4BC01D885753}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{8A9B7291-E914-4246-8CEA-F2AE8F8D9761}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9508F0F5-9E15-4B19-9A77-A1D2597F533A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{98244525-1509-4046-BF40-52A4783CBE9F}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"{987ADE39-52CD-4465-9313-31B994711CEB}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{9C1C13FB-2474-436C-B16C-6F24158B7A11}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe | 
"{9E5BC8B6-4DEF-4C32-B452-F17A3A4520F6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9FAAAD74-123F-4AEE-AF8E-9ECB39526DCF}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{A2624683-11C6-4AF2-997B-A85B41913B35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AAF8EAAF-436F-4400-B9F0-E88610C29D66}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC40498E-6C6E-405E-8D0F-D9BD848F90BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AD57EFDB-2367-4C67-B92C-08E249F6A018}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{B1896ED3-C0EA-4B63-8F2D-72AADF91ECED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B1BAC6AC-E706-4DD7-AF8A-D89BBBBB5383}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{B777BCF5-9952-4AAC-8142-7C26FD38ACF4}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{BD23BB45-F01D-45ED-95B6-34EA8A485F82}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C957589C-213A-4534-9869-77FB810175A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CA2E1113-94FE-4314-AD80-6C5B4840B31D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{CF1AFB44-93CB-4F38-A0BC-C1F384ED676A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D2652C66-EA8E-4060-8D4A-A6A83C5AACFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E072E512-F0C5-4C3F-8780-D879C3DC019B}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"{E7B9FB20-71DE-415E-91D3-A6CD8ED918B2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{ECECC427-EEAF-4832-B4E7-8221FA385526}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe | 
"{EEA48BBF-9867-4B2F-84DA-F55A709B13E6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F76664F4-BFED-466A-9EC0-64A88F5BF321}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{F9151A77-65F1-49E2-90D2-FA74B8F90ABB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{030E4C47-4CC3-4313-A46F-337A62FA842E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{0E89450C-CB1C-40E0-8D0D-4A37F520EAD8}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{1082EC00-E1F9-4DAB-8797-C50C58261711}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{164C60A5-8C13-4E88-8F87-5E85131A94D7}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{16C6AB4F-EB59-4168-B26B-D72E4076D95B}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{2BCAF175-1E0F-4869-A327-9483A81D3D6A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{348BC35E-6A20-4A1B-8A2B-8D6429247817}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{3C0A80D7-9E79-4A62-A4BC-260693CB8736}C:\users\daniel\desktop8998\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop8998\icq6.5\icq.exe | 
"TCP Query User{4C14435E-8D5F-4DE5-A6D8-71B5D65DE2AD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{5798ECC6-9112-4D94-BEB0-A739E63C930A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{5A594D4D-BC4C-48DB-B470-14A7F061F014}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{642C0125-D133-484A-93A9-AC4C54F402BE}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{67C95667-AFD4-44F9-800B-2048629D4041}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{68BEF2CD-88CF-4C0E-AAE1-4E390FC224B3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{6FF71017-B35F-4998-AC13-B1498492EEB8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7555FC32-7189-4292-B571-E07802AF063D}C:\users\daniel\desktop8998\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop8998\icq6.5\icq.exe | 
"TCP Query User{84193B93-C383-48E4-8E56-96798792C3E5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{9155EB37-620E-40DB-A535-B7B5F4224086}C:\program files\smartwizard discovery\smartwizard discovery.exe" = protocol=6 | dir=in | app=c:\program files\smartwizard discovery\smartwizard discovery.exe | 
"TCP Query User{AAAE3252-C887-4B09-BEDB-FFA9CEEC9F5E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{ACD8BCA6-541C-43E0-994C-33795DD4B8A3}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{B751F837-1A5B-456A-818B-BE85E89551F0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{BC5FC80B-6EF2-4CEF-9D52-4754F309D33A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{C113C307-29ED-4CF1-9678-5F5A64BB7EDE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C1D3AA92-E031-4DFD-854C-B9897AD4C52E}C:\users\daniel\downloads\scrabble\scrabble.exe" = protocol=6 | dir=in | app=c:\users\daniel\downloads\scrabble\scrabble.exe | 
"TCP Query User{C9CA97F6-E476-4FC7-842D-1B3A18AFECBB}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{D77C74B4-203F-494E-8319-225FCC1A31AA}C:\users\daniel\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\daniel\program files\dna\btdna.exe | 
"TCP Query User{ED7D2196-6637-4933-9395-4991908CC521}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F0A1B746-FE17-4013-9401-0F2A9D87D2A1}C:\users\daniel\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\daniel\program files\dna\btdna.exe | 
"TCP Query User{F14FC069-7FAF-4E6F-8193-86030FCEACCE}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{FF238472-6EF4-4D47-9B3A-BB0139D51BA3}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{09D0E3CD-8C2A-4B9C-AE00-61271D2A89C7}C:\users\daniel\desktop8998\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop8998\icq6.5\icq.exe | 
"UDP Query User{0FE2BAEC-6180-4288-B04E-3730812EC46B}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"UDP Query User{1581F0B4-EE6A-4832-A0E8-033D4EE84EF3}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{165CF640-8A1F-49B8-AC6D-328A7E1F99DC}C:\users\daniel\downloads\scrabble\scrabble.exe" = protocol=17 | dir=in | app=c:\users\daniel\downloads\scrabble\scrabble.exe | 
"UDP Query User{1DB36DAD-9E72-455D-9CAE-0366B07B3D2B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{229C026E-A668-432F-9680-B5A858E76930}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{291DF979-154F-4B3F-846A-0B00B6D1532C}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{2FAB676A-BF3A-4A86-B33B-A8FD2CFF1234}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{33680420-19A4-4FFE-BEF8-E155C1809367}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{565A8DFC-0224-49AD-B320-64F0182CE6B7}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6FCA2FF5-D468-4982-A2CF-F623BCEEBBB0}C:\users\daniel\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\daniel\program files\dna\btdna.exe | 
"UDP Query User{764D65ED-66DB-4FFA-8485-85BCA02044E9}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{85C337FF-FB9D-4D56-B519-81406CA6D31E}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{8EA4B164-1C87-41C3-8276-AE64AE3363DD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{906D5CD1-DA54-4896-90CF-1E82097748C0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{A0C95F24-0AED-4125-8457-21C5FD96F893}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A88FCD18-9387-4DEB-BF1F-0E4EF277C4A1}C:\users\daniel\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\daniel\program files\dna\btdna.exe | 
"UDP Query User{B1369E7E-9505-4C8F-8C6F-DF46645F3E4B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{B45E4863-D8D8-49B0-B0FE-BFC77DB4F28E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BC9FCFF4-13F9-4F04-A8D2-3F4E029171FB}C:\program files\smartwizard discovery\smartwizard discovery.exe" = protocol=17 | dir=in | app=c:\program files\smartwizard discovery\smartwizard discovery.exe | 
"UDP Query User{BDAFF36F-B80D-4847-ADCE-59B6EBB15D7D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{C4E0AFE3-9B7B-4828-A073-3FE50D8A3827}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{C6B2F429-A7F6-4F7A-ACF2-ABAA413095DE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{CF21CD81-6479-4E78-93C0-F5D20D367065}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{D5881669-FFC3-4277-876B-A8B54A8923A6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{DB0D00DB-E60E-42FB-A4AB-1C8067746132}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{DE06F1F9-6709-4C7C-B11B-7559923EE487}C:\users\daniel\desktop8998\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop8998\icq6.5\icq.exe | 
"UDP Query User{E3239099-CCEB-4E8A-AAD9-E548D1881FDE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F9D3354F-E8E1-42E6-B2D2-4D53AA3307EF}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{FFDD657C-1C87-4EF1-85E4-BD5B44C82147}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A69F94-891E-42F8-824E-6F8669C0C95A}" = LifeCam Video Messages gadget
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = ASUS WebCam Driver
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1" = Shutdown Manager
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AllDup_is1" = AllDup 2.1.10
"Anti-Twin 2010-01-17 23.31.53" = Anti-Twin (Installation 17.01.2010)
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Aurigma Image Uploader 5.1 Dual_is1" = Aurigma Image Uploader 5.1 Dual
"CDex" = CDex extraction audio
"cFos" = cFos NT/2000/XP DSL/ISDN Driver 6.11 (Build 2943)
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"FLV Player1.33T" = FLV Player
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Huur- en zorgtoeslag 2010" = Huur- en zorgtoeslag 2010
"ICQToolbar" = ICQ Toolbar
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = ASUS WebCam Driver
"Lexmark X6100 Series" = Lexmark X6100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Picasa2" = Picasa 2
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Scribus 1.3.3.12" = Scribus 1.3.3.12
"ScummVM_is1" = ScummVM 1.0.0rc1
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Smartwizard Discovery_is1" = utility version 2.05.03
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 3" = TeamViewer 3
"TVTool" = TVTool
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-638473920-1088491357-2327974481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.05.2010 13:48:21 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul Flash10d.ocx, Version 10.0.42.34, Zeitstempel 0x4ae7baed,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0012c8a7,  Prozess-ID 0x6a2c, Anwendungsstartzeit
 01caf6b244ce41e0.
 
Error - 18.05.2010 13:49:11 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x0042d8d4,  Prozess-ID 0x6f1c, 
Anwendungsstartzeit 01caf6b251486130.
 
Error - 19.05.2010 01:33:10 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.05.2010 01:38:48 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x0042d8d4,  Prozess-ID 0x1640, 
Anwendungsstartzeit 01caf71583a9846b.
 
Error - 19.05.2010 15:18:10 | Computer Name = Daniel-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion  für die Datei  F:\DCIM\100NCD40\DSC_0002.JPG.

 [ACCESS_VIOLATION Exception!! EIP = 28295768]   Bitte Avira informieren und die obige
 Datei übersenden!
 
Error - 19.05.2010 21:44:50 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.05.2010 03:58:42 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.05.2010 04:04:05 | Computer Name = Daniel-PC | Source = Google Update | ID = 20
Description = 
 
Error - 20.05.2010 04:06:46 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x0042d8d4,  Prozess-ID 0x17f4, 
Anwendungsstartzeit 01caf7f34e4ffca1.
 
Error - 20.05.2010 04:09:34 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x0042d8d4,  Prozess-ID 0x1c68, 
Anwendungsstartzeit 01caf7f32a934651.
 
[ System Events ]
Error - 25.09.2008 21:05:23 | Computer Name = Daniel-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 129.241.132.85 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 25.09.2008 21:05:42 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 26.09.2008 01:13:19 | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 26.09.2008 01:13:44 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 26.09.2008 01:13:50 | Computer Name = Daniel-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 26.09.2008 01:13:50 | Computer Name = Daniel-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 129.241.132.85 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 27.09.2008 08:28:03 | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 27.09.2008 08:28:27 | Computer Name = Daniel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 27.09.2008 08:28:31 | Computer Name = Daniel-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 27.09.2008 08:28:31 | Computer Name = Daniel-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 129.241.132.85 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
 
< End of report >

--- --- ---

markusg · 11.09.2010, 17:18

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Dummkopf2010 · 11.09.2010, 18:30

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-11.01 - Daniel 11.09.2010  18:56:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.1931 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 48 bytes in 1 streams. 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\Daniel\AppData\Roaming\Desktopicon

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-11 bis 2010-09-11  ))))))))))))))))))))))))))))))
.

2010-09-11 17:09 . 2010-09-11 17:09	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2010-09-11 17:09 . 2010-09-11 17:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-10 22:22 . 2010-09-10 22:22	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2010-09-10 22:22 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 22:22 . 2010-09-10 22:22	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-10 22:22 . 2010-09-10 22:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-10 22:22 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-10 22:21 . 2010-09-10 22:22	6153648	----a-w-	c:\users\Daniel\mbam-setup.exe
2010-09-10 22:20 . 2010-09-10 22:20	176320	----a-w-	c:\users\Daniel\symantec.exe
2010-09-10 22:10 . 2010-09-10 22:10	--------	d-----w-	c:\users\Daniel\AppData\Roaming\install
2010-08-16 15:04 . 2010-08-16 15:05	--------	d-----w-	c:\program files\GMATPrep

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 17:15 . 2008-07-25 19:23	--------	d-----w-	c:\users\Daniel\AppData\Roaming\ICQ
2010-09-11 17:07 . 2010-04-15 14:41	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-09-11 16:49 . 2010-08-11 10:59	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Belastingdienst
2010-09-10 22:04 . 2008-08-02 13:25	--------	d-----w-	c:\programdata\Google Updater
2010-09-10 01:11 . 2008-07-26 14:29	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Skype
2010-09-10 01:10 . 2008-07-26 14:30	--------	d-----w-	c:\users\Daniel\AppData\Roaming\skypePM
2010-09-09 14:49 . 2008-07-01 09:25	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-09-04 23:25 . 2008-10-26 23:24	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-08-31 02:09 . 2008-04-16 11:11	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-08-31 02:09 . 2008-04-16 11:11	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-08-27 08:34 . 2010-01-27 00:05	--------	d-----w-	c:\program files\ICQ7.0
2010-08-16 23:06 . 2008-07-01 00:46	100824	----a-w-	c:\users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 15:04 . 2008-07-01 09:24	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-12 01:01 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-11 10:59 . 2010-08-11 10:59	--------	d-----w-	c:\program files\Belastingdienst
2010-07-27 06:04 . 2010-07-27 06:04	17874088	----a-w-	c:\users\Daniel\PDFCreator-1_0_1_setup.exe
2010-07-23 10:52 . 2010-07-23 10:52	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Epson
2010-07-16 16:40 . 2010-07-16 16:27	--------	d-----w-	c:\programdata\EPSON
2010-07-16 16:39 . 2010-07-16 16:26	--------	d-----w-	c:\program files\epson
2010-07-16 16:39 . 2010-07-16 16:39	--------	d-----w-	c:\programdata\UDL
2010-07-16 16:38 . 2010-07-16 16:35	--------	d-----w-	c:\program files\Epson Software
2010-07-16 16:36 . 2008-07-01 09:21	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-07-16 16:34 . 2010-07-16 16:34	--------	d-----w-	c:\program files\ABBYY FineReader 6.0 Sprint
2010-07-16 16:32 . 2010-07-16 16:31	--------	d-----w-	c:\program files\EpsonNet
2010-07-16 16:32 . 2010-07-16 16:32	--------	d-----w-	c:\program files\Common Files\EPSON
2010-07-15 05:20 . 2008-10-18 23:15	--------	d-----w-	c:\programdata\FreePDF
2010-06-26 06:05 . 2010-08-11 10:33	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 10:33	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 10:33	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 10:33	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:18 . 2010-08-11 10:33	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-11 10:33	36352	----a-w-	c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-11 10:33	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-11 10:33	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-16 15:59 . 2010-08-11 10:33	898952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-01-17 22:59 . 2010-01-17 22:59	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-11-30 01:48	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-11-30 01:48	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-11-30 01:48	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2009-11-03 649072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-02 68856]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-08-22 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-06 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 06:27	61440	----a-w-	c:\program files\ASUS\ATK Media\DMedia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2009-09-26 22:32	83312	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-16 11:02	323392	----a-w-	c:\users\Daniel\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFos - Tip of the Day]
2008-08-02 12:16	1257472	----a-r-	c:\cfosnt\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosDNT]
2006-05-26 15:56	802816	----a-r-	c:\cfosnt\cfosdnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-21 21:12	17920	----a-r-	c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etMonitor]
2007-04-13 16:00	102400	----a-w-	c:\windows\etMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2008-07-22 20:44	357376	----a-w-	c:\program files\FreePDF_XP\fpassist.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-17 22:59	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 10:18	8534560	----a-w-	c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 10:18	81920	----a-w-	c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-12-05 10:18	86016	----a-w-	c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2008-01-25 16:32	778240	----a-w-	c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-24 17:31	630784	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 12:19	148888	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-02 13:25	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12	1029416	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-06 10:39	198160	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02	36352	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 tvtool;tvtool;c:\program files\TVTool\tvtool.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca42e781de71b0;Google Update Service (gupdate1ca42e781de71b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-17 30192]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R4 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
R4 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [2007-07-17 180224]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 cFosNT;cFosNT;c:\windows\System32\Drivers\cFosNT.sys [2006-05-26 793088]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ   	ASBroker ASChannel
.
Inhalt des "geplante Tasks" Ordners

2010-09-11 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

2010-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-02 14:53]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 22:35]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 22:35]

2010-09-09 c:\windows\Tasks\Norton Security Scan for Daniel.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-07 07:48]

2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{9DBEE1B5-F58B-442D-BC4E-541851737A46}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.lilaweiss.de/index.php?include=treffpunkt_anz
IE: An OneNote s&enden - /105
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\rjpe8eb2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - prefs.js: network.proxy.ftp - 193.192.248.219:3128
FF - prefs.js: network.proxy.gopher - 193.192.248.219:3128
FF - prefs.js: network.proxy.http - 193.192.248.219:3128
FF - prefs.js: network.proxy.socks - 193.192.248.219:3128
FF - prefs.js: network.proxy.ssl - 193.192.248.219:3128
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\rjpe8eb2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Daniel\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
AddRemove-AllDup_is1 - c:\program files\AllDup\unins000.exe
AddRemove-Anti-Twin 2010-01-17 23.31.53 - c:\program files\AntiTwin\uninstall.exe
AddRemove-Aurigma Image Uploader 5.1 Dual_is1 - c:\program files\Aurigma\Image Uploader 5.1 Dual\unins000.exe
AddRemove-CloneDVD2 - c:\program files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
AddRemove-SUPER © - c:\progra~1\ERIGHT~1\SUPER\Setup.exe
AddRemove-TVTool - c:\program files\TVTool\uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-11 19:15
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2880)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\APSHook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-11  19:27:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-11 17:27

Vor Suchlauf: 11 Verzeichnis(se), 36.818.571.264 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 37.130.899.456 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=74 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74
- - End Of File - - 61675FE99A04CD875EF426900B7EC89C

--- --- ---

markusg · 11.09.2010, 18:35

ok, dein avira is komplett veraltet.
avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

Dummkopf2010 · 12.09.2010, 00:56

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 11. September 2010 20:10

Es wird nach 2801829 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 1) [6.0.6001]
Boot Modus : Normal gebootet
Benutzername : Daniel
Computername : DANIEL-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:36
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:18
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:33:00
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:48
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:50
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:44
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:44
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:04
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:53:23
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 17:53:29
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 17:53:40
VBASE008.VDF : 7.10.9.166 2048 Bytes 23.07.2010 17:53:40
VBASE009.VDF : 7.10.9.167 2048 Bytes 23.07.2010 17:53:40
VBASE010.VDF : 7.10.9.168 2048 Bytes 23.07.2010 17:53:41
VBASE011.VDF : 7.10.9.169 2048 Bytes 23.07.2010 17:53:41
VBASE012.VDF : 7.10.9.170 2048 Bytes 23.07.2010 17:53:41
VBASE013.VDF : 7.10.9.198 157696 Bytes 26.07.2010 17:53:41
VBASE014.VDF : 7.10.9.255 997888 Bytes 29.07.2010 17:53:43
VBASE015.VDF : 7.10.10.28 139264 Bytes 02.08.2010 17:53:43
VBASE016.VDF : 7.10.10.52 127488 Bytes 03.08.2010 17:53:44
VBASE017.VDF : 7.10.10.84 137728 Bytes 06.08.2010 17:53:44
VBASE018.VDF : 7.10.10.107 176640 Bytes 09.08.2010 17:53:45
VBASE019.VDF : 7.10.10.130 132608 Bytes 10.08.2010 17:53:45
VBASE020.VDF : 7.10.10.158 131072 Bytes 12.08.2010 17:53:45
VBASE021.VDF : 7.10.10.190 136704 Bytes 16.08.2010 17:53:46
VBASE022.VDF : 7.10.10.217 118272 Bytes 19.08.2010 17:53:46
VBASE023.VDF : 7.10.10.246 130048 Bytes 23.08.2010 17:53:46
VBASE024.VDF : 7.10.11.11 144896 Bytes 25.08.2010 17:53:46
VBASE025.VDF : 7.10.11.33 135168 Bytes 27.08.2010 17:53:47
VBASE026.VDF : 7.10.11.52 148992 Bytes 31.08.2010 17:53:47
VBASE027.VDF : 7.10.11.75 124928 Bytes 03.09.2010 17:53:47
VBASE028.VDF : 7.10.11.92 137728 Bytes 06.09.2010 17:53:48
VBASE029.VDF : 7.10.11.107 166400 Bytes 08.09.2010 17:53:48
VBASE030.VDF : 7.10.11.127 136704 Bytes 10.09.2010 17:53:49
VBASE031.VDF : 7.10.11.128 2048 Bytes 10.09.2010 17:53:49
Engineversion : 8.2.4.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 11.09.2010 17:53:56
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 11.09.2010 17:53:56
AESCN.DLL : 8.1.6.1 127347 Bytes 11.09.2010 17:53:55
AESBX.DLL : 8.1.3.1 254324 Bytes 11.09.2010 17:53:56
AERDL.DLL : 8.1.8.2 614772 Bytes 11.09.2010 17:53:55
AEPACK.DLL : 8.2.3.5 471412 Bytes 11.09.2010 17:53:54
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 11.09.2010 17:53:53
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 11.09.2010 17:53:53
AEHELP.DLL : 8.1.13.3 242038 Bytes 11.09.2010 17:53:51
AEGEN.DLL : 8.1.3.20 397684 Bytes 11.09.2010 17:53:50
AEEMU.DLL : 8.1.2.0 393588 Bytes 11.09.2010 17:53:50
AECORE.DLL : 8.1.16.2 192887 Bytes 11.09.2010 17:53:50
AEBB.DLL : 8.1.1.0 53618 Bytes 11.09.2010 17:53:49
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:12
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:08
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:42
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:50
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:12
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:26
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:54
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:56
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:10
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:30

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, E:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 10
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Samstag, 11. September 2010 20:10

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSOSYNC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'p2phost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplicationUpdater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MultiFrame.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsGHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '493' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <VistaOS>
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5HZNX7A\google_de[2].htm
[FUND] Enthält verdächtigen Code: HEUR/HTML.Malware
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3ba1d6ad-47511c5a
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Agen.NA.1
--> AppletX.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Agen.NA.1
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\7136f07d-713c9b56
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStrem.BN.2
--> myf/y/AppletX.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenStrem.BN.2
--> myf/y/LoaderX.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.nac.4
--> myf/y/PayloadX.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.nad.4
Beginne mit der Suche in 'D:\' <DATA>
D:\Eigene Musik\Our Lady Peace - Freestylers.wma
[FUND] Ist das Trojanische Pferd TR/Dldr.WMA.Wimad.BF
Beginne mit der Suche in 'F:\'
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.

Beginne mit der Desinfektion:
D:\Eigene Musik\Our Lady Peace - Freestylers.wma
[FUND] Ist das Trojanische Pferd TR/Dldr.WMA.Wimad.BF
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '486fb26c.qua' verschoben!
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\7136f07d-713c9b56
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.nad.4
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50b99d88.qua' verschoben!
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3ba1d6ad-47511c5a
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Agen.NA.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '02b4c751.qua' verschoben!
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5HZNX7A\google_de[2].htm
[FUND] Enthält verdächtigen Code: HEUR/HTML.Malware
[HINWEIS] Der Fund wurde als verdächtig eingestuft.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '649588e4.qua' verschoben!

Ende des Suchlaufs: Sonntag, 12. September 2010 01:52
Benötigte Zeit: 1:45:16 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

32308 Verzeichnisse wurden überprüft
668480 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
1 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
4 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
668474 Dateien ohne Befall
15611 Archive wurden durchsucht
0 Warnungen
4 Hinweise
180155 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

markusg · 12.09.2010, 10:41

ok, jetzt besuche erst mal die windows update seite, dort hohle dir das serviecepack 2 und den ie 8 instaliere alle wichtigen updates.
gibts probleme mit dem pc im moment?

11.09.2010, 11:46	#3
markusg /// Malware-holic	.scr datei via studivz PN empfangen poste das Malwarebytes log. kannst du noch mal im posteingang schauen ob das wirklich der ganze link war, sende ihn mir per pm, wenn du die original datei hast, dann lad sie zu uns hoch bitte. http://www.trojaner-board.de/54791-a...ner-board.html dein bekannter hat evtl. auch nen trojaner auf dem pc, gib ihm bitte bescheid. __________________

11.09.2010, 12:01	#5
markusg /// Malware-holic	.scr datei via studivz PN empfangen a ok danke.

11.09.2010, 17:18	#11
markusg /// Malware-holic	.scr datei via studivz PN empfangen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

11.09.2010, 18:35	#13
markusg /// Malware-holic	.scr datei via studivz PN empfangen ok, dein avira is komplett veraltet. avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

12.09.2010, 10:41	#15
markusg /// Malware-holic	.scr datei via studivz PN empfangen ok, jetzt besuche erst mal die windows update seite, dort hohle dir das serviecepack 2 und den ie 8 instaliere alle wichtigen updates. gibts probleme mit dem pc im moment?

.scr datei via studivz PN empfangen

Plagegeister aller Art und deren Bekämpfung: .scr datei via studivz PN empfangen