| |
| |||||||
Log-Analyse und Auswertung: Vista Leerlaufprozess 99%/Trojaner-AgentWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.09.2010, 18:15
| #1 |
 |  Vista Leerlaufprozess 99%/Trojaner-Agent Hallo, liebe User von trojaner-board Ich bin neu hier und habe ein problem wie der Titel schon sagt. Seit gestern läuft mein pc sehr langsam. Gestern kam eine merkwürdige meldung beim surfen (einmal in arabische oder chenesiche schrift) und dann ein fenster wo steht "windows wird in kürze heruntergefahren". Ich hab dann meinen pc sofort ausgeschaltet und dann einen neustart gemacht. Da kam plötzlich ein kleiner schwarzer pfeil unten rechts (hab leider kein bild gemacht) bei meinem avira antivir system und es wechselte dann zum sidebar weiter und wieder zurück und es verschwindet dann einfach ohne irgendeine meldung. Den Avira hab ich noch nicht drüber laufen gelassen (der dauert ziemlich lange, werd ihn aber heut über nacht laufen lassen wenn es nötog noch ist). Dann hab ich mal den Malwarebytes' Anti-Malware laufen gelassen und er fand das hier: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2955 Windows 6.0.6002 Service Pack 2 20.09.2010 17:35:39 mbam-log-2010-09-20 (17-35-39).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 381464 Laufzeit: 2 hour(s), 43 minute(s), 11 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully. Und hier hab ich noch die Hijack logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50:00, on 20.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\explorer.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\Dwm.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\"Mustermann"\Alles mögliche\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Kbdinx] C:\Users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: Google Update Service (gupdate1c9d565c5b07039) (gupdate1c9d565c5b07039) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - C:\Program Files\The Cleaner\mhelper.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7407 bytes Ich hoffe ihr könnt mir helfen  Mfg Dragonhead |
|
20.09.2010, 18:40
| #2 |
| /// Malware-holic   | Vista Leerlaufprozess 99%/Trojaner-Agent update malwarebytes, starte nen komplett scan lösche funde, poste ergebnss
__________________ |
|
21.09.2010, 12:29
| #3 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Danke für die schnelle antwort
__________________Entschuldigung für den doppel post,aber irgendwie weiß ich nicht wie man den hier löscht? Geändert von Dragonhead (21.09.2010 um 12:42 Uhr) |
|
21.09.2010, 12:31
| #4 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Danke für die schnelle antowrt. Hier das Ergebnis: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4662 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 21.09.2010 13:21:09 mbam-log-2010-09-21 (13-21-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 404191 Laufzeit: 3 Stunde(n), 15 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\adtools, inc. (Adware.AdTools) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\"Mustermann"\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\"Mustermann"\AppData\Roaming\Helper\bin\liveu.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
21.09.2010, 14:30
| #5 |
| /// Malware-holic | Vista Leerlaufprozess 99%/Trojaner-Agent ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten. |
|
21.09.2010, 20:09
| #6 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 21.09.2010 17:05:56 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\"Mustermann"\Alles mögliche\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,50 Gb Total Space | 313,75 Gb Free Space | 34,42% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 9,88 Gb Free Space | 49,39% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC Current User Name: "Mustermann" Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\"Mustermann"\Alles mögliche\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\CPUCooL\CooLSRV.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\"Mustermann"\Alles mögliche\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\System32\shfolder.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (moohelp) -- C:\Program Files\The Cleaner\mhelper.exe (MooSoft Development LLC) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (CPUCooLServer) -- C:\Program Files\CPUCooL\CooLSRV.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (uxddrv) -- h:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (NTGUARD) -- C:\Program Files\aonInternetSchutz\bin\NTGUARD.SYS File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (stppp) -- C:\Windows\System32\drivers\stppp.sys (THOMSON Telecom Belgium) DRV - (ST330) -- C:\Windows\System32\drivers\st330.sys (THOMSON Telecom Belgium) DRV - (STBUS) -- C:\Windows\System32\drivers\stbus.sys (THOMSON Telecom Belgium) DRV - (STETH) -- C:\Windows\System32\drivers\steth.sys (THOMSON Telecom Belgium) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys () DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys () DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON) DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\Windows\System32\drivers\usbio.sys (Thesycon GmbH, Germany) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.21 13:44:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.20 14:21:38 | 000,000,000 | ---D | M] [2010.08.07 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Extensions [2010.09.20 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions [2010.08.07 09:13:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.06 10:45:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.07 09:12:40 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.07 09:11:47 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.08.31 18:34:24 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\foxyproxy@eric.h.jung [2010.08.07 08:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000..\Run: [Kbdinx] C:\Users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^"Mustermann"^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CPUCooL.lnk - C:\Program Files\CPUCooL\cpucool.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: Ikarus-GuardX - hkey= - key= - C:\Program Files\aonInternetSchutz\bin\guardxkickoff.exe File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Kbdinx - hkey= - key= - C:\Users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe () MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Shockwave Updater - hkey= - key= - File not found MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found MsConfig - StartUpReg: tcactive - hkey= - key= - C:\Program Files\The Cleaner\tcap.exe (MooSoft Development Inc) MsConfig - StartUpReg: Uninstall Adobe Download Manager - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F324BFBC-9F8D-F960-1206-22AADAC8C400} - Java (Sun) ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.) Drivers32: VIDC.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.09.21 17:03:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\"Mustermann"\Alles mögliche\Desktop\OTL.exe [2010.09.21 11:08:56 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Helper [2010.09.21 10:02:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.21 10:02:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.21 10:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.20 19:19:44 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Wichtig [2010.09.17 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Desktop\VideosSongs [2010.09.17 14:02:59 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Sony Creative Software [2010.09.15 12:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010.09.15 12:15:53 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\L3CODECX.AX [2010.09.15 12:15:53 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\Windows\System32\vct3216.acm [2010.09.15 12:15:53 | 000,081,920 | ---- | C] (fccHandler) -- C:\Windows\System32\AC3ACM.acm [2010.09.15 12:15:53 | 000,038,912 | ---- | C] (NCT Company) -- C:\Windows\System32\alf2cd.acm [2010.09.15 12:15:53 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\Windows\System32\Scg726.acm [2010.09.15 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2010.09.15 12:15:52 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll [2010.09.15 12:15:52 | 000,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divx.dll [2010.09.15 12:15:52 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll [2010.09.15 12:15:52 | 000,413,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg4c32.dll [2010.09.15 12:15:52 | 000,261,632 | ---- | C] (MainConcept) -- C:\Windows\System32\mcdvd_32.dll [2010.09.15 12:15:52 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divxdec.ax [2010.09.15 12:15:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.09.15 12:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2010.09.15 08:16:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.14 19:17:58 | 000,390,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfcmp15u.dll [2010.09.14 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Sytexis Software [2010.09.14 18:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\MW2CU [2010.09.14 12:59:58 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Publish Providers [2010.09.14 12:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2010.09.14 12:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010.09.14 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Sony [2010.09.14 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Local\Sony [2010.09.14 11:08:28 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Videos [2010.09.14 10:59:07 | 000,185,688 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltfil15u.dll [2010.09.14 10:59:06 | 000,488,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltkrn15u.dll [2010.09.14 10:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\WeGame [2010.09.14 10:41:21 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Local\TechSmith [2010.09.14 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Documents\Camtasia Studio [2010.09.14 10:38:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime [2010.09.14 10:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2010.09.14 10:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared [2010.09.14 10:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith [2010.09.06 12:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare [2010.09.06 10:49:28 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Documents\DownloadHelper [2010.09.05 17:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2010.09.05 16:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010.09.02 10:53:53 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2010.09.02 10:53:53 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2010.08.30 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Local\CrashRpt [2010.08.30 18:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\CoDMW2 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.21 17:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CB2FC90-7DAD-43CF-9F42-638471DE46CE}.job [2010.09.21 17:04:21 | 016,252,928 | -HS- | M] () -- C:\Users\"Mustermann"\NTUSER.DAT [2010.09.21 17:03:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\"Mustermann"\Alles mögliche\Desktop\OTL.exe [2010.09.21 16:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.21 15:22:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.21 15:22:38 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.21 13:22:41 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.21 13:22:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.21 13:22:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.21 13:21:58 | 000,524,288 | -HS- | M] () -- C:\Users\"Mustermann"\NTUSER.DAT{ec89b3f9-913f-11de-bbfc-8a01f78c602f}.TMContainer00000000000000000001.regtrans-ms [2010.09.21 13:21:58 | 000,065,536 | -HS- | M] () -- C:\Users\"Mustermann"\NTUSER.DAT{ec89b3f9-913f-11de-bbfc-8a01f78c602f}.TM.blf [2010.09.21 10:02:54 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.20 18:10:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.09.20 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2010.09.20 14:52:27 | 001,674,182 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.20 14:52:27 | 000,712,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.20 14:52:27 | 000,665,166 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.20 14:52:27 | 000,156,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.20 14:52:27 | 000,127,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.20 14:12:40 | 016,252,928 | -HS- | M] () -- C:\Users\"Mustermann"\ntuser.dat_previous [2010.09.19 18:20:34 | 000,004,688 | ---- | M] () -- C:\Users\"Mustermann"\.recently-used.xbel [2010.09.16 08:21:50 | 000,403,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.15 12:21:46 | 000,113,328 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2010.09.15 12:19:48 | 000,000,048 | ---- | M] () -- C:\Users\"Mustermann"\AppData\Roaming\AVSMediaPlayer.m3u [2010.09.14 19:18:03 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\WeGame.lnk [2010.09.14 13:01:55 | 000,000,616 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Documents\Standard.sfvidcap [2010.09.14 12:55:34 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk [2010.09.14 12:35:13 | 000,000,215 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2.url [2010.09.14 12:35:13 | 000,000,215 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url [2010.09.14 10:38:01 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2010.09.05 09:32:08 | 000,000,774 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\CCleaner.lnk [2010.08.30 19:14:26 | 000,000,004 | ---- | M] () -- C:\Users\"Mustermann"\AppData\Roaming\steam_md2.dat [2010.08.30 17:37:58 | 000,000,068 | ---- | M] () -- C:\dxerror.ini [2010.08.26 17:57:13 | 000,001,356 | ---- | M] () -- C:\Users\"Mustermann"\AppData\Local\d3d9caps.dat [2010.08.24 17:54:37 | 000,000,054 | ---- | M] () -- C:\Windows\System32\config.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.21 10:02:54 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.19 18:20:34 | 000,004,688 | ---- | C] () -- C:\Users\"Mustermann"\.recently-used.xbel [2010.09.15 12:19:48 | 000,000,048 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\AVSMediaPlayer.m3u [2010.09.15 12:15:52 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.09.15 12:15:52 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx [2010.09.15 12:15:52 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.09.15 12:15:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xvid.ax [2010.09.14 19:18:03 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\WeGame.lnk [2010.09.14 13:01:55 | 000,000,616 | ---- | C] () -- C:\Users\"Mustermann"\Alles mögliche\Documents\Standard.sfvidcap [2010.09.14 12:55:34 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk [2010.09.14 12:35:13 | 000,000,215 | ---- | C] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2.url [2010.09.14 10:38:01 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2010.09.02 13:04:36 | 000,000,215 | ---- | C] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url [2010.08.30 19:14:26 | 000,000,004 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\steam_md2.dat [2010.08.24 17:54:37 | 000,000,054 | ---- | C] () -- C:\Windows\System32\config.ini [2010.07.01 09:30:20 | 000,000,032 | ---- | C] () -- C:\Windows\CD_START.INI [2010.06.03 18:23:03 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini [2010.02.19 18:28:36 | 000,137,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.10.25 22:52:30 | 000,027,987 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\OFMissionEditorConfig.xml [2009.09.25 08:50:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.17 10:45:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.01 11:33:56 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.09.01 11:33:38 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.05.08 17:08:36 | 000,022,328 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\PnkBstrK.sys [2009.04.24 16:24:31 | 000,001,356 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Local\d3d9caps.dat [2009.04.17 16:08:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS5I.DLL [2009.04.17 15:14:10 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll [2009.04.16 18:52:26 | 000,005,632 | R--- | C] () -- C:\Users\"Mustermann"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.04.12 17:40:28 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2008.04.12 17:40:28 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009.07.11 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Activision [2010.09.15 22:20:22 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Any Video Converter [2009.04.17 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\DAEMON Tools [2009.09.11 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\DriverCure [2009.12.13 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\FUEL [2010.09.20 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\gtk-2.0 [2009.08.14 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Leadertech [2009.11.17 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\ProtectDisc [2010.09.14 12:59:58 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Publish Providers [2009.08.14 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Softplicity [2010.09.15 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sony [2010.09.17 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sony Creative Software [2010.09.14 18:36:05 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sytexis Software [2010.09.20 17:52:05 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\thecleaner [2009.04.17 21:30:19 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\TuneUp Software [2010.03.12 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Ubisoft [2009.09.11 18:58:30 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job [2010.09.20 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job [2010.01.31 01:33:14 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job [2010.09.21 13:21:37 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.21 17:09:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CB2FC90-7DAD-43CF-9F42-638471DE46CE}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.07.11 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Activision [2010.09.19 09:40:56 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Adobe [2009.08.14 14:48:43 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\AdobeUM [2010.09.15 22:20:22 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Any Video Converter [2010.04.22 12:09:39 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Apple Computer [2010.08.04 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Avira [2009.10.04 13:52:31 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Corel [2009.06.27 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\CyberLink [2009.04.17 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\DAEMON Tools [2009.09.11 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\DriverCure [2009.12.13 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\FUEL [2009.08.04 17:03:02 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Google [2010.09.20 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\gtk-2.0 [2010.09.21 11:08:57 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Helper [2009.04.15 18:09:21 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Identities [2009.11.29 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\InstallShield [2009.08.14 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Leadertech [2009.08.25 14:40:59 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Macromedia [2009.10.14 09:33:27 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Media Center Programs [2009.08.05 18:13:33 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Media Player Classic [2010.02.14 12:36:09 | 000,000,000 | --SD | M] -- C:\Users\"Mustermann"\AppData\Roaming\Microsoft [2010.08.07 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Mozilla [2009.05.23 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Nero [2009.11.17 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\ProtectDisc [2010.09.14 12:59:58 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Publish Providers [2009.04.24 16:15:07 | 000,000,000 | RH-D | M] -- C:\Users\"Mustermann"\AppData\Roaming\SecuROM [2009.08.14 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Softplicity [2010.09.15 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sony [2010.09.17 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sony Creative Software [2010.09.14 18:36:05 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sytexis Software [2010.09.20 17:52:05 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\thecleaner [2009.04.17 21:30:19 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\TuneUp Software [2010.03.12 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Ubisoft [2009.04.17 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\vlc [2009.04.17 19:53:56 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.09.20 19:38:57 | 000,278,016 | ---- | M] () -- C:\Users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe [2009.06.06 15:49:25 | 000,010,134 | R--- | M] () -- C:\Users\"Mustermann"\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.07.26 16:01:58 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\"Mustermann"\AppData\Roaming\Mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2010.03.26 13:27:03 | 000,004,608 | ---- | M] () MD5=EED7A4D972BB2F0F38E24159F67A08A4 -- C:\Users\"Mustermann"\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v7AC6EAFE\Native\STUBEXE\@WINDIR@\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys [2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys [2007.10.09 01:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.06.26 08:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
21.09.2010, 20:11
| #7 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Ich musste zweimal posten weil alles aufeinmal ist nicht gegangen war fatal error. Hier nun die Extra.txt: Code:
ATTFilter OTL Extras logfile created on: 21.09.2010 17:05:56 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\"Mustermann"\Alles mögliche\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,50 Gb Total Space | 313,75 Gb Free Space | 34,42% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,88 Gb Free Space | 49,39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC
Current User Name: "Mustermann"
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2589207096-704435142-1912266964-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0AC03D-B955-405F-BE1C-1C4028380A63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0CBB2740-7797-4C40-87FE-52BAAA5FBDBA}" = lport=138 | protocol=17 | dir=in | app=system |
"{197277BE-2255-4C66-89FA-A630231E1537}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D6A6D61-577E-43C3-8F40-02A4E43D7792}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{1E7CBCAC-D0D4-487D-835A-90EE88285CC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{3CEADC5A-13B8-4124-86C9-0582FE2F86F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41F15CA8-1482-4886-8A85-64DD03F0C70A}" = lport=137 | protocol=17 | dir=in | app=system |
"{42450527-7A49-4706-A38A-1CF54A678FE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B487672-7538-43B9-8A0E-01A8A3EEF892}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9405C1D3-4598-415E-B3A6-04BE9D723364}" = lport=445 | protocol=6 | dir=in | app=system |
"{A01DA4D3-F561-4B67-BE18-661037710BE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{B48E480C-E3E1-4FDE-ADCC-BB8B918E5C78}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{B7569D15-60F9-49BB-AE90-D1F7059B9F50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCFF2900-9531-4FB6-A24B-057251B92E3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{CFBBC703-D855-47DA-AA50-7C89F8C65609}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{D06AE19E-2106-44CC-9FF4-FDCB3555B63F}" = rport=137 | protocol=17 | dir=out | app=system |
"{D780D8AF-1B87-4A6D-9AD4-94C3B30BE9E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E60C15FC-A278-4F73-A5ED-1FC5BF39DDD6}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC44D613-A145-4884-9CFE-DAC6BAA08C37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FFC26645-4BB3-48F5-84F5-C6575B5ADF39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228EEF9-0EB5-41A5-84CE-7B3DF2E16BEB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{03A4B180-956F-4937-9C69-08AD5025D540}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05C3F502-4E86-48A0-A72F-9249FF52508A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{096248E2-500D-459E-BE0D-527AAFB7DF6D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{097F373F-B081-4EE8-93DF-6ECCCA56ECF5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{09A41AD6-6D85-43A9-B8FB-8CA382A28ADF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0EA95FBC-3D0E-4858-8E32-262530679AD2}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{12931638-B2C5-4D47-A6E2-55BCDEDDEE59}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19A8640B-527E-4E0A-BC75-B70EB2A60C21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1BA7CEE0-6648-4D9F-A180-3B2C971D8997}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C84A514-8771-4CC2-AD9E-3F2D1A54CE26}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{25DC2E74-93A9-4FDB-A4D1-2F232C24E327}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{26DA269C-29BD-4860-9F5D-89DCC1295498}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{27BACC7D-8EF3-4B59-86E7-F3604886B9BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{29B51AF0-FE4D-49CC-BC89-948B5648D538}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{2B90422F-BAE6-46A0-9E8B-CE5AACD776C8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{33F32F14-AC0F-4617-935A-0DA07A43CDD4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{34A1CE2D-1580-4584-9A2D-A597F5EDB58A}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{36ACC3D4-8CC3-4BBF-9C89-2713192099DC}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{38D0392C-1BEC-451D-B6EC-F0E1E1A6A914}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3CE35189-7B65-4C43-8F02-CF51B2B3109E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{49E1C507-A54F-4FE6-82D0-ADB9A9C878C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CDAF113-AFEB-47BA-8053-E031DAB3164C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{50592C8D-15AE-4854-94B6-001BEAB0186E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{585861A1-A03B-4B81-9F32-8ACB454C3969}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{5A9762E6-402F-4ED9-9279-95D6D22190C7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{5CD16DCF-DEA9-4010-A921-684983842771}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61703FC0-E099-43F6-8305-D8DA7BF8F800}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{6C1362A3-EE49-490F-88A0-ED4C49EB0D4B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{6ECE9DE8-C9DF-4632-B8B9-0441FF5EE412}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{6F3F3B2C-E226-4D02-A844-615C09F6FF78}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{7B00BACE-144B-4AE5-95E9-F26FF58461BD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{7C072951-E0DD-4677-A0DD-9F1958D37D33}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{835E73E3-1D4C-47B8-9E40-F68783596168}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{84321ADA-B651-41B5-9151-E6D92016D77C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{84BBEFCB-C098-42A3-92B4-68D90BC72090}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85A3D61D-E222-48F2-938E-161E77F670F3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{85C3C427-E1AF-4110-871A-075B305DFA7D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{85C494CF-F91F-44F4-8EE6-9EDAF60DA455}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{87DF3B6B-C26A-4AEB-909B-F23184DC9228}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{8EA45C2F-4153-43A9-A4A0-7CCB6D186CDD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{91DBC428-FE6F-4FAE-8BC9-02C1632DA749}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B24563B5-A6FC-4045-A18B-AD597A8370F0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{B47E7568-6128-450E-93AA-4194703134B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC1DED2A-44F3-4AE3-98C9-5D2AD975E3EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BFDCB483-145C-4A6C-8A3E-953992246471}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{C557584A-D516-4667-B30B-D29ABAA8793A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C92A3A6F-D56A-46B5-BC68-A57BB8FA5249}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{D0B6C53D-74C4-4E3F-AFA0-CFE7230E67BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4228EAF-C8A9-47D3-A03C-F15E066F3E47}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{D46F00DA-0840-475D-977B-EC79CC8B7D81}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D5A3CE42-B1DD-4362-8359-25577D8F6FAB}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{D92E91A0-084E-428C-BA8B-8AE3CE587738}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DC386F6B-57ED-449A-81BA-5BF339CDC51D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{E2E25D1B-27F5-47CD-A5A6-1AB25945B2DF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E81D9439-FE76-4134-A5A1-BCBE3A69EE16}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F2474D44-2E42-4C12-A7D8-48761B84733B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F6114DB1-9555-4F6C-89BB-C68B4D1C9153}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FAD9650D-8EC9-4CC9-93E7-90E21F70BC09}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0EA9804E-F206-4D64-831B-4AAC826E3CA7}C:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe |
"TCP Query User{216FE905-CD2E-4EDF-AC02-5C5090F166A1}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{345F7CB5-30A4-4C92-80B4-FF9E4DD5A751}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe |
"TCP Query User{3BC4C8F6-8514-41AF-99BC-1100B5A89DF9}C:\program files\codmw2\iwnetserver.exe" = protocol=6 | dir=in | app=c:\program files\codmw2\iwnetserver.exe |
"TCP Query User{65429E61-6E2E-4DD0-BCC2-BEBA1912DE73}C:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe |
"TCP Query User{7A6EDFEB-734E-4535-B765-CAA439EC4AA7}C:\program files\codmw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\codmw2\iw4mp.exe |
"TCP Query User{8C182924-5C41-4F56-9855-6E2EB3740192}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{8E86D7A4-F7D0-4A43-B2D3-BB29C4589554}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9B7C3E63-9A23-41A3-82E6-AF3093605B43}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{A3E52601-FF2D-49F6-8CF7-A7981E8B8418}C:\program files\codmw2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files\codmw2\iw4sp.exe |
"TCP Query User{A8DEB35F-D7C2-4D2E-BC39-A955ED0FE73F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B95E202E-A903-46B9-8A2C-1C4CED2BC751}C:\program files\activision\call of duty - world at war\codwaw.unpacked.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.unpacked.exe |
"TCP Query User{D7D696A0-4838-4B4E-B697-1845E82F48AD}C:\program files\codmw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\program files\codmw2\iw4mp.dat |
"TCP Query User{DBAAF117-E1C0-4F52-8943-362F9737AEEB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E3D8B12C-19F6-45B3-99E1-792A8E84AB52}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{049368ED-0F93-47BC-9743-3387E1CDAC7C}C:\program files\activision\call of duty - world at war\codwaw.unpacked.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.unpacked.exe |
"UDP Query User{0E727524-F234-46AA-B4E5-084E5171DC4B}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe |
"UDP Query User{25772720-E1FF-4246-9EBB-4259F96FE535}C:\program files\codmw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\codmw2\iw4mp.exe |
"UDP Query User{5F76A72C-AD36-46E5-9705-2B4D6F390320}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{63A47D61-243D-4DBA-8A46-8BD00D740FE2}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{63EA650A-BC5F-4E8B-8CD7-42F085DB979B}C:\program files\codmw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\program files\codmw2\iw4mp.dat |
"UDP Query User{8A03F2E0-EE10-49AF-BC6B-1B8593066E4B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9C648AA5-3EAD-4363-8715-8D7A1E9A0FDF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{AA2FBC04-835E-4FD5-A62F-CA64D421F55C}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{BF565FFB-54E6-4485-B84D-D8BD27FE7D6F}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{BF88759B-B152-4512-99DA-1F2EE8787749}C:\program files\codmw2\iwnetserver.exe" = protocol=17 | dir=in | app=c:\program files\codmw2\iwnetserver.exe |
"UDP Query User{DFFFB49E-B34E-4A8F-AA7E-E4FAC2C844FD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EBCDC180-9F5D-4686-A164-FADB118848E4}C:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe |
"UDP Query User{FEE5AAC6-F3D7-41EC-BF87-DA0FF44476D7}C:\program files\codmw2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files\codmw2\iw4sp.exe |
"UDP Query User{FFF05346-1A38-46F0-B709-70AB0169D704}C:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter_is1" = Any Video Converter 2.6.7
"ArmA2" = ArmA2 Uninstall
"Avira AntiVir Desktop" = Avira Premium Security Suite
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Bubble Puzzle '97" = Bubble Puzzle '97
"camcodec" = CamStudio Lossless Codec
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CANONBJ_Deinstall_CNMCP5I.DLL" = Canon i455
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CPUCooL" = CPUCooL (remove only)
"DX-Ball 1.09" = DX-Ball 1.09
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"Gehirnjogging 5" = Gehirnjogging 5
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JDownloader" = JDownloader
"Kakuro 25.000 Edition" = Kakuro 25.000 Edition v2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"The Cleaner_is1" = The Cleaner 2011
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.4a
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
22.09.2010, 09:55
| #8 |
| /// Malware-holic | Vista Leerlaufprozess 99%/Trojaner-Agent bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
23.09.2010, 08:39
| #9 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Hier der compofix log: Code:
ATTFilter ComboFix 10-09-21.01 - "Mustermann" 22.09.2010 12:41:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3325.2084 [GMT 2:00]
ausgeführt von:: c:\users\"Mustermann"\Alles mögliche\Desktop\ComboFix.exe
AV: aonVirenchecker *On-access scanning enabled* (Updated) {BE7BB2A0-CF28-4313-9259-FE784ADE7AEF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\STF3EC4.tmp
C:\STFCF40.tmp
c:\windows\system32\Config.ini
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-22 bis 2010-09-22 ))))))))))))))))))))))))))))))
.
2010-09-22 14:50 . 2010-09-22 14:51 -------- d-----w- c:\users\"Mustermann"\AppData\Local\temp
2010-09-22 14:50 . 2010-09-22 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-21 09:08 . 2010-09-21 09:08 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Helper
2010-09-21 08:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 08:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 08:02 . 2010-09-21 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 12:02 . 2010-09-17 12:02 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Sony Creative Software
2010-09-15 10:15 . 2010-09-16 06:28 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-15 10:15 . 2010-09-16 06:29 -------- d-----w- c:\program files\AVS4YOU
2010-09-15 10:15 . 2008-11-24 10:00 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-09-15 10:15 . 2008-11-24 10:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-09-15 10:15 . 2008-11-24 10:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-15 10:15 . 2008-11-24 10:00 638976 ----a-w- c:\windows\system32\divx.dll
2010-09-15 10:15 . 2008-11-24 10:00 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-15 10:15 . 2008-11-24 10:00 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-09-15 10:15 . 2008-11-24 10:00 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-09-15 10:15 . 2008-11-24 10:00 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-15 06:16 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:16 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:16 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:16 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 17:17 . 2009-04-06 23:43 390496 ----a-w- c:\windows\system32\Lfcmp15u.dll
2010-09-14 17:00 . 2010-09-14 17:00 -------- d-----w- c:\users\Administrator
2010-09-14 16:36 . 2010-09-14 16:36 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Sytexis Software
2010-09-14 16:05 . 2010-09-19 16:53 -------- d-----w- c:\program files\MW2CU
2010-09-14 10:59 . 2010-09-14 10:59 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Publish Providers
2010-09-14 10:55 . 2010-09-14 10:55 -------- d-----w- c:\program files\Sony
2010-09-14 10:25 . 2010-09-15 06:48 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Sony
2010-09-14 10:25 . 2010-09-14 10:25 -------- d-----w- c:\users\"Mustermann"\AppData\Local\Sony
2010-09-14 08:59 . 2009-04-06 23:43 185688 ----a-w- c:\windows\system32\Ltfil15u.dll
2010-09-14 08:59 . 2010-09-14 17:19 -------- d-----w- c:\program files\WeGame
2010-09-14 08:59 . 2009-04-06 23:43 488800 ----a-w- c:\windows\system32\Ltkrn15u.dll
2010-09-14 08:41 . 2010-09-14 08:41 -------- d-----w- c:\users\"Mustermann"\AppData\Local\TechSmith
2010-09-14 08:38 . 2010-04-07 13:10 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-09-14 08:38 . 2010-09-14 08:38 -------- d-----w- c:\windows\system32\QuickTime
2010-09-14 08:37 . 2010-09-14 08:37 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-09-14 08:37 . 2010-09-14 08:37 -------- d-----w- c:\program files\TechSmith
2010-09-05 14:26 . 2010-09-05 14:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-02 08:53 . 2010-02-18 08:51 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-09-02 08:53 . 2010-02-15 13:23 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-08-30 17:13 . 2010-08-30 17:13 -------- d-----w- c:\users\"Mustermann"\AppData\Local\CrashRpt
2010-08-30 16:02 . 2010-09-07 12:54 -------- d-----w- c:\program files\CoDMW2
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 09:11 . 2009-11-13 11:08 -------- d-----w- c:\program files\Steam
2010-09-20 17:38 . 2010-09-19 07:40 278016 ----a-w- c:\users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe
2010-09-20 15:58 . 2010-03-07 20:57 -------- d-----w- c:\program files\The Cleaner
2010-09-20 15:52 . 2010-03-07 20:57 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\thecleaner
2010-09-20 12:52 . 2009-01-20 22:18 712412 ----a-w- c:\windows\system32\perfh007.dat
2010-09-20 12:52 . 2009-01-20 22:18 156032 ----a-w- c:\windows\system32\perfc007.dat
2010-09-20 12:50 . 2009-01-22 14:41 -------- d-----w- c:\program files\Microsoft.NET
2010-09-20 12:21 . 2010-08-05 16:36 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\gtk-2.0
2010-09-17 07:16 . 2010-03-28 10:09 -------- d-----w- c:\program files\JDownloader
2010-09-16 15:34 . 2009-01-22 11:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 06:31 . 2010-05-14 15:54 -------- d-----w- c:\program files\TrueCrypt
2010-09-15 20:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 20:20 . 2009-05-16 16:06 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Any Video Converter
2010-09-15 10:21 . 2009-04-17 15:09 113328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-09-14 07:50 . 2009-08-31 16:08 -------- d-----w- c:\program files\Games
2010-09-07 13:08 . 2009-05-08 15:00 -------- d-----w- c:\program files\Ubisoft
2010-09-07 13:04 . 2009-09-01 09:24 -------- d-----w- c:\program files\Gothic III
2010-09-07 13:04 . 2010-06-03 21:27 -------- d-----w- c:\program files\WinFehler
2010-09-05 07:32 . 2009-08-24 16:16 -------- d-----w- c:\program files\CCleaner
2010-08-31 14:26 . 2010-06-03 21:13 -------- d-----w- c:\program files\Bubble
2010-08-30 17:14 . 2010-08-30 17:14 4 ----a-w- c:\users\"Mustermann"\AppData\Roaming\steam_md2.dat
2010-08-28 13:47 . 2010-02-07 08:46 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-26 15:57 . 2009-04-24 14:24 1356 ----a-w- c:\users\"Mustermann"\AppData\Local\d3d9caps.dat
2010-08-20 16:00 . 2010-02-19 16:28 137944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-20 16:00 . 2010-02-19 16:28 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-12 16:41 . 2010-08-12 16:40 -------- d-----w- c:\program files\iTunes
2010-08-12 16:40 . 2010-08-12 16:40 -------- d-----w- c:\program files\iPod
2010-08-12 16:40 . 2009-05-10 12:41 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 16:35 . 2010-08-12 16:35 -------- d-----w- c:\program files\Bonjour
2010-08-07 07:12 . 2010-08-07 07:12 -------- d-----w- c:\program files\NOS
2010-08-07 06:56 . 2010-08-07 06:56 0 ----a-w- c:\windows\nsreg.dat
2010-08-06 12:55 . 2010-08-06 09:35 -------- d-----w- c:\program files\Rockstar Games
2010-08-05 16:29 . 2010-08-05 16:29 -------- d-----w- c:\program files\oZone3D
2010-08-04 16:53 . 2010-08-04 16:53 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Avira
2010-08-03 17:55 . 2010-08-03 17:55 -------- d-----w- c:\program files\Avira
2010-08-03 16:11 . 2009-01-22 12:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-02 17:17 . 2010-08-02 17:17 -------- d-----w- c:\program files\GIMP-2.0
2010-07-26 14:01 . 2010-08-07 07:12 37184 ----a-w- c:\users\"Mustermann"\AppData\Roaming\Mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-07-26 14:01 . 2010-08-07 07:12 32032 ----a-w- c:\users\"Mustermann"\AppData\Roaming\Mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-26 06:05 . 2010-08-12 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 09:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 09:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 09:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-11-12 13:12 . 2008-11-12 13:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Kbdinx"="c:\users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe" [2010-09-20 278016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^"Mustermann"^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CPUCooL.lnk]
path=c:\users\"Mustermann"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
backup=c:\windows\pss\CPUCooL.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-08 23:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kbdinx]
2010-09-20 17:38 278016 ----a-w- c:\users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:39 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 23:08 13683232 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-25 23:08 92704 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-24 06:50 1242448 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
2010-03-29 18:22 2951680 ----a-w- c:\program files\The Cleaner\tcap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-07-26 14:01 66112 ----a-w- c:\program files\NOS\bin\getPlus_Helper_3004.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2589207096-704435142-1912266964-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9d565c5b07039;Google Update Service (gupdate1c9d565c5b07039);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 133104]
R2 moohelp;The Cleaner 2011 Helper Service;c:\program files\The Cleaner\mhelper.exe [2010-03-29 813056]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 NTGUARD;NTGUARD;c:\program files\aonInternetSchutz\bin\NTGUARD.SYS [x]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-04-17 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-04-17 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys [2009-04-17 40320]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2009-04-17 32000]
R3 uxddrv;Dynamically loaded UxdDrv;h:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
S1 ntiomin;ntiomin; [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2009-09-11 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 14:02]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 14:02]
2010-09-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{4CB2FC90-7DAD-43CF-9F42-638471DE46CE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\"Mustermann"\AppData\Roaming\Mozilla\Firefox\Profiles\ro1yhw8e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\"Mustermann"\AppData\Roaming\Mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Ikarus-GuardX - c:\program files\aonInternetSchutz\bin\guardxkickoff.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-22 16:51
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EC172B71-CA22-49BA-2B6C-D21235D1EFEF}*]
"hanihpfnnbpihekn"=hex:6a,61,6b,68,62,66,6e,68,65,6b,6e,61,70,6b,67,6f,62,6f,
70,65,00,00
"iadinpdpngbhenndik"=hex:6a,61,6b,68,62,66,6e,68,65,6b,6e,61,70,6b,67,6f,62,6f,
70,65,00,07
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\Software\SecuROM\License information*]
"datasecu"=hex:61,bf,46,6c,6b,74,31,53,e4,ab,43,56,0d,1e,ec,9f,6f,07,d1,c4,a0,
af,e7,84,9f,88,ca,2c,9c,cc,c7,70,67,f6,fd,4b,8d,4b,60,d3,61,49,ae,49,41,35,\
"rkeysecu"=hex:3a,f6,5d,03,6b,59,91,95,75,3d,18,9f,b6,9a,df,ee
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5444)
c:\program files\Microsoft Office\Office12\1031\GrooveIntlResource.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
c:\program files\Nero\Nero8\Nero BackItUp\NBShell.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
.
Zeit der Fertigstellung: 2010-09-23 00:08:22
ComboFix-quarantined-files.txt 2010-09-22 22:08
Vor Suchlauf: 11 Verzeichnis(se), 335.019.307.008 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 334.873.001.984 Bytes frei
- - End Of File - - B7E963F1DC1043B84532705A34C3AF70
|
|
23.09.2010, 10:07
| #10 |
| /// Malware-holic | Vista Leerlaufprozess 99%/Trojaner-Agent deinstaliere The Cleaner start programme zubehör editor, kopiere rein: Killall:: Rootkit:: c:\users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe Driver:: ntiomin Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kbdinx"=- datei speichern unter, ort, dort wo sich combofix.exe befindet, typ alle dateien, name cfscript.txt ziehe cfscript auf combofix, programm startet, log posten. avira guard deaktiviert lassen, öffne mein computer, c:\qoobox dort rechtsklick auf quarantain und zu quarantain.rar oder zip hinzufügen, archiv hochladen. http://www.trojaner-board.de/54791-a...ner-board.html dann eine neue otl.txt erstellen und deren inhalt posten. |
|
23.09.2010, 17:21
| #11 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Hier der Compofix log: Code:
ATTFilter ComboFix 10-09-22.06 - "Mustermann" 23.09.2010 12:53:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3325.2201 [GMT 2:00]
ausgeführt von:: c:\users\"Mustermann"\Alles mögliche\Desktop\Wichtig\Compofix\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\"Mustermann"\Alles mögliche\Desktop\Wichtig\Compofix\cfscript.txt
AV: aonVirenchecker *On-access scanning enabled* (Updated) {BE7BB2A0-CF28-4313-9259-FE784ADE7AEF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTIOMIN
-------\Service_ntiomin
((((((((((((((((((((((( Dateien erstellt von 2010-08-23 bis 2010-09-23 ))))))))))))))))))))))))))))))
.
2010-09-23 11:00 . 2010-09-23 11:02 -------- d-----w- c:\users\"Mustermann"\AppData\Local\temp
2010-09-23 11:00 . 2010-09-23 11:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-23 11:00 . 2010-09-23 11:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 11:00 . 2010-09-23 11:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-21 09:08 . 2010-09-21 09:08 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Helper
2010-09-21 08:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 08:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 08:02 . 2010-09-21 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 12:02 . 2010-09-17 12:02 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Sony Creative Software
2010-09-15 10:15 . 2010-09-16 06:28 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-15 10:15 . 2010-09-16 06:29 -------- d-----w- c:\program files\AVS4YOU
2010-09-15 10:15 . 2008-11-24 10:00 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-09-15 10:15 . 2008-11-24 10:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-09-15 10:15 . 2008-11-24 10:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-15 10:15 . 2008-11-24 10:00 638976 ----a-w- c:\windows\system32\divx.dll
2010-09-15 10:15 . 2008-11-24 10:00 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-15 10:15 . 2008-11-24 10:00 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-09-15 10:15 . 2008-11-24 10:00 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-09-15 10:15 . 2008-11-24 10:00 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-15 06:16 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:16 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:16 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:16 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 17:17 . 2009-04-06 23:43 390496 ----a-w- c:\windows\system32\Lfcmp15u.dll
2010-09-14 17:00 . 2010-09-22 22:08 -------- d-----w- c:\users\Administrator
2010-09-14 16:36 . 2010-09-14 16:36 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Sytexis Software
2010-09-14 16:05 . 2010-09-19 16:53 -------- d-----w- c:\program files\MW2CU
2010-09-14 10:59 . 2010-09-14 10:59 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Publish Providers
2010-09-14 10:55 . 2010-09-14 10:55 -------- d-----w- c:\program files\Sony
2010-09-14 10:25 . 2010-09-15 06:48 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Sony
2010-09-14 10:25 . 2010-09-14 10:25 -------- d-----w- c:\users\"Mustermann"\AppData\Local\Sony
2010-09-14 08:59 . 2009-04-06 23:43 185688 ----a-w- c:\windows\system32\Ltfil15u.dll
2010-09-14 08:59 . 2010-09-14 17:19 -------- d-----w- c:\program files\WeGame
2010-09-14 08:59 . 2009-04-06 23:43 488800 ----a-w- c:\windows\system32\Ltkrn15u.dll
2010-09-14 08:41 . 2010-09-14 08:41 -------- d-----w- c:\users\"Mustermann"\AppData\Local\TechSmith
2010-09-14 08:38 . 2010-04-07 13:10 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-09-14 08:38 . 2010-09-14 08:38 -------- d-----w- c:\windows\system32\QuickTime
2010-09-14 08:37 . 2010-09-14 08:37 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-09-14 08:37 . 2010-09-14 08:37 -------- d-----w- c:\program files\TechSmith
2010-09-05 14:26 . 2010-09-05 14:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-02 08:53 . 2010-02-18 08:51 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-09-02 08:53 . 2010-02-15 13:23 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-08-30 17:13 . 2010-08-30 17:13 -------- d-----w- c:\users\"Mustermann"\AppData\Local\CrashRpt
2010-08-30 16:02 . 2010-09-07 12:54 -------- d-----w- c:\program files\CoDMW2
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 10:31 . 2010-03-07 20:57 -------- d-----w- c:\program files\The Cleaner
2010-09-22 19:08 . 2009-11-13 11:08 -------- d-----w- c:\program files\Steam
2010-09-20 15:52 . 2010-03-07 20:57 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\thecleaner
2010-09-20 12:52 . 2009-01-20 22:18 712412 ----a-w- c:\windows\system32\perfh007.dat
2010-09-20 12:52 . 2009-01-20 22:18 156032 ----a-w- c:\windows\system32\perfc007.dat
2010-09-20 12:50 . 2009-01-22 14:41 -------- d-----w- c:\program files\Microsoft.NET
2010-09-20 12:21 . 2010-08-05 16:36 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\gtk-2.0
2010-09-17 07:16 . 2010-03-28 10:09 -------- d-----w- c:\program files\JDownloader
2010-09-16 15:34 . 2009-01-22 11:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 06:31 . 2010-05-14 15:54 -------- d-----w- c:\program files\TrueCrypt
2010-09-15 20:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 20:20 . 2009-05-16 16:06 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Any Video Converter
2010-09-15 10:21 . 2009-04-17 15:09 113328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-09-14 07:50 . 2009-08-31 16:08 -------- d-----w- c:\program files\Games
2010-09-07 13:08 . 2009-05-08 15:00 -------- d-----w- c:\program files\Ubisoft
2010-09-07 13:04 . 2009-09-01 09:24 -------- d-----w- c:\program files\Gothic III
2010-09-07 13:04 . 2010-06-03 21:27 -------- d-----w- c:\program files\WinFehler
2010-09-05 07:32 . 2009-08-24 16:16 -------- d-----w- c:\program files\CCleaner
2010-08-31 14:26 . 2010-06-03 21:13 -------- d-----w- c:\program files\Bubble
2010-08-30 17:14 . 2010-08-30 17:14 4 ----a-w- c:\users\"Mustermann"\AppData\Roaming\steam_md2.dat
2010-08-28 13:47 . 2010-02-07 08:46 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-26 15:57 . 2009-04-24 14:24 1356 ----a-w- c:\users\"Mustermann"\AppData\Local\d3d9caps.dat
2010-08-20 16:00 . 2010-02-19 16:28 137944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-20 16:00 . 2010-02-19 16:28 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-12 16:41 . 2010-08-12 16:40 -------- d-----w- c:\program files\iTunes
2010-08-12 16:40 . 2010-08-12 16:40 -------- d-----w- c:\program files\iPod
2010-08-12 16:40 . 2009-05-10 12:41 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 16:35 . 2010-08-12 16:35 -------- d-----w- c:\program files\Bonjour
2010-08-07 07:12 . 2010-08-07 07:12 -------- d-----w- c:\program files\NOS
2010-08-07 06:56 . 2010-08-07 06:56 0 ----a-w- c:\windows\nsreg.dat
2010-08-06 12:55 . 2010-08-06 09:35 -------- d-----w- c:\program files\Rockstar Games
2010-08-05 16:29 . 2010-08-05 16:29 -------- d-----w- c:\program files\oZone3D
2010-08-04 16:53 . 2010-08-04 16:53 -------- d-----w- c:\users\"Mustermann"\AppData\Roaming\Avira
2010-08-03 17:55 . 2010-08-03 17:55 -------- d-----w- c:\program files\Avira
2010-08-03 16:11 . 2009-01-22 12:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-02 17:17 . 2010-08-02 17:17 -------- d-----w- c:\program files\GIMP-2.0
2010-06-26 06:05 . 2010-08-12 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 09:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 09:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 09:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-11-12 13:12 . 2008-11-12 13:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^"Mustermann"^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CPUCooL.lnk]
path=c:\users\"Mustermann"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
backup=c:\windows\pss\CPUCooL.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-08 23:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kbdinx]
2010-09-20 17:38 278016 ----a-w- c:\users\"Mustermann"\AppData\Roaming\Adobe\Update\dlggdi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:39 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 23:08 13683232 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-25 23:08 92704 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-24 06:50 1242448 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-07-26 14:01 66112 ----a-w- c:\program files\NOS\bin\getPlus_Helper_3004.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2589207096-704435142-1912266964-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9d565c5b07039;Google Update Service (gupdate1c9d565c5b07039);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 133104]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 NTGUARD;NTGUARD;c:\program files\aonInternetSchutz\bin\NTGUARD.SYS [x]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-04-17 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-04-17 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys [2009-04-17 40320]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2009-04-17 32000]
R3 uxddrv;Dynamically loaded UxdDrv;h:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2009-09-11 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 14:02]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 14:02]
2010-09-22 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{4CB2FC90-7DAD-43CF-9F42-638471DE46CE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\"Mustermann"\AppData\Roaming\Mozilla\Firefox\Profiles\ro1yhw8e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\"Mustermann"\AppData\Roaming\Mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-tcactive - c:\program files\The Cleaner\tcap.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EC172B71-CA22-49BA-2B6C-D21235D1EFEF}*]
"hanihpfnnbpihekn"=hex:6a,61,6b,68,62,66,6e,68,65,6b,6e,61,70,6b,67,6f,62,6f,
70,65,00,00
"iadinpdpngbhenndik"=hex:6a,61,6b,68,62,66,6e,68,65,6b,6e,61,70,6b,67,6f,62,6f,
70,65,00,07
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\Software\SecuROM\License information*]
"datasecu"=hex:61,bf,46,6c,6b,74,31,53,e4,ab,43,56,0d,1e,ec,9f,6f,07,d1,c4,a0,
af,e7,84,9f,88,ca,2c,9c,cc,c7,70,67,f6,fd,4b,8d,4b,60,d3,61,49,ae,49,41,35,\
"rkeysecu"=hex:3a,f6,5d,03,6b,59,91,95,75,3d,18,9f,b6,9a,df,ee
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(3396)
c:\windows\System32\SyncCenter.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\CPUCooL\CooLSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\checkt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-23 13:12:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-23 11:11
ComboFix2.txt 2010-09-22 22:08
Vor Suchlauf: 14 Verzeichnis(se), 334.015.107.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 334.126.501.888 Bytes frei
- - End Of File - - 19EC4A071E58DA4CAFD980A2F3BD187E
|
|
23.09.2010, 17:32
| #12 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Upload erfolgreich abgeschlossen von quarantine.rar, also bast es,oder? So hier der otl log: Code:
ATTFilter OTL logfile created on: 23.09.2010 15:37:43 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\"Mustermann"\Alles mögliche\Desktop\Wichtig\OTL Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,50 Gb Total Space | 308,80 Gb Free Space | 33,88% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 9,88 Gb Free Space | 49,39% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC Current User Name: "Mustermann" Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\"Mustermann"\Alles mögliche\Desktop\Wichtig\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\CPUCooL\CooLSRV.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\"Mustermann"\Alles mögliche\Desktop\Wichtig\OTL\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (CPUCooLServer) -- C:\Program Files\CPUCooL\CooLSRV.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (uxddrv) -- h:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (NTGUARD) -- C:\Program Files\aonInternetSchutz\bin\NTGUARD.SYS File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (stppp) -- C:\Windows\System32\drivers\stppp.sys (THOMSON Telecom Belgium) DRV - (ST330) -- C:\Windows\System32\drivers\st330.sys (THOMSON Telecom Belgium) DRV - (STBUS) -- C:\Windows\System32\drivers\stbus.sys (THOMSON Telecom Belgium) DRV - (STETH) -- C:\Windows\System32\drivers\steth.sys (THOMSON Telecom Belgium) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys () DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON) DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON) DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\Windows\System32\drivers\usbio.sys (Thesycon GmbH, Germany) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.21 13:44:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.20 14:21:38 | 000,000,000 | ---D | M] [2010.08.07 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Extensions [2010.09.23 12:38:18 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions [2010.08.07 09:13:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.06 10:45:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.07 09:12:40 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.07 09:11:47 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.08.31 18:34:24 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\mozilla\Firefox\Profiles\ro1yhw8e.default\extensions\foxyproxy@eric.h.jung [2010.08.07 08:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.23 13:02:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.23 13:12:09 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.09.23 13:12:09 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Local\temp [2010.09.23 13:11:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.09.23 12:47:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.09.22 11:36:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.09.22 11:36:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.09.22 11:36:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.09.22 11:36:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.09.22 11:26:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.09.21 11:08:56 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Helper [2010.09.21 10:02:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.21 10:02:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.21 10:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.20 19:19:44 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Wichtig [2010.09.17 19:05:05 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Desktop\VideosSongs [2010.09.17 14:02:59 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Sony Creative Software [2010.09.15 12:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010.09.15 12:15:53 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\L3CODECX.AX [2010.09.15 12:15:53 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\Windows\System32\vct3216.acm [2010.09.15 12:15:53 | 000,081,920 | ---- | C] (fccHandler) -- C:\Windows\System32\AC3ACM.acm [2010.09.15 12:15:53 | 000,038,912 | ---- | C] (NCT Company) -- C:\Windows\System32\alf2cd.acm [2010.09.15 12:15:53 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\Windows\System32\Scg726.acm [2010.09.15 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2010.09.15 12:15:52 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll [2010.09.15 12:15:52 | 000,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divx.dll [2010.09.15 12:15:52 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll [2010.09.15 12:15:52 | 000,413,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg4c32.dll [2010.09.15 12:15:52 | 000,261,632 | ---- | C] (MainConcept) -- C:\Windows\System32\mcdvd_32.dll [2010.09.15 12:15:52 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divxdec.ax [2010.09.15 12:15:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.09.15 12:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2010.09.15 08:16:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.14 19:17:58 | 000,390,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfcmp15u.dll [2010.09.14 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Sytexis Software [2010.09.14 18:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\MW2CU [2010.09.14 12:59:58 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Publish Providers [2010.09.14 12:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2010.09.14 12:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010.09.14 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Roaming\Sony [2010.09.14 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Local\Sony [2010.09.14 11:08:28 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Videos [2010.09.14 10:59:07 | 000,185,688 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltfil15u.dll [2010.09.14 10:59:06 | 000,488,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltkrn15u.dll [2010.09.14 10:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\WeGame [2010.09.14 10:41:21 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Local\TechSmith [2010.09.14 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Documents\Camtasia Studio [2010.09.14 10:38:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime [2010.09.14 10:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2010.09.14 10:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared [2010.09.14 10:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith [2010.09.06 12:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare [2010.09.06 10:49:28 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\Alles mögliche\Documents\DownloadHelper [2010.09.05 17:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2010.09.05 16:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010.09.02 10:53:53 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2010.09.02 10:53:53 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2010.08.30 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\"Mustermann"\AppData\Local\CrashRpt [2010.08.30 18:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\CoDMW2 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.23 15:40:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CB2FC90-7DAD-43CF-9F42-638471DE46CE}.job [2010.09.23 15:38:26 | 016,252,928 | -HS- | M] () -- C:\Users\"Mustermann"\NTUSER.DAT [2010.09.23 15:36:17 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.23 15:36:17 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.23 15:36:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.23 15:36:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.23 15:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.23 15:35:31 | 000,524,288 | -HS- | M] () -- C:\Users\"Mustermann"\NTUSER.DAT{ec89b3f9-913f-11de-bbfc-8a01f78c602f}.TMContainer00000000000000000001.regtrans-ms [2010.09.23 15:35:31 | 000,065,536 | -HS- | M] () -- C:\Users\"Mustermann"\NTUSER.DAT{ec89b3f9-913f-11de-bbfc-8a01f78c602f}.TM.blf [2010.09.23 15:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.23 13:02:39 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.09.23 13:02:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.09.23 12:38:54 | 000,004,327 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Quarantine.rar [2010.09.23 12:27:20 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.09.22 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2010.09.21 10:02:54 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.20 14:52:27 | 001,674,182 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.20 14:52:27 | 000,712,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.20 14:52:27 | 000,665,166 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.20 14:52:27 | 000,156,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.20 14:52:27 | 000,127,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.20 14:12:40 | 016,252,928 | -HS- | M] () -- C:\Users\"Mustermann"\ntuser.dat_previous [2010.09.19 18:20:34 | 000,004,688 | ---- | M] () -- C:\Users\"Mustermann"\.recently-used.xbel [2010.09.16 08:21:50 | 000,403,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.15 12:21:46 | 000,113,328 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2010.09.15 12:19:48 | 000,000,048 | ---- | M] () -- C:\Users\"Mustermann"\AppData\Roaming\AVSMediaPlayer.m3u [2010.09.14 19:18:03 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\WeGame.lnk [2010.09.14 13:01:55 | 000,000,616 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Documents\Standard.sfvidcap [2010.09.14 12:55:34 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk [2010.09.14 12:35:13 | 000,000,215 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2.url [2010.09.14 12:35:13 | 000,000,215 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url [2010.09.14 10:38:01 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2010.09.05 09:32:08 | 000,000,774 | ---- | M] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\CCleaner.lnk [2010.08.30 19:14:26 | 000,000,004 | ---- | M] () -- C:\Users\"Mustermann"\AppData\Roaming\steam_md2.dat [2010.08.30 17:37:58 | 000,000,068 | ---- | M] () -- C:\dxerror.ini [2010.08.26 17:57:13 | 000,001,356 | ---- | M] () -- C:\Users\"Mustermann"\AppData\Local\d3d9caps.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.23 12:38:54 | 000,004,327 | ---- | C] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Quarantine.rar [2010.09.22 11:36:21 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.09.22 11:36:20 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.09.22 11:36:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.09.22 11:36:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.09.22 11:36:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.09.21 10:02:54 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.19 18:20:34 | 000,004,688 | ---- | C] () -- C:\Users\"Mustermann"\.recently-used.xbel [2010.09.15 12:19:48 | 000,000,048 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\AVSMediaPlayer.m3u [2010.09.15 12:15:52 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.09.15 12:15:52 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx [2010.09.15 12:15:52 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.09.15 12:15:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xvid.ax [2010.09.14 19:18:03 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\WeGame.lnk [2010.09.14 13:01:55 | 000,000,616 | ---- | C] () -- C:\Users\"Mustermann"\Alles mögliche\Documents\Standard.sfvidcap [2010.09.14 12:55:34 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk [2010.09.14 12:35:13 | 000,000,215 | ---- | C] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2.url [2010.09.14 10:38:01 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2010.09.02 13:04:36 | 000,000,215 | ---- | C] () -- C:\Users\"Mustermann"\Alles mögliche\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url [2010.08.30 19:14:26 | 000,000,004 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\steam_md2.dat [2010.07.01 09:30:20 | 000,000,032 | ---- | C] () -- C:\Windows\CD_START.INI [2010.06.03 18:23:03 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini [2010.02.19 18:28:36 | 000,137,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.10.25 22:52:30 | 000,027,987 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\OFMissionEditorConfig.xml [2009.09.25 08:50:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.17 10:45:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.01 11:33:56 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.09.01 11:33:38 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.05.08 17:08:36 | 000,022,328 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Roaming\PnkBstrK.sys [2009.04.24 16:24:31 | 000,001,356 | ---- | C] () -- C:\Users\"Mustermann"\AppData\Local\d3d9caps.dat [2009.04.17 16:08:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS5I.DLL [2009.04.17 15:14:10 | 000,005,606 | ---- | C] () -- C:\Windows\System32\stci.dll [2009.04.16 18:52:26 | 000,005,632 | R--- | C] () -- C:\Users\"Mustermann"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.04.12 17:40:28 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2008.04.12 17:40:28 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009.07.11 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Activision [2010.09.15 22:20:22 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Any Video Converter [2009.04.17 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\DAEMON Tools [2009.09.11 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\DriverCure [2009.12.13 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\FUEL [2010.09.20 14:21:38 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\gtk-2.0 [2009.08.14 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Leadertech [2009.11.17 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\ProtectDisc [2010.09.14 12:59:58 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Publish Providers [2009.08.14 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Softplicity [2010.09.15 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sony [2010.09.17 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sony Creative Software [2010.09.14 18:36:05 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Sytexis Software [2010.09.20 17:52:05 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\thecleaner [2009.04.17 21:30:19 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\TuneUp Software [2010.03.12 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\"Mustermann"\AppData\Roaming\Ubisoft [2009.09.11 18:58:30 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job [2010.09.22 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job [2010.01.31 01:33:14 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job [2010.09.23 15:35:19 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.23 15:40:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CB2FC90-7DAD-43CF-9F42-638471DE46CE}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Und hier die extra log: Code:
ATTFilter OTL Extras logfile created on: 23.09.2010 15:37:43 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\"Mustermann"\Alles mögliche\Desktop\Wichtig\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,50 Gb Total Space | 308,80 Gb Free Space | 33,88% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,88 Gb Free Space | 49,39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC
Current User Name: "Mustermann"
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2589207096-704435142-1912266964-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0AC03D-B955-405F-BE1C-1C4028380A63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0CBB2740-7797-4C40-87FE-52BAAA5FBDBA}" = lport=138 | protocol=17 | dir=in | app=system |
"{197277BE-2255-4C66-89FA-A630231E1537}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D6A6D61-577E-43C3-8F40-02A4E43D7792}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{1E7CBCAC-D0D4-487D-835A-90EE88285CC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{3CEADC5A-13B8-4124-86C9-0582FE2F86F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41F15CA8-1482-4886-8A85-64DD03F0C70A}" = lport=137 | protocol=17 | dir=in | app=system |
"{42450527-7A49-4706-A38A-1CF54A678FE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B487672-7538-43B9-8A0E-01A8A3EEF892}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9405C1D3-4598-415E-B3A6-04BE9D723364}" = lport=445 | protocol=6 | dir=in | app=system |
"{A01DA4D3-F561-4B67-BE18-661037710BE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{B48E480C-E3E1-4FDE-ADCC-BB8B918E5C78}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{B7569D15-60F9-49BB-AE90-D1F7059B9F50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCFF2900-9531-4FB6-A24B-057251B92E3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{CFBBC703-D855-47DA-AA50-7C89F8C65609}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{D06AE19E-2106-44CC-9FF4-FDCB3555B63F}" = rport=137 | protocol=17 | dir=out | app=system |
"{D780D8AF-1B87-4A6D-9AD4-94C3B30BE9E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E60C15FC-A278-4F73-A5ED-1FC5BF39DDD6}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC44D613-A145-4884-9CFE-DAC6BAA08C37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FFC26645-4BB3-48F5-84F5-C6575B5ADF39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228EEF9-0EB5-41A5-84CE-7B3DF2E16BEB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{03A4B180-956F-4937-9C69-08AD5025D540}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05C3F502-4E86-48A0-A72F-9249FF52508A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{096248E2-500D-459E-BE0D-527AAFB7DF6D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{097F373F-B081-4EE8-93DF-6ECCCA56ECF5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{09A41AD6-6D85-43A9-B8FB-8CA382A28ADF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0EA95FBC-3D0E-4858-8E32-262530679AD2}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{12931638-B2C5-4D47-A6E2-55BCDEDDEE59}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19A8640B-527E-4E0A-BC75-B70EB2A60C21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1BA7CEE0-6648-4D9F-A180-3B2C971D8997}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C84A514-8771-4CC2-AD9E-3F2D1A54CE26}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{25DC2E74-93A9-4FDB-A4D1-2F232C24E327}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{26DA269C-29BD-4860-9F5D-89DCC1295498}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{27BACC7D-8EF3-4B59-86E7-F3604886B9BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{29B51AF0-FE4D-49CC-BC89-948B5648D538}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{2B90422F-BAE6-46A0-9E8B-CE5AACD776C8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{33F32F14-AC0F-4617-935A-0DA07A43CDD4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{34A1CE2D-1580-4584-9A2D-A597F5EDB58A}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{36ACC3D4-8CC3-4BBF-9C89-2713192099DC}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{38D0392C-1BEC-451D-B6EC-F0E1E1A6A914}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3CE35189-7B65-4C43-8F02-CF51B2B3109E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{49E1C507-A54F-4FE6-82D0-ADB9A9C878C4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CDAF113-AFEB-47BA-8053-E031DAB3164C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{50592C8D-15AE-4854-94B6-001BEAB0186E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{585861A1-A03B-4B81-9F32-8ACB454C3969}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{5A9762E6-402F-4ED9-9279-95D6D22190C7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{5CD16DCF-DEA9-4010-A921-684983842771}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61703FC0-E099-43F6-8305-D8DA7BF8F800}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{6C1362A3-EE49-490F-88A0-ED4C49EB0D4B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{6ECE9DE8-C9DF-4632-B8B9-0441FF5EE412}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{6F3F3B2C-E226-4D02-A844-615C09F6FF78}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{7B00BACE-144B-4AE5-95E9-F26FF58461BD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{7C072951-E0DD-4677-A0DD-9F1958D37D33}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{835E73E3-1D4C-47B8-9E40-F68783596168}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{84321ADA-B651-41B5-9151-E6D92016D77C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{84BBEFCB-C098-42A3-92B4-68D90BC72090}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85A3D61D-E222-48F2-938E-161E77F670F3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{85C3C427-E1AF-4110-871A-075B305DFA7D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{85C494CF-F91F-44F4-8EE6-9EDAF60DA455}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{87DF3B6B-C26A-4AEB-909B-F23184DC9228}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{8EA45C2F-4153-43A9-A4A0-7CCB6D186CDD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{91DBC428-FE6F-4FAE-8BC9-02C1632DA749}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B24563B5-A6FC-4045-A18B-AD597A8370F0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{B47E7568-6128-450E-93AA-4194703134B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC1DED2A-44F3-4AE3-98C9-5D2AD975E3EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BFDCB483-145C-4A6C-8A3E-953992246471}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause 2 demo\justcause2.exe |
"{C557584A-D516-4667-B30B-D29ABAA8793A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C92A3A6F-D56A-46B5-BC68-A57BB8FA5249}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{D0B6C53D-74C4-4E3F-AFA0-CFE7230E67BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4228EAF-C8A9-47D3-A03C-F15E066F3E47}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{D46F00DA-0840-475D-977B-EC79CC8B7D81}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D5A3CE42-B1DD-4362-8359-25577D8F6FAB}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{D92E91A0-084E-428C-BA8B-8AE3CE587738}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DC386F6B-57ED-449A-81BA-5BF339CDC51D}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{E2E25D1B-27F5-47CD-A5A6-1AB25945B2DF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E81D9439-FE76-4134-A5A1-BCBE3A69EE16}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F2474D44-2E42-4C12-A7D8-48761B84733B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F6114DB1-9555-4F6C-89BB-C68B4D1C9153}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FAD9650D-8EC9-4CC9-93E7-90E21F70BC09}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0EA9804E-F206-4D64-831B-4AAC826E3CA7}C:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe |
"TCP Query User{216FE905-CD2E-4EDF-AC02-5C5090F166A1}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{345F7CB5-30A4-4C92-80B4-FF9E4DD5A751}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe |
"TCP Query User{3BC4C8F6-8514-41AF-99BC-1100B5A89DF9}C:\program files\codmw2\iwnetserver.exe" = protocol=6 | dir=in | app=c:\program files\codmw2\iwnetserver.exe |
"TCP Query User{65429E61-6E2E-4DD0-BCC2-BEBA1912DE73}C:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe |
"TCP Query User{7A6EDFEB-734E-4535-B765-CAA439EC4AA7}C:\program files\codmw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\codmw2\iw4mp.exe |
"TCP Query User{8C182924-5C41-4F56-9855-6E2EB3740192}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{8E86D7A4-F7D0-4A43-B2D3-BB29C4589554}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9B7C3E63-9A23-41A3-82E6-AF3093605B43}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{A3E52601-FF2D-49F6-8CF7-A7981E8B8418}C:\program files\codmw2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files\codmw2\iw4sp.exe |
"TCP Query User{A8DEB35F-D7C2-4D2E-BC39-A955ED0FE73F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B95E202E-A903-46B9-8A2C-1C4CED2BC751}C:\program files\activision\call of duty - world at war\codwaw.unpacked.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.unpacked.exe |
"TCP Query User{D7D696A0-4838-4B4E-B697-1845E82F48AD}C:\program files\codmw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\program files\codmw2\iw4mp.dat |
"TCP Query User{DBAAF117-E1C0-4F52-8943-362F9737AEEB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E3D8B12C-19F6-45B3-99E1-792A8E84AB52}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{049368ED-0F93-47BC-9743-3387E1CDAC7C}C:\program files\activision\call of duty - world at war\codwaw.unpacked.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.unpacked.exe |
"UDP Query User{0E727524-F234-46AA-B4E5-084E5171DC4B}C:\program files\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead 2\left4dead2.exe |
"UDP Query User{25772720-E1FF-4246-9EBB-4259F96FE535}C:\program files\codmw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\codmw2\iw4mp.exe |
"UDP Query User{5F76A72C-AD36-46E5-9705-2B4D6F390320}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{63A47D61-243D-4DBA-8A46-8BD00D740FE2}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{63EA650A-BC5F-4E8B-8CD7-42F085DB979B}C:\program files\codmw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\program files\codmw2\iw4mp.dat |
"UDP Query User{8A03F2E0-EE10-49AF-BC6B-1B8593066E4B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9C648AA5-3EAD-4363-8715-8D7A1E9A0FDF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{AA2FBC04-835E-4FD5-A62F-CA64D421F55C}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{BF565FFB-54E6-4485-B84D-D8BD27FE7D6F}C:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{BF88759B-B152-4512-99DA-1F2EE8787749}C:\program files\codmw2\iwnetserver.exe" = protocol=17 | dir=in | app=c:\program files\codmw2\iwnetserver.exe |
"UDP Query User{DFFFB49E-B34E-4A8F-AA7E-E4FAC2C844FD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EBCDC180-9F5D-4686-A164-FADB118848E4}C:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\of dragon rising\ofdr.exe |
"UDP Query User{FEE5AAC6-F3D7-41EC-BF87-DA0FF44476D7}C:\program files\codmw2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files\codmw2\iw4sp.exe |
"UDP Query User{FFF05346-1A38-46F0-B709-70AB0169D704}C:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\users\"Mustermann"\markus\spiele\spiele\call.of.duty.5.world.at.war\call of duty - world at war\codwaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter_is1" = Any Video Converter 2.6.7
"ArmA2" = ArmA2 Uninstall
"Avira AntiVir Desktop" = Avira Premium Security Suite
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Bubble Puzzle '97" = Bubble Puzzle '97
"camcodec" = CamStudio Lossless Codec
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CANONBJ_Deinstall_CNMCP5I.DLL" = Canon i455
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CPUCooL" = CPUCooL (remove only)
"DX-Ball 1.09" = DX-Ball 1.09
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"Gehirnjogging 5" = Gehirnjogging 5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JDownloader" = JDownloader
"Kakuro 25.000 Edition" = Kakuro 25.000 Edition v2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.4a
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2589207096-704435142-1912266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2009 11:34:31 | Computer Name = PC | Source = ESENT | ID = 485
Description = WinMail (960) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edbtmp.log" zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert
" fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.
Error - 22.12.2009 11:34:41 | Computer Name = PC | Source = ESENT | ID = 485
Description = WinMail (960) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edbtmp.log" zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert
" fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.
Error - 22.12.2009 11:34:51 | Computer Name = PC | Source = ESENT | ID = 490
Description = WinMail (960) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.
Error - 22.12.2009 11:35:01 | Computer Name = PC | Source = ESENT | ID = 485
Description = WinMail (960) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edbtmp.log" zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert
" fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.
Error - 23.12.2009 03:33:17 | Computer Name = PC | Source = ESENT | ID = 490
Description = WinMail (2524) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edb.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.
Error - 23.12.2009 03:33:26 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =
Error - 23.12.2009 03:33:27 | Computer Name = PC | Source = ESENT | ID = 485
Description = WinMail (2524) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edbtmp.log" zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert
" fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.
Error - 23.12.2009 03:33:37 | Computer Name = PC | Source = ESENT | ID = 485
Description = WinMail (2524) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edbtmp.log" zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert
" fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.
Error - 23.12.2009 03:33:48 | Computer Name = PC | Source = ESENT | ID = 490
Description = WinMail (2524) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005):
"Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von
Dateien.
Error - 23.12.2009 03:33:58 | Computer Name = PC | Source = ESENT | ID = 485
Description = WinMail (2524) WindowsMail0: Versuch, Datei "C:\Users\"Mustermann"\AppData\Local\Microsoft\Windows
Mail\edbtmp.log" zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert
" fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.
[ Media Center Events ]
Error - 13.12.2009 11:08:14 | Computer Name = PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 04.02.2010 05:38:09 | Computer Name = PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 23.09.2010 07:00:35 | Computer Name = PC | Source = Service Control Manager | ID = 7030
Description =
Error - 23.09.2010 07:00:40 | Computer Name = PC | Source = Service Control Manager | ID = 7030
Description =
Error - 23.09.2010 07:03:51 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description =
Error - 23.09.2010 07:03:51 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description =
Error - 23.09.2010 07:03:51 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.09.2010 07:03:51 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.09.2010 07:04:08 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.09.2010 07:08:34 | Computer Name = PC | Source = Service Control Manager | ID = 7022
Description =
Error - 23.09.2010 09:37:13 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description =
Error - 23.09.2010 09:37:13 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
23.09.2010, 17:45
| #13 |
| /// Malware-holic | Vista Leerlaufprozess 99%/Trojaner-Agent avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. ich weis, du nutzt die premium, doch die meisten konfigurationen sind gleich, also bitte übernehmen :-) |
|
24.09.2010, 08:15
| #14 |
| | Vista Leerlaufprozess 99%/Trojaner-Agent Ich habe Personla verwendet mirt den Konfigurationen. Ich werde dann wieder die premium verwenden und diese einstellungen übernehmen (alle wens möglich ist). Es wurden keine Funde festgestellt und wenn du dennoch einen log haben möchtest,weiß ich aber nicht wo der log bei avira antivir zu finden ist. Es funktioniert wieder alles wie es sollte. Ich sage an dieser stelle auf jedenfall DANKE zu die markusg  |
|
24.09.2010, 09:35
| #15 |
| /// Malware-holic | Vista Leerlaufprozess 99%/Trojaner-Agent der log ist unter reports zu finden. warum hast du die konfigurationen nicht für die premium übernommen, die sind doch dann gleich, außer das natürlich in der anleitung teile fehlen. aber übernimm die anleitung dann soweit für die premium bitte. |
|
| Themen zu Vista Leerlaufprozess 99%/Trojaner-Agent |
| adobe, antivir, antivir guard, avg, avira, bho, bonjour, browser, canon, defender, desktop, firefox, hijack, hijackthis, install.exe, internet, internet explorer, kein bild, mozilla, mp3, plug-in, problem, realtek, rundll, senden, software, system, vista, windows |
Linear-Darstellung
