|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.01.2011, 17:29 | #16 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Ist eigentlich kein Problem, nur bin ich bald einige Wochen unterwegs und bereinige in der Zeit nicht. Wie lange würde es ungefähr noch dauern bei dir, sonst würde ich jemanden von den "Kollegen" bitten, dir weiterhin zu helfen.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
17.01.2011, 17:43 | #17 |
| TR/Crypt.XPACK.Gen Habe wieder etwas mehr Zeit, ab Heute.
__________________Code:
ATTFilter All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Patrick ->Temp folder emptied: 37105621 bytes ->Temporary Internet Files folder emptied: 5336767 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 44968047 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3647 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6766304 bytes RecycleBin emptied: 187707 bytes Total Files Cleaned = 90,00 mb OTL by OldTimer - Version 3.2.20.1 log created on 01172011_173821 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Business Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD System Product Name: MS-7360 Logical Drives Mask: 0x000005ec Kernel Drivers (total 144): 0x8203D000 \SystemRoot\system32\ntkrnlpa.exe 0x8200A000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80472000 \SystemRoot\system32\PSHED.dll 0x80483000 \SystemRoot\system32\BOOTVID.dll 0x8048B000 \SystemRoot\system32\CLFS.SYS 0x804CC000 \SystemRoot\system32\CI.dll 0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068E000 \SystemRoot\System32\Drivers\sprx.sys 0x8078E000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x80797000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x805AC000 \SystemRoot\system32\drivers\acpi.sys 0x807BD000 \SystemRoot\system32\drivers\msisadrv.sys 0x807C5000 \SystemRoot\system32\drivers\pci.sys 0x807EC000 \SystemRoot\System32\drivers\partmgr.sys 0x82601000 \SystemRoot\system32\drivers\volmgr.sys 0x82610000 \SystemRoot\System32\drivers\volmgrx.sys 0x8265A000 \SystemRoot\system32\drivers\pciide.sys 0x82661000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8266F000 \SystemRoot\System32\drivers\mountmgr.sys 0x8267F000 \SystemRoot\system32\drivers\atapi.sys 0x82687000 \SystemRoot\system32\drivers\ataport.SYS 0x826A5000 \SystemRoot\system32\drivers\fltmgr.sys 0x826D7000 \SystemRoot\system32\drivers\fileinfo.sys 0x826E7000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AC0B000 \SystemRoot\system32\drivers\ndis.sys 0x8AD16000 \SystemRoot\system32\drivers\msrpc.sys 0x8AD41000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AE09000 \SystemRoot\System32\drivers\tcpip.sys 0x8AEF2000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B005000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B114000 \SystemRoot\system32\drivers\volsnap.sys 0x8B14D000 \SystemRoot\System32\Drivers\spldr.sys 0x8B155000 \SystemRoot\System32\Drivers\mup.sys 0x8B164000 \SystemRoot\System32\drivers\ecache.sys 0x8B18B000 \SystemRoot\system32\drivers\disk.sys 0x8B19C000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B1BD000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B1E6000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B1EF000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F20D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8F916000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8F9B5000 \SystemRoot\System32\drivers\watchdog.sys 0x8F9C2000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8AF0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8F9CD000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8F9DC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8AF4B000 \SystemRoot\system32\DRIVERS\athr.sys 0x8AD7B000 \SystemRoot\system32\DRIVERS\serial.sys 0x8F9EE000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8AD95000 \SystemRoot\system32\DRIVERS\parport.sys 0x8ADAD000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8F200000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8ADC0000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x82758000 \SystemRoot\System32\Drivers\azg4r546.SYS 0x8278E000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x827BC000 \SystemRoot\system32\DRIVERS\storport.sys 0x8ADD8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8ADE3000 \SystemRoot\system32\drivers\ScreamingBAudio.sys 0x8FA06000 \SystemRoot\system32\drivers\portcls.sys 0x8FA33000 \SystemRoot\system32\drivers\drmk.sys 0x8FA58000 \SystemRoot\system32\drivers\ks.sys 0x8FA82000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8FA99000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8FAA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8FAC7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8FAD6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8FAEA000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8FAFF000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0x8FB88000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8FB98000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8FBA3000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8FBA5000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FBAF000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FBBC000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8ADEF000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9000F000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x902E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x902EF000 \SystemRoot\System32\Drivers\Null.SYS 0x902F6000 \SystemRoot\System32\Drivers\Beep.SYS 0x90306000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x9030D000 \SystemRoot\System32\drivers\vga.sys 0x90319000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x9033A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90342000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9034A000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90355000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90363000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9036C000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90382000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9038B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x9039B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9039D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x903A5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x903B7000 \SystemRoot\system32\DRIVERS\smb.sys 0x9040F000 \SystemRoot\system32\drivers\afd.sys 0x90457000 \SystemRoot\System32\DRIVERS\netbt.sys 0x90489000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9049F000 \SystemRoot\system32\DRIVERS\netbios.sys 0x904AD000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x904C0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x904C6000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90502000 \SystemRoot\system32\drivers\nsiproxy.sys 0x9050C000 \SystemRoot\system32\drivers\csc.sys 0x90566000 \SystemRoot\System32\Drivers\dfsc.sys 0x9057D000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x905A3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x905B0000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x905BB000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x96CD0000 \SystemRoot\System32\win32k.sys 0x905C3000 \SystemRoot\System32\drivers\Dxapi.sys 0x905CD000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96EF0000 \SystemRoot\System32\TSDDD.dll 0x96F10000 \SystemRoot\System32\cdd.dll 0x905DC000 \SystemRoot\system32\drivers\luafv.sys 0x903CB000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x9D603000 \SystemRoot\system32\drivers\spsys.sys 0x9D6B2000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9D6C2000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9D6EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9D6F6000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9D709000 \SystemRoot\system32\drivers\HTTP.sys 0x9D776000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x9D77F000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D79C000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9D7B5000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9D7CA000 \SystemRoot\system32\drivers\mrxdav.sys 0x903E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9E60B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9E644000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9E65C000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9E684000 \SystemRoot\System32\DRIVERS\srv.sys 0x9E6D2000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x9E6D9000 \SystemRoot\System32\Drivers\TBPanel.SYS 0x9E6DB000 \SystemRoot\system32\drivers\peauth.sys 0x9E7B9000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9E7C3000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9E7CF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x9E7E4000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x9D7EA000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x775F0000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll Processes (total 62): 0 System Idle Process 4 System 444 C:\Windows\System32\smss.exe 560 csrss.exe 620 C:\Windows\System32\wininit.exe 628 csrss.exe 664 C:\Windows\System32\services.exe 680 C:\Windows\System32\lsass.exe 688 C:\Windows\System32\lsm.exe 808 C:\Windows\System32\winlogon.exe 892 C:\Windows\System32\svchost.exe 956 C:\Windows\System32\nvvsvc.exe 984 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1116 C:\Windows\System32\svchost.exe 1184 C:\Windows\System32\svchost.exe 1224 C:\Windows\System32\svchost.exe 1292 C:\Windows\System32\audiodg.exe 1332 C:\Windows\System32\SLsvc.exe 1488 C:\Windows\System32\svchost.exe 1524 C:\Windows\System32\rundll32.exe 1540 C:\Windows\System32\svchost.exe 1860 C:\Windows\System32\taskeng.exe 1868 C:\Windows\System32\spoolsv.exe 1928 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1956 C:\Windows\System32\svchost.exe 332 C:\Windows\System32\dwm.exe 748 C:\Windows\System32\taskeng.exe 880 C:\Windows\explorer.exe 524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2128 C:\Windows\System32\PnkBstrA.exe 2196 C:\Windows\System32\svchost.exe 2208 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2312 C:\Windows\System32\svchost.exe 2356 C:\Windows\System32\svchost.exe 2416 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2500 C:\Windows\System32\SearchIndexer.exe 2804 WUDFHost.exe 2904 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3088 C:\Windows\servicing\TrustedInstaller.exe 3316 C:\Program Files\Windows Defender\MSASCui.exe 3336 C:\Windows\System32\rundll32.exe 3360 C:\Program Files\Winamp\winampa.exe 3388 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 3428 C:\Program Files\Java\jre6\bin\jusched.exe 3436 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3444 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3508 C:\Program Files\Windows Sidebar\sidebar.exe 3528 C:\Program Files\Vtune\TBPANEL.exe 3540 C:\Program Files\DAEMON Tools Lite\daemon.exe 3548 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3556 C:\Program Files\RayV\RayV\RayV.exe 3576 C:\Program Files\ICQ7.2\ICQ.exe 3988 C:\Windows\System32\wbem\unsecapp.exe 4060 WmiPrvSE.exe 2736 C:\Program Files\Windows Sidebar\sidebar.exe 3404 WmiPrvSE.exe 3000 C:\Program Files\Mozilla Firefox\firefox.exe 3700 C:\Windows\System32\SearchProtocolHost.exe 3808 C:\Windows\System32\SearchFilterHost.exe 1112 C:\Users\Patrick\Desktop\MBRCheck.exe 3272 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
17.01.2011, 17:44 | #18 |
| TR/Crypt.XPACK.Gen Achso, ich habe nur Windows Vista installiert, sonst nichts.
__________________ |
17.01.2011, 17:58 | #19 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Dann poste bitte nochmal zwei neue OTL-Logs, Einstellungen wie oben.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
17.01.2011, 18:06 | #20 |
| TR/Crypt.XPACK.Gen OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.01.2011 18:01:05 - Run 3 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 569,81 Gb Free Space | 61,17% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe PRC - [2008.01.21 03:24:41 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:59 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (SafeList) ========== MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)" FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.11 23:20:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M] [2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2011.01.16 19:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.27 15:22:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\illimitux@illimitux.net [2010.05.27 15:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\staged-xpis [2011.01.11 17:14:46 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml [2011.01.11 17:14:46 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml [2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\progra~2\wietulopto.dat File not found O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.15 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Falkenbach [Discography] [2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.01.12 11:05:26 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 11:05:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 23:18:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google [2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira [2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.19 16:20:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Rock The Nation 2010 ========== Files - Modified Within 30 Days ========== [2011.01.17 17:41:09 | 000,080,384 | ---- | M] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.17 17:39:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.17 17:39:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.17 17:39:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.17 17:39:22 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys [2011.01.17 14:54:50 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.17 14:54:41 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.17 11:25:16 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job [2011.01.15 13:47:21 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.15 13:47:21 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.15 13:47:21 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.15 13:47:21 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.14 13:05:53 | 001,465,501 | ---- | M] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.14 12:56:43 | 000,000,852 | ---- | M] () -- C:\Users\Patrick\Desktop\mp3DirectCut.lnk [2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 22:58:19 | 000,066,560 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.01.17 17:41:27 | 000,080,384 | ---- | C] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.14 13:05:52 | 001,465,501 | ---- | C] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc [2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.12.18 21:38:34 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi [2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm [2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.28 12:05:41 | 000,066,560 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.# [2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC [2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado [2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports [2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo [2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2 [2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools [2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro [2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2011.01.17 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ [2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn [2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics [2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda [2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream [2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV [2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws [2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee [2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp [2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent [2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft [2011.01.17 17:38:31 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.17 11:25:16 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.01.2011 18:01:05 - Run 3 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 569,81 Gb Free Space | 61,17% Space Free | Partition Type: NTFS Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | "{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | "{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | "{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | "{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | "{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | "{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | "{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | "{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | "TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | "TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | "TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | "TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | "TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | "UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | "UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | "UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | "UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABC" = ABC (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink_is1" = DVD Shrink 3.2 "EADM" = EA Download Manager "FileZilla Client" = FileZilla Client 3.1.6 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free FLV Converter_is1" = Free FLV Converter V 6.6.1 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Hamachi" = Hamachi 1.0.1.5 "Hospital" = Theme Hospital "ImgBurn" = ImgBurn "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Miranda IM" = Miranda IM 0.8.27 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "RayV" = RayV "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SopCast" = SopCast 3.0.3 "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TmNationsForever_is1" = TmNationsForever "TV Sponsoren 2007" = TV Sponsoren 2007 "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "UnrealTournament" = Unreal Tournament G.O.T.Y. Edition "VLC media player" = VLC media player 1.0.5 "Vtune_is1" = Vtune 6.6 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory "Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Skat-Online V7" = Skat-Online V7 "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1020 Anfangszeit: 01cab6e7fe4ce69f Zeitpunkt der Beendigung: 6 Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e64 Anfangszeit: 01cab6e80eda6b4f Zeitpunkt der Beendigung: 2 Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 01.03.2010 07:15:25 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 16.01.2011 19:01:49 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17.01.2011 06:20:07 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016 Description = Error - 17.01.2011 06:20:19 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2011 06:20:19 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17.01.2011 06:20:57 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 17.01.2011 12:38:21 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7034 Description = Error - 17.01.2011 12:39:27 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016 Description = Error - 17.01.2011 12:39:44 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2011 12:39:44 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17.01.2011 12:40:38 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > |
17.01.2011, 18:26 | #21 | |
/// Helfer-Team | TR/Crypt.XPACK.Gen Hm, seltsam. Versuchen wir den Fix nochmal: 1.) Fixen mit OTL
2.) Rootkit Unhooker Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
Zitat:
__________________ --> TR/Crypt.XPACK.Gen |
17.01.2011, 19:16 | #22 |
| TR/Crypt.XPACK.Gen Welche xxx soll ich denn wieder in welchen Benutzernamen umändern? |
17.01.2011, 19:37 | #23 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Oh sorry, ich hab bloss vorhin vergessen den Hinweis aus der Anleitung zu entfernen
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
18.01.2011, 18:48 | #24 |
| TR/Crypt.XPACK.GenCode:
ATTFilter All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Patrick ->Temp folder emptied: 44271 bytes ->Temporary Internet Files folder emptied: 1972811 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 79698958 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 816 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 33234 bytes RecycleBin emptied: 614908 bytes Total Files Cleaned = 79,00 mb OTL by OldTimer - Version 3.2.20.1 log created on 01172011_205446 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Code:
ATTFilter RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6001 (Service Pack 1) Number of processors #2 ============================================== >Drivers ============================================== 0x8F004000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7376896 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.98 ) 0x82052000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System) 0x82052000 PnpManager 3903488 bytes 0x82052000 RAW 3903488 bytes 0x82052000 WMIxWDM 3903488 bytes 0x8FC07000 C:\Windows\system32\drivers\RTKVHDA.sys 2977792 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver) 0x96C90000 Win32k 2109440 bytes 0x96C90000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber) 0x8B00F000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT-Dateisystemtreiber) 0x8AC06000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x80695000 PCI_PNP3793 1048576 bytes 0x80695000 sptd 1048576 bytes 0x80695000 C:\Windows\System32\Drivers\spzu.sys 1048576 bytes 0x8AE00000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver) 0x804D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul) 0x9EED6000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x9D80C000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor) 0x8F70D000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8ED05000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0x8060C000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic) 0x826EB000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x9D91B000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel) 0x80417000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x90108000 C:\Windows\system32\drivers\csc.sys 368640 bytes (Microsoft Corporation, Windows Client Side Caching Driver) 0x9EE7F000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver) 0x82614000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x9000B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x805B1000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT) 0x80490000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x8278A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x8AF04000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x900C2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x8AD3C000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem) 0x9EE06000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x8B11E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber) 0x8ADC4000 C:\Windows\System32\Drivers\atyxivxv.SYS 221184 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8EDC2000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x8201F000 ACPI_HAL 208896 bytes 0x8201F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x826A9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager) 0x90053000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x8275C000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x8EC0C000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8AD11000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8EC5E000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0x9D8CB000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver) 0x9EE57000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x8B16E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x807CC000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator) 0x90179000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement) 0x8079E000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver) 0x8EC39000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x8ECAA000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x8B1A6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8FF11000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x9D9D3000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0x8FFD8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x8268B000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x9D988000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver) 0x8AEE9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x901D8000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung) 0x8F7E5000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serieller Gerätetreiber) 0x9D9A5000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x8ADAC000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x9EE3F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x8AD76000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Treiber für parallelen Anschluss) 0x90162000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x8EC88000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x8B1D0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver) 0x90085000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner) 0x8FF64000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver) 0x8FFC3000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver) 0x9D9BE000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8ECF0000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x9EFCA000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector) 0x8ECDC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x8FFAF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver) 0x8AD8E000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber) 0x9D8FF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x900A9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x8F7D3000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x8FF7A000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0x9EFDF000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x8B195000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x827E2000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x80477000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber) 0x826DB000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x8FF97000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library) 0x9D8BB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x82673000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager) 0x8ED8E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver) 0x8B000000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver) 0x901C9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver) 0x8B15F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0x80400000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver) 0x8ECCD000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x8F7C4000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x82605000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver) 0x96ED0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver) 0x9009B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8FF4D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x82665000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x9019F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x8EDB5000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8F7AC000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver) 0x80688000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0x827D6000 C:\Windows\system32\drivers\ScreamingBAudio.sys 49152 bytes (Screaming Bee LLC, Screaming Bee Audio Driver) 0x9EFBE000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8FF05000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x901AC000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes 0x8ADA1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber) 0x8ED9E000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber) 0x8FF42000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x8EC9F000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x827CB000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8F7B9000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0x901BF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8EDAB000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x9D8F5000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver) 0x900FE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x9EFB4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x8AFF1000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator) 0x9D912000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver) 0x8B1C7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver) 0x8FEDE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x8FF8E000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0x9EFF1000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x8FF5B000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0x96EB0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8B1F0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x80795000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x82683000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x80488000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x901B7000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes 0x8040F000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0x8FFA7000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber) 0x807C4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x8FF32000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8FF3A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8B157000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x8FEEE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x8FEFE000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x8FEE7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x9EECD000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM-Paralleltreiber) 0x8265E000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0x900BC000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver) 0x8EDA9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x9EED4000 C:\Windows\System32\Drivers\TBPanel.SYS 8192 bytes (Windows (R) 2000 DDK provider, Display Control Program) 0x8FF8C000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0x856EE1F8 unknown_irp_handler 3592 bytes 0x856ED1F8 unknown_irp_handler 3592 bytes 0x870CB1F8 unknown_irp_handler 3592 bytes 0x877481F8 unknown_irp_handler 3592 bytes 0x870CA1F8 unknown_irp_handler 3592 bytes 0x871271F8 unknown_irp_handler 3592 bytes 0x876D51F8 unknown_irp_handler 3592 bytes 0x877DC1F8 unknown_irp_handler 3592 bytes 0x84D5C1F8 unknown_irp_handler 3592 bytes 0x870DF1F8 unknown_irp_handler 3592 bytes 0x8711D500 unknown_irp_handler 2816 bytes 0x87958500 unknown_irp_handler 2816 bytes 0x8863D500 unknown_irp_handler 2816 bytes ============================================== >Stealth ============================================== WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys] ============================================== >Files ============================================== ============================================== >Hooks ============================================== ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x82106EEA-->82106EF1 [ntkrnlpa.exe] [1424]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll] [1424]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll] [1424]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll] [1424]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll] [1424]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll] [1636]svchost.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x010010FC-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x01001100-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: IAT modification 0x0100113C-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x01001130-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x01001118-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->RegisterServiceCtrlHandlerW, Type: IAT modification 0x01001134-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0100112C-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x01001128-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->SetEntriesInAclW, Type: IAT modification 0x0100110C-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x01001110-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->SetSecurityDescriptorGroup, Type: IAT modification 0x01001108-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->SetSecurityDescriptorOwner, Type: IAT modification 0x01001104-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->SetServiceStatus, Type: IAT modification 0x01001138-->00000000 [unknown_code_page] [1636]svchost.exe-->advapi32.dll-->StartServiceCtrlDispatcherW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x0100109C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x01001074-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x01001008-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001090-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001018-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x01001050-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x01001004-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x01001084-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x0100104C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x01001044-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x01001038-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x01001034-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001098-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001028-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0100108C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0100103C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x01001030-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x01001068-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x01001000-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001080-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0100101C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x01001010-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0100107C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001078-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x01001070-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010AC-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A4-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x01001014-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0100102C-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObject, Type: IAT modification 0x01001020-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x0100100C-->00000000 [svchost.exe.mui] [1636]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x01001060-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x01001054-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001024-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x01001088-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x01001040-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001048-->00000000 [unknown_code_page] [1636]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x0100106C-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x01001158-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100114C-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001148-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x01001160-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x0100116C-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x0100115C-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001154-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001164-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001150-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001144-->00000000 [unknown_code_page] [1636]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001168-->00000000 [unknown_code_page] [2152]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll] [2152]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll] [2152]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll] [2152]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll] |
18.01.2011, 20:50 | #25 |
/// Helfer-Team | TR/Crypt.XPACK.Gen 1.) Registry mit ERUNT sichern Bevor nötige Änderungen in der Registry gemacht werden, solltest Du ein Backup der aktuellen Registry erstellen. Bitte lade dazu das Tool ERUNT von Lars Hederer von folgendem Downloadlink herunter und installiere es. Bitte ERUNT nicht so einrichten, dass es bei jedem Systemstart läuft, das ist nicht nötig! Das Programm befindet sich dann in diesem Pfad: C:\Programme\ERUNT\erunt.exe. Doppelklicke nun die erunt.exe, beantworte die Frage, ob Du eine Sicherung erstellen willst mit OK und setze im nun aufpoppenden Fenster bei den Sicherungsoptionen alle drei Haken. Den Pfad für die Sicherung lasse am besten wie vorgegeben. Drücke wieder OK und beantworte die Frage, ob der neue Ordner erstellt werden soll mit "Ja". ERUNT erstellt nun ein Backup Deiner Registry in diesen Ordner. Wenn Du die Standardpfade genutzt hast, wirst Du die Sicherungen hier finden: C:\WINDOWS\ERDNT. Im Bedarfsfall stellst Du die Registry wieder her, indem Du die ERDNT.exe aus vorgenanntem Ordner startest. 2.) Registry editieren Start--> ausführen--> notepad (reinschreiben)--> ok Kopiere nun bitte folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "c:\ProgramData\wietulopto.dat"=-
3.) Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden). Download Mirror #1 - Download Mirror #2
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
19.01.2011, 20:10 | #26 |
| TR/Crypt.XPACK.GenCode:
ATTFilter SystemLook 04.09.10 by jpshortstuff Log created at 20:08 on 19/01/2011 by Patrick Administrator - Elevation successful ========== filefind ========== Searching for "wietulopto.dat" C:\_OTL\MovedFiles\01112011_232513\C_ProgramData\wietulopto.dat --ah--- 1857838 bytes [17:45 20/10/2010] [17:45 20/10/2010] E0ED9DAF71F29987CFD7EB097693E5E3 -= EOF =- |
19.01.2011, 20:33 | #27 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Ich geh davon aus, dass du alle Schritte durchgeführt hast, auch die wo keine Logs bei rauskommen? Poste bitte zwei neue OTL-Logfiles. Einstellungen wie sonst. Wie läuft der Rechner in der Zwischenzeit?
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
19.01.2011, 20:57 | #28 |
| TR/Crypt.XPACK.Gen OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.01.2011 20:47:13 - Run 4 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 572,70 Gb Free Space | 61,48% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | "{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | "{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | "{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | "{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | "{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | "{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | "{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | "{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | "{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | "TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | "TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | "TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | "TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | "TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | "TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | "UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | "UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | "UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | "UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | "UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | "UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | "UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | "UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | "UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | "UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | "UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | "UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | "UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | "UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2 "{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABC" = ABC (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink_is1" = DVD Shrink 3.2 "EADM" = EA Download Manager "ERUNT_is1" = ERUNT 1.1j "FileZilla Client" = FileZilla Client 3.1.6 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free FLV Converter_is1" = Free FLV Converter V 6.6.1 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Hamachi" = Hamachi 1.0.1.5 "Hospital" = Theme Hospital "ImgBurn" = ImgBurn "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Miranda IM" = Miranda IM 0.8.27 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "RayV" = RayV "Sierra-Dienstprogramme" = Sierra-Dienstprogramme "SopCast" = SopCast 3.0.3 "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TmNationsForever_is1" = TmNationsForever "TV Sponsoren 2007" = TV Sponsoren 2007 "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "UnrealTournament" = Unreal Tournament G.O.T.Y. Edition "VLC media player" = VLC media player 1.0.5 "Vtune_is1" = Vtune 6.6 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory "Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Skat-Online V7" = Skat-Online V7 "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.02.2010 07:23:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1020 Anfangszeit: 01cab6e7fe4ce69f Zeitpunkt der Beendigung: 6 Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002 Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e64 Anfangszeit: 01cab6e80eda6b4f Zeitpunkt der Beendigung: 2 Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 19.01.2011 05:29:11 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.01.2011 05:29:11 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 19.01.2011 11:26:14 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016 Description = Error - 19.01.2011 11:26:57 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.01.2011 11:27:01 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.01.2011 11:27:01 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = Error - 19.01.2011 15:05:54 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016 Description = Error - 19.01.2011 15:06:49 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.01.2011 15:07:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.01.2011 15:07:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.01.2011 20:47:13 - Run 4 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Patrick\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 572,70 Gb Free Space | 61,48% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.12 17:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winamp.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe PRC - [2008.06.12 02:47:22 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:59 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (SafeList) ========== MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)" FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.11 23:20:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M] [2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2011.01.19 19:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.01.18 19:11:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com [2011.01.18 18:56:17 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml [2011.01.18 18:56:17 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml [2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\progra~2\wietulopto.dat File not found O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.19 19:45:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE [2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\MustBeRandomlyNamed [2011.01.18 11:46:15 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Patrick\Desktop\RkU3.8.388.590.exe [2011.01.15 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Falkenbach [Discography] [2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.01.12 11:05:26 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 11:05:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 23:18:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google [2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira [2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files - Modified Within 30 Days ========== [2011.01.19 20:05:58 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.19 20:05:57 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.19 20:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.19 20:05:48 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys [2011.01.19 19:57:30 | 000,000,167 | ---- | M] () -- C:\Users\Patrick\Desktop\regfix.reg [2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job [2011.01.18 19:55:39 | 000,068,096 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.18 17:41:30 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.18 17:41:08 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.17 20:59:43 | 000,629,057 | ---- | M] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar [2011.01.17 17:41:09 | 000,080,384 | ---- | M] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.15 13:47:21 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.15 13:47:21 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.15 13:47:21 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.15 13:47:21 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.14 13:05:53 | 001,465,501 | ---- | M] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.14 12:56:43 | 000,000,852 | ---- | M] () -- C:\Users\Patrick\Desktop\mp3DirectCut.lnk [2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc [2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc ========== Files Created - No Company Name ========== [2011.01.19 19:57:30 | 000,000,167 | ---- | C] () -- C:\Users\Patrick\Desktop\regfix.reg [2011.01.18 19:18:34 | 750,239,744 | ---- | C] () -- C:\Users\Patrick\Desktop\nmp_cube.avi [2011.01.17 20:59:55 | 000,629,057 | ---- | C] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar [2011.01.17 17:41:27 | 000,080,384 | ---- | C] () -- C:\Users\Patrick\Desktop\MBRCheck.exe [2011.01.14 13:05:52 | 001,465,501 | ---- | C] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3 [2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe [2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc [2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel [2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc [2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc [2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc [2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc [2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc [2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc [2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc [2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png [2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc [2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi [2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm [2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.28 12:05:41 | 000,068,096 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.# [2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC [2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado [2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports [2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo [2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2 [2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools [2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro [2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla [2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2011.01.19 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ [2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn [2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics [2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda [2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream [2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV [2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws [2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee [2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp [2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent [2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft [2011.01.19 20:04:53 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job ========== Purity Check ========== < End of report > |
19.01.2011, 20:59 | #29 |
| TR/Crypt.XPACK.Gen Der PC läuft soweit besser und auch die Meldung taucht nicht mehr auf, stattdessen schlägt AntiVir manchmal mit irgendeiner anderen .exe an, die ebenfalls als TR/Crypt.Xpack.Gen gekennzeichnet ist. Wenn ich dann auf Remove gehe, ist ein paar Tage Ruhe und irgendwann taucht die Meldung wieder auf. |
19.01.2011, 21:28 | #30 |
/// Helfer-Team | TR/Crypt.XPACK.Gen Ich meinte oben, dass ich es gut fände, wenn du mir auch mitteilst, ob du die Schritte durchgeführt hast Sonst muss ich bald anfangen, die Glaskugel zu bedienen, denn ich kann nicht wissen, was du machst -> So gehts weiter: 1.) Scan mit SystemLook
2.) Avira Antivir - Was wurde gefunden? Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
Themen zu TR/Crypt.XPACK.Gen |
antivir, arbeiten, bereits, datei, erkennt, erscheint, folge, folgende, funktionsfähige, gestern, lösung, malware, meldung, neuling, nichts, programdata, richtig, schei, schädliche, sekunden, sofort, ständige, tr/crypt.xpack.ge, tr/crypt.xpack.gen, viren, virus, wenige |