|
Log-Analyse und Auswertung: Open-Prozedur der DLL war nicht erfolgreich - Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.10.2010, 09:32 | #1 | |
| Open-Prozedur der DLL war nicht erfolgreich - Trojaner? Hallo, Seit einer Woche friert mein PC immer wieder ein, deswegen habe ich mal in das Windows Ereignis Protokoll geschaut und festgestellt, dass zu den ungefähren Zeitpunkten der Freezes das kommt: Zitat:
Googlen hat verschiedene Threads ergeben in denen ein Zusammenhang mit Trojanern erkennbar war, z.B.: h**p://forum.chip.de/windows-xp/nerviges-wmiaprpl-problem-840467.html Ich habe aktuell Avira AntiVir und SpyBot Search & Destroy auf dem Rechner laufen, die melden beide nichts. Aus Sorge habe ich auch mal McAfee Security Scan Plus der bei vielen Produkten als kostenloser Zusatz angeboten wird drüber laufen lassen - ebenso nichts. Die Auswertung von HijackThis.de meines HijackThis Logs hat nichts gefährliches gefunden, ich poste es trotzdem: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:48:05, on 11.10.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Manuel\AppData\Local\Apps\2.0\DXTL728X.OYO\TQZ5AY4Y.EHO\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\cmd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe C:\Windows\system32\DllHost.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\McAfee Security Scan\2.0.181\mcuicnt.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - D:\Visual Studio 9\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (file missing) O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\RunOnce: [GEST] "C:\Program Files\GIGABYTE\GEST\run.exe" O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: CurseClientStartup.ccip O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A6EC1ED1-72E3-4384-93CE-8AA66E45D531}: NameServer = 192.168.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 8056 bytes Ich werde jetzt auch noch die Schritte der Load.exe durchführen. Da TFC alle Programme schließt schicke ich den Beitrag schonmal ab und werde ihn später editieren. |
17.10.2010, 14:59 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Open-Prozedur der DLL war nicht erfolgreich - Trojaner? Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
21.10.2010, 08:30 | #3 |
| Open-Prozedur der DLL war nicht erfolgreich - Trojaner? Hallo,
__________________Danke für die schnelle Antwort! Leider hat es mir zeitlich nicht mehr gereicht die Scans durchlaufen zu lassen und nun bin ich 2 Wochen nicht zu Hause. Wenn ich wieder zu Hause bin werde ich das scannen fortsetzen und die Ergebnisse in diesem Thread posten. Noch ein Hinweis: In der Anleitung http://www.trojaner-board.de/89918-l...-larusso.html, zu der man (mit ein paar Klicks) gelangt, bevor man postet steht zu Malwarebytes, dass nur ein Quick Scan durchgeführt werden soll und auch kein Hinweis dazu die Logs des Scans zu sicher o.ä. evtl. ist die Anleitung veraltet. Bis dann und "keep up the good work" :-). |
21.10.2010, 09:38 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Open-Prozedur der DLL war nicht erfolgreich - Trojaner?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.11.2010, 13:46 | #5 |
| Open-Prozedur der DLL war nicht erfolgreich - Trojaner? OTL: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 13.11.2010 13:32:40 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\*****\Desktop\MFTools Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 10,96 Gb Free Space | 22,44% Space Free | Partition Type: NTFS Drive E: | 319,27 Gb Total Space | 74,81 Gb Free Space | 23,43% Space Free | Partition Type: NTFS Computer Name: ***** | User Name: *****| Logged in as ***** Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox 3 Beta 5\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 3 Beta 5\firefox.exe (Mozilla Corporation) PRC - C:\Users\*****\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\COMODO\SafeSurf\cssurf.exe (COMODO) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll (COMODO) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\cssdll32.dll (COMODO) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found SRV - (msvsmon90) -- D:\Visual Studio 9\Common7\IDE\Remote Debugger\x86\msvsmon.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe () SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (VSPerfDrv90) -- D:\Visual Studio 9\Team Tools\Performance Tools\VSPerfDrv90.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.09\RivaTuner32.sys () DRV - (ET5Drv) -- C:\Windows\System32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation) DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation) DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation) DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 A3 80 EB 79 7E CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de|hxxp://www.die-staemme.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4 FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2010.11.01 10:31:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2010.11.01 10:31:13 | 000,000,000 | ---D | M] [2008.05.02 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.11.13 13:05:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions [2010.08.28 21:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2010.02.28 12:16:11 | 000,000,000 | ---D | M] (XPather) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899} [2010.11.06 01:46:30 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.04 01:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648} [2010.10.16 23:26:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.06 01:46:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.06 01:46:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hxnb2hy9.default\extensions\elemhidehelper@adblockplus.org [2008.09.29 13:52:09 | 000,001,840 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\hxnb2hy9.default\searchplugins\blasc---datenbank.xml [2009.08.05 17:39:49 | 000,005,349 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\hxnb2hy9.default\searchplugins\clusty.xml [2010.05.18 21:39:42 | 000,001,712 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\hxnb2hy9.default\searchplugins\linguee-de-en.xml [2010.11.07 03:11:53 | 000,002,232 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\hxnb2hy9.default\searchplugins\picktorrentcom.xml [2010.09.18 22:23:41 | 000,001,879 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\hxnb2hy9.default\searchplugins\skreemr-audio-search.xml O1 HOSTS File: ([2010.10.11 09:50:32 | 000,421,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14541 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - D:\Visual Studio 9\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll File not found O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [COMODO SafeSurf] C:\Program Files\COMODO\SafeSurf\cssurf.exe (COMODO) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Programme\Trillian\trillian.exe (Cerulean Studios) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\cssdll32.dll) - C:\Windows\System32\cssdll32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2bb3e323-2a9d-11dd-b5ce-001d7d06a81f}\Shell - "" = AutoRun O33 - MountPoints2\{2bb3e323-2a9d-11dd-b5ce-001d7d06a81f}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found O33 - MountPoints2\{309c9af5-1870-11dd-a5e5-001d7d06a81f}\Shell - "" = AutoRun O33 - MountPoints2\{309c9af5-1870-11dd-a5e5-001d7d06a81f}\Shell\AutoRun\command - "" = G:\Borderlands.exe -- File not found O33 - MountPoints2\{c3f1824e-1835-11dd-ba6b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c3f1824e-1835-11dd-ba6b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autoplay.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.02 10:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2010.11.01 10:31:00 | 000,000,000 | ---D | C] -- C:\Programme\Citrix [2010.10.30 13:35:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.10.30 13:35:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.10.17 09:44:55 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.10.17 09:29:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.10.17 09:28:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.17 09:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.17 09:28:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.17 09:28:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.17 09:26:41 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\MFTools [2010.10.17 09:26:32 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.10.17 09:26:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.17 09:24:28 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.17 09:24:27 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.17 09:24:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.17 09:24:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.17 09:24:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.17 09:24:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.17 09:24:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.17 09:24:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.17 09:24:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.17 09:24:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.17 09:24:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.17 09:24:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.17 09:24:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.17 09:24:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.17 09:24:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.17 09:24:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.17 09:24:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.17 09:24:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.17 09:24:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.17 09:24:00 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.17 09:23:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.17 09:23:39 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.17 09:23:36 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.17 09:23:35 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.16 22:21:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.10.16 22:21:46 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.10.16 22:21:46 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.10.16 22:21:46 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.10.16 22:21:46 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.16 22:21:40 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.10.16 22:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira ========== Files - Modified Within 30 Days ========== [2010.11.13 12:56:03 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.13 12:55:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.13 12:55:35 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.13 12:55:34 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.08 10:44:29 | 000,704,140 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.08 10:44:29 | 000,649,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.08 10:44:29 | 000,155,438 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.08 10:44:29 | 000,126,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.08 10:39:40 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.08 10:39:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.11.07 12:45:03 | 000,137,976 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.11.07 12:44:54 | 000,234,280 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.11.06 09:29:10 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.06 09:29:10 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.02 10:57:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010.11.01 10:43:18 | 000,002,713 | ---- | M] () -- C:\Users\Public\Desktop\Program Neighborhood Agent.lnk [2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.18 10:01:34 | 000,106,496 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.17 09:44:56 | 000,000,738 | ---- | M] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2010.10.17 09:44:56 | 000,000,719 | ---- | M] () -- C:\Users\*****\Desktop\ERUNT.lnk [2010.10.17 09:39:51 | 000,379,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.17 09:28:13 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 09:27:36 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\defogger.exe [2010.10.17 09:27:35 | 000,285,230 | ---- | M] () -- C:\Users\*****\Desktop\Gmer.zip [2010.10.16 22:35:59 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.16 22:20:57 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys ========== Files Created - No Company Name ========== [2010.11.02 10:57:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010.11.01 10:43:18 | 000,002,713 | ---- | C] () -- C:\Users\Public\Desktop\Program Neighborhood Agent.lnk [2010.10.18 15:48:18 | 000,000,619 | ---- | C] () -- C:\Users\*****\Desktop\1009_S21_Vortrag_2.pdf [2010.10.17 09:44:56 | 000,000,738 | ---- | C] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2010.10.17 09:44:56 | 000,000,719 | ---- | C] () -- C:\Users\*****\Desktop\ERUNT.lnk [2010.10.17 09:28:13 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 09:27:00 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\defogger.exe [2010.10.17 09:26:46 | 000,285,230 | ---- | C] () -- C:\Users\*****\Desktop\Gmer.zip [2010.10.16 22:35:59 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.11 09:53:58 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.09.19 14:50:51 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.09.19 14:50:50 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.09.04 07:50:03 | 000,001,249 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.04.16 09:13:48 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.09.05 13:30:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.23 16:06:44 | 000,638,976 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.08.23 15:43:46 | 000,163,840 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.03.31 21:00:14 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI [2009.03.08 23:37:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.03.08 23:37:59 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.12.22 16:11:29 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Local\PUTTY.RND [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.01 21:59:21 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2008.05.24 16:43:48 | 000,004,096 | -H-- | C] () -- C:\Users\*****\AppData\Local\keyfile3.drm [2008.05.12 22:58:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.05.03 00:28:36 | 000,106,496 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.02 19:04:08 | 000,138,056 | ---- | C] () -- C:\Users\*****\AppData\Roaming\PnkBstrK.sys [2008.05.02 19:04:08 | 000,137,976 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.05.02 18:48:56 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.05.02 12:03:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2008.05.02 12:01:15 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.11.2010 13:32:40 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\*****\Desktop\MFTools Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 10,96 Gb Free Space | 22,44% Space Free | Partition Type: NTFS Drive E: | 319,27 Gb Total Space | 74,81 Gb Free Space | 23,43% Space Free | Partition Type: NTFS Computer Name: MANUPC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 1 "DefaultInboundAction" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01922B38-1542-4F8C-93C3-0967F12B0C4A}" = lport=139 | protocol=6 | dir=in | app=system | "{2015E81A-DBAB-4023-8407-FEBA2880DEF2}" = lport=138 | protocol=17 | dir=in | app=system | "{24C5814B-6630-42CE-8153-040D8418EC71}" = lport=445 | protocol=6 | dir=in | app=system | "{2ED748FC-4C8B-4D20-A6A5-F1F4180FABC5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{30279BF0-2887-4093-ABAF-7DB4A3C92003}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{414B702B-1DA0-4926-A4D6-1C804927917D}" = lport=18229 | protocol=6 | dir=in | name=emule tcp | "{41574DE2-0290-43CE-9232-A026DB368AAD}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{4FE98232-57F5-401A-B6AB-01680AB1D813}" = lport=18239 | protocol=17 | dir=in | name=emule kad | "{53802952-88C2-4686-869E-33D933044003}" = rport=445 | protocol=6 | dir=out | app=system | "{6A84AC8A-6D0C-407E-94BB-D08AF7478501}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7B2F4856-7CFA-44B7-9952-AC7B597A2126}" = rport=138 | protocol=17 | dir=out | app=system | "{7D8A26F1-3279-44BC-BD71-ECC2D9F988EA}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | "{8A0F00DA-6063-4B7F-89F9-CB528FDB57D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8E370068-9625-454F-949B-04353C7FD14E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8EA644E7-2A1F-4528-AD9A-A87BA718713D}" = rport=139 | protocol=6 | dir=out | app=system | "{9AE62953-E556-48F5-B11E-C12F5481ED36}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B17E6B70-DA5A-4A67-A5C8-86DC3A2D8FD8}" = lport=137 | protocol=17 | dir=in | app=system | "{B91E887F-5AC8-406C-97A5-1A24BB9A0816}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | "{C9661055-7D7E-46A7-8021-F9913BFFE2B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D081CF1E-C326-47FA-ACED-F5F49B0E2476}" = rport=137 | protocol=17 | dir=out | app=system | "{D3FBB72A-116C-4E41-BF6F-B3CE028B0EA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{D62365DF-1969-47DD-BA51-DF47EABED083}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DE2ECB44-9CCA-4D29-B773-93351170D017}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F1FE44A0-61DC-422A-8721-52F21EAE265C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F7B97022-F68B-4898-B155-F2E13A869662}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004C47B0-7E0E-4F79-BBEB-FD47B8F0D9E5}" = protocol=17 | dir=in | app=e:\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe | "{044B378C-A67A-4064-A0AD-7BBEBCAB0731}" = protocol=6 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | "{058FC11B-62D8-4F09-8136-CE8B1D7DB18D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1242217E-2791-4370-818C-1DC6E84BA263}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\o0blubb0o\counter-strike source\hl2.exe | "{1C49727A-A143-4DE2-9A61-85BB9D4F8F0A}" = protocol=6 | dir=in | app=e:\öffentlich\dokumente\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{1E2B579D-BE09-47A4-825D-55685DC2DCF2}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "{253CFA08-F89C-4290-A9BB-1473C29A2076}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{26A85A11-5777-458C-9995-D6BAF0E84702}" = protocol=17 | dir=in | app=e:\spiele\streetfighteriv\streetfighteriv.exe | "{28E4A9C8-C59B-4EA7-8810-713647F8FB4F}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "{3DA5561D-1050-404E-97A1-CE0A5A4F9933}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\dawn of war 2\dow2.exe | "{484B72B2-084C-42D3-8047-0837B56F2C2B}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | "{49EE7A1C-7160-4745-B23B-ADFA610FCBF6}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | "{4ACA4CB5-B094-4C92-9456-2E4979338654}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\dawn of war 2\dow2.exe | "{4C544B95-9487-46F6-8F1C-F79DD7B11A8D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{573184DE-417A-40B9-A174-3CB8AF0BCC89}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{59232DB3-E2CD-4B71-AD1C-C2E7123B5DF9}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{5BB01F44-618A-4B92-9512-3081BA7ACDA6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{6142009C-0083-49C2-803E-95644E88A556}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{65361864-4B11-4364-8A4F-D090A90A3AF6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{673C3A2A-82FC-412A-97DD-C3CAAE0D7862}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{76702C5D-DDF4-4A5F-B7FC-22F73AA8DC9D}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\command & conquer red alert 3 demo\ra3demo.exe | "{79179DF9-626C-447E-875E-A1CD874430B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7AD75962-B98A-4B3A-A663-55B70A904AAB}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | "{7B208239-189E-4596-BD79-1958F1BA7F71}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\o0blubb0o\counter-strike\hl.exe | "{7E01A4E5-6CF9-48C8-83AB-F35513004D7D}" = protocol=17 | dir=in | app=e:\öffentlich\dokumente\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{81C330AC-3989-490D-B84B-C78AFCA00B4F}" = protocol=6 | dir=in | app=e:\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe | "{81FD396C-F08E-4C30-97E8-017E01995921}" = protocol=17 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | "{86101609-7623-4A5F-98D9-F619DC71620D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8D6EB7F2-ED7E-4DEA-9C28-4AFD8D291E06}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{8FD50435-A6F3-45B0-9160-FF78EE52FB44}" = protocol=6 | dir=in | app=e:\spiele\battlefield bad company 2\bfbc2updater.exe | "{95B6F48E-C321-4AC7-A183-09DB976D3BF9}" = protocol=6 | dir=in | app=e:\spiele\streetfighteriv\streetfighteriv.exe | "{99A0FD1C-44D0-4EF5-82EA-AA2F950F94F3}" = protocol=17 | dir=in | app=e:\spiele\fearcombat\fearmp.exe | "{9EFF9B75-2889-454A-9D17-34B0BD54C268}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9FF49B59-2B6E-4130-962B-B33E085C1E01}" = protocol=6 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | "{A4C4342F-10B7-4ACD-ACB7-6A5E02B70A2A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{A96A253D-58AF-4331-AD6E-A131137E0BBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AD33F7CA-09FD-400B-8CCB-E61F57BA89AF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B398788B-A085-43A3-82A5-2543A99F1F54}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B4CA6734-1007-43E5-AC3B-6608B1346C6B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B687424C-4ACD-4B86-8DE9-622D8B1C1681}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\o0blubb0o\counter-strike\hl.exe | "{BCBD484A-5EBA-4EB3-92C0-93733DB03175}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C6079677-EB20-4FB8-8683-A8F20178D09D}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\o0blubb0o\counter-strike source\hl2.exe | "{C7280D38-3762-4AC4-B4B3-18280CE134CA}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | "{CD45FE1D-539A-449D-9D71-57DDDD18D608}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{CF2E2D67-721E-47A3-8923-43C70FF5924C}" = protocol=17 | dir=in | app=e:\spiele\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | "{DE70DB62-7477-4506-9B30-7E66233F8083}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | "{EB27C66A-4A90-4125-A2E3-7B77773E4B11}" = protocol=6 | dir=in | app=e:\spiele\fearcombat\fearmp.exe | "{F0289D5B-2038-4EC5-8C4C-ABC388B3CD97}" = protocol=17 | dir=in | app=e:\spiele\battlefield bad company 2\bfbc2updater.exe | "{F181E62F-A6A6-46B9-871B-26DAEA6FF863}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | "{F283DD34-78F5-4707-B5AA-9CBCADA8861F}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{F9D5DEF0-226A-4BB4-84EE-102EA8CF1DC3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{FF54524A-457E-45BE-877D-C666B2A7201D}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\command & conquer red alert 3 demo\ra3demo.exe | "TCP Query User{02F7F307-91B8-4835-82A3-F66BF0239063}C:\program files\eclipse\eclipse rcp sr1\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse rcp sr1\eclipse.exe | "TCP Query User{182DC708-44D6-4863-ACA2-DA4A5E1BAA96}E:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\spiele\warcraft iii\war3.exe | "TCP Query User{1910A5FB-E385-49FA-8116-61406986CE1A}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | "TCP Query User{2D5CDE5A-CA7B-480B-8497-D828E9E33F60}C:\users\*****\appdata\local\temp\blizzard launcher temporary - 0c001878\launcher.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\blizzard launcher temporary - 0c001878\launcher.exe | "TCP Query User{362535A2-92DD-41AF-BF31-3746FAFB14B7}D:\wespeclispe\eclipse.exe" = protocol=6 | dir=in | app=d:\wespeclispe\eclipse.exe | "TCP Query User{363071BA-033A-41FB-9B25-CA9D3AB71493}C:\program files\ibm\sdp70\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\sdp70\jdk\jre\bin\javaw.exe | "TCP Query User{373C41E0-B12D-4D98-B290-8837846439C7}C:\program files\gigabyte\gest\run.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\gest\run.exe | "TCP Query User{37566125-410D-4B18-940C-F3A16FB0FE1E}C:\program files\mozilla firefox 3 beta 5\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3 beta 5\firefox.exe | "TCP Query User{41D38B53-E60C-48CD-9B3B-FB36CEBE8442}C:\program files\java\jdk1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_07\bin\java.exe | "TCP Query User{5133F1CC-67BE-4B39-9F88-7208488EF3D5}C:\program files\ibm\sdp70\runtimes\base_v61\java\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ibm\sdp70\runtimes\base_v61\java\bin\java.exe | "TCP Query User{57C3C50A-E04F-4235-B689-BF9F43A9B592}E:\spiele\farcry2\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | "TCP Query User{5A4A1CBB-0DBD-4B98-98B0-60508919155F}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | "TCP Query User{61CCF17D-E26D-48F0-9A43-5EEA92C60353}C:\program files\emule xtreme\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule xtreme\emule.exe | "TCP Query User{907B54CF-F9CE-4AA0-A54B-AFBAB252B8D6}D:\wespeclispe\eclipse.exe" = protocol=6 | dir=in | app=d:\wespeclispe\eclipse.exe | "TCP Query User{ACC9642D-E222-478C-99EE-C8F127DADA7A}E:\spiele\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{AE576312-2CD1-4D93-B065-8C38F5F905E0}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | "TCP Query User{C005DA49-8A06-4547-A131-12DE52016FDF}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{C1C1CDA3-6DB1-460F-9F75-A7691A8EF85F}E:\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule\emule.exe | "TCP Query User{C58E99CC-2AB4-4A98-ADA5-691393D68ECD}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | "TCP Query User{DF47E9A7-D6B6-480F-940F-E30C9CC297CE}E:\downloads\eclipse-rcp-ganymede-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=e:\downloads\eclipse-rcp-ganymede-win32\eclipse\eclipse.exe | "TCP Query User{DF558798-1BE4-4A70-81C2-74E82B9A5A05}E:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | "TCP Query User{E28597C0-A6F3-477E-98B4-845820622091}E:\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule\emule.exe | "TCP Query User{EDCDBB1E-7BA0-4E27-9352-6A46AD0C48CE}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{0DAE7E6E-4A9F-4FFC-9CA8-E60574F097F1}C:\program files\mozilla firefox 3 beta 5\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3 beta 5\firefox.exe | "UDP Query User{12D0A011-3842-434D-9227-7EC7C7E348FE}D:\wespeclispe\eclipse.exe" = protocol=17 | dir=in | app=d:\wespeclispe\eclipse.exe | "UDP Query User{1D7982D8-AE42-4E73-AB9E-E2C3397AAF12}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | "UDP Query User{23D022ED-1278-489B-A67F-97AFA2168715}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{26EADD47-64CC-4A91-AB15-F90191F513E9}E:\downloads\eclipse-rcp-ganymede-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=e:\downloads\eclipse-rcp-ganymede-win32\eclipse\eclipse.exe | "UDP Query User{2EBE1D52-7B37-4FBC-BCAE-0F70A28194D6}E:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\spiele\warcraft iii\war3.exe | "UDP Query User{47216D23-8469-436C-B142-F2768D80D6E2}E:\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule\emule.exe | "UDP Query User{66C9C0EE-5329-428B-890F-43F007407881}C:\program files\ibm\sdp70\runtimes\base_v61\java\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ibm\sdp70\runtimes\base_v61\java\bin\java.exe | "UDP Query User{6754ECDE-742F-4205-8F31-3C4EAB40626A}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | "UDP Query User{6BCB5B49-3E18-4E48-9B1F-5C0C5C1F0FE7}C:\program files\emule xtreme\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule xtreme\emule.exe | "UDP Query User{783A4D3D-937D-4C58-B8F0-7C4A8C189199}E:\spiele\farcry2\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | "UDP Query User{7F4E002C-C99F-4637-BAF4-6AC07C7B40A1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | "UDP Query User{81D3C87C-79E0-4D0E-8762-878835DFE140}C:\program files\java\jdk1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_07\bin\java.exe | "UDP Query User{996A40E7-CE01-4397-933B-443FEB7831F9}C:\program files\eclipse\eclipse rcp sr1\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse rcp sr1\eclipse.exe | "UDP Query User{9F8A8EBA-6CA3-46D2-B713-1AB7F5B96EA8}E:\spiele\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{A2B58C23-F1C4-4DF2-BE11-1F9A7C722752}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | "UDP Query User{A7D98564-7E39-4406-833C-40CE2EFEB588}E:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | "UDP Query User{CE8A47EC-A971-467A-9D49-9096AD1F341C}D:\wespeclispe\eclipse.exe" = protocol=17 | dir=in | app=d:\wespeclispe\eclipse.exe | "UDP Query User{DDC02128-F0AD-4A6A-9F04-3F8473F5D92A}E:\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule\emule.exe | "UDP Query User{E559B6B8-25B2-499D-9CFC-5677852B6041}C:\users\*****\appdata\local\temp\blizzard launcher temporary - 0c001878\launcher.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\blizzard launcher temporary - 0c001878\launcher.exe | "UDP Query User{E77E1844-6071-47D1-8DFC-EC37B286DFBF}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{F5D98E7E-3E73-4434-B377-52C6D38614AA}C:\program files\ibm\sdp70\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\sdp70\jdk\jre\bin\javaw.exe | "UDP Query User{FD989839-E121-4B3A-812E-3BD2BA806BD0}C:\program files\gigabyte\gest\run.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\gest\run.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05A26882-6816-4EC3-AA49-25F9F53AC3B7}" = PlaNet "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729) "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1D222324-249C-4744-8784-3377909C59B3}" = Power Toys for the Microsoft .NET Compact Framework 3.5 "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729) "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01 "{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU "{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite "{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit) "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148) "{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] "{43651afa-9eef-4988-a878-3e3c7eb3fab5}" = Nero 9 Essentials "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1 "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{703D0527-B57E-4502-AB0B-82F8E6F48C97}" = AnkhSVN 2.1.7141.181 "{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5 "{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148) "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = ODF Add-in für Microsoft Word "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools "{B28FC790-C93F-3A9C-A913-7E891487D1F1}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729.4148) "{B28FC790-C93F-3A9C-A913-7E891487D1F1}.vc_i64runtime_30729_4148" = Visual C++ 2008 IA64 Runtime - v9.0.30729.4148 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5F6D97D-96DF-42B5-B2BD-0379B6AFAFE0}" = Power Toys for Visual Studio - Resource Refactoring Tool "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29 "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "7-Zip" = 7-Zip 4.57 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1186 "CCleaner" = CCleaner "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24 "COMODO SafeSurf" = COMODO SafeSurf "DevExpress 2009.1 IDETools" = DevExpress 2009.1 IDETools "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "ERUNT_is1" = ERUNT 1.1j "GameSpy Arcade" = GameSpy Arcade "GNU Aspell_is1" = GNU Aspell 0.50-3 "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70 "Hamachi" = Hamachi 1.0.3.0 "HijackThis" = HijackThis 2.0.2 "ImgBurn" = ImgBurn "IrfanView" = IrfanView (remove only) "Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK "JDownloader" = JDownloader "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU "MiKTeX 2.7" = MiKTeX 2.7 "mIRC" = mIRC "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Mumble" = Mumble and Murmur "nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1 "nbi-tomcat-6.0.16.0.0" = Apache Tomcat 6.0.16 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OpenVPN" = OpenVPN 2.1_rc19 "PunkBusterSvc" = PunkBuster Services "RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.355 "RivaTuner" = RivaTuner v2.09 "SpeedFan" = SpeedFan (remove only) "Starcraft" = Starcraft "StarCraft II" = StarCraft II "Steam App 10" = Counter-Strike "Steam App 15620" = Warhammer 40,000: Dawn of War II "Steam App 240" = Counter-Strike: Source "Steam App 24710" = Command & Conquer Red Alert 3 Demo "Steam App 340" = Half-Life 2: Lost Coast "Steam App 440" = Team Fortress 2 "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "TreeSize Free_is1" = TreeSize Free V2.3.3 "Trillian" = Trillian "uTorrent" = µTorrent "Veoh Web Player Beta" = Veoh Web Player "Videora Android Converter" = Videora Android Converter 5.04 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VideoLAN VLC media player 0.8.6f "VP Suite 3.4" = VP Suite 3.4 "Warcraft III" = Warcraft III "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.6 "World of Warcraft" = World of Warcraft "XviD Video Codec" = XviD Video Codec (remove only) "YouTube Downloader App" = YouTube Downloader App 2.03 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "727d1ea1876aa06e" = WowAceUpdater "NoNameScript" = NNScript "RapidMiner 5" = RapidMiner 5 "RapidMiner Series Extension" = RapidMiner Series Extension "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > [/CODE] Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5020 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18975 02.11.2010 10:18:51 mbam-log-2010-11-02 (10-18-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 66398 Laufzeit: 17 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von Mannni (13.11.2010 um 13:52 Uhr) |
14.11.2010, 09:34 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Open-Prozedur der DLL war nicht erfolgreich - Trojaner?Zitat:
__________________ --> Open-Prozedur der DLL war nicht erfolgreich - Trojaner? |
Themen zu Open-Prozedur der DLL war nicht erfolgreich - Trojaner? |
alle programme, antivir, antivirus, avg, avira, bho, browser, c:\windows\system32\rundll32.exe, defender, dllfehler, explorer, freezes, hijack, htjlog, internet, internet explorer, load.exe, manuel, nvidia, openprozedur, plug-in, realtek, rundll, safer networking, scan, secur, security, security scan, senden, software, studio, system, tracker, trojaner, trojaner?, vista, visual studio, windows |