Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.01.2011, 17:29   #16
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Ist eigentlich kein Problem, nur bin ich bald einige Wochen unterwegs und bereinige in der Zeit nicht. Wie lange würde es ungefähr noch dauern bei dir, sonst würde ich jemanden von den "Kollegen" bitten, dir weiterhin zu helfen.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 17.01.2011, 17:43   #17
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Habe wieder etwas mehr Zeit, ab Heute.
Code:
ATTFilter
All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Patrick
->Temp folder emptied: 37105621 bytes
->Temporary Internet Files folder emptied: 5336767 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44968047 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3647 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6766304 bytes
RecycleBin emptied: 187707 bytes
 
Total Files Cleaned = 90,00 mb
 

 
OTL by OldTimer - Version 3.2.20.1 log created on 01172011_173821

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Business Edition
Windows Information:		Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:	MICRO-STAR INTERNATIONAL CO.,LTD
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		MICRO-STAR INTERNATIONAL CO.,LTD
System Product Name:		MS-7360
Logical Drives Mask:		0x000005ec

Kernel Drivers (total 144):
  0x8203D000 \SystemRoot\system32\ntkrnlpa.exe
  0x8200A000 \SystemRoot\system32\hal.dll
  0x8040A000 \SystemRoot\system32\kdcom.dll
  0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80472000 \SystemRoot\system32\PSHED.dll
  0x80483000 \SystemRoot\system32\BOOTVID.dll
  0x8048B000 \SystemRoot\system32\CLFS.SYS
  0x804CC000 \SystemRoot\system32\CI.dll
  0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068E000 \SystemRoot\System32\Drivers\sprx.sys
  0x8078E000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x80797000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x805AC000 \SystemRoot\system32\drivers\acpi.sys
  0x807BD000 \SystemRoot\system32\drivers\msisadrv.sys
  0x807C5000 \SystemRoot\system32\drivers\pci.sys
  0x807EC000 \SystemRoot\System32\drivers\partmgr.sys
  0x82601000 \SystemRoot\system32\drivers\volmgr.sys
  0x82610000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8265A000 \SystemRoot\system32\drivers\pciide.sys
  0x82661000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8266F000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8267F000 \SystemRoot\system32\drivers\atapi.sys
  0x82687000 \SystemRoot\system32\drivers\ataport.SYS
  0x826A5000 \SystemRoot\system32\drivers\fltmgr.sys
  0x826D7000 \SystemRoot\system32\drivers\fileinfo.sys
  0x826E7000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AC0B000 \SystemRoot\system32\drivers\ndis.sys
  0x8AD16000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AD41000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AE09000 \SystemRoot\System32\drivers\tcpip.sys
  0x8AEF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B005000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B114000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B14D000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B155000 \SystemRoot\System32\Drivers\mup.sys
  0x8B164000 \SystemRoot\System32\drivers\ecache.sys
  0x8B18B000 \SystemRoot\system32\drivers\disk.sys
  0x8B19C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B1BD000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8B1E6000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8B1EF000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F20D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8F916000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F9B5000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F9C2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8AF0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F9CD000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F9DC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8AF4B000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8AD7B000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8F9EE000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8AD95000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8ADAD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8ADC0000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x82758000 \SystemRoot\System32\Drivers\azg4r546.SYS
  0x8278E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x827BC000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8ADD8000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8ADE3000 \SystemRoot\system32\drivers\ScreamingBAudio.sys
  0x8FA06000 \SystemRoot\system32\drivers\portcls.sys
  0x8FA33000 \SystemRoot\system32\drivers\drmk.sys
  0x8FA58000 \SystemRoot\system32\drivers\ks.sys
  0x8FA82000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8FA99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8FAA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8FAC7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8FAD6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8FAEA000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8FAFF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0x8FB88000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FB98000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8FBA3000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8FBA5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8FBAF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8FBBC000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8ADEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9000F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x902E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x902EF000 \SystemRoot\System32\Drivers\Null.SYS
  0x902F6000 \SystemRoot\System32\Drivers\Beep.SYS
  0x90306000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9030D000 \SystemRoot\System32\drivers\vga.sys
  0x90319000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x9033A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x90342000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9034A000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x90355000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90363000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9036C000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90382000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9038B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9039B000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x9039D000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x903A5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x903B7000 \SystemRoot\system32\DRIVERS\smb.sys
  0x9040F000 \SystemRoot\system32\drivers\afd.sys
  0x90457000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90489000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x9049F000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x904AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x904C0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x904C6000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90502000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9050C000 \SystemRoot\system32\drivers\csc.sys
  0x90566000 \SystemRoot\System32\Drivers\dfsc.sys
  0x9057D000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x905A3000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x905B0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x905BB000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x96CD0000 \SystemRoot\System32\win32k.sys
  0x905C3000 \SystemRoot\System32\drivers\Dxapi.sys
  0x905CD000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96EF0000 \SystemRoot\System32\TSDDD.dll
  0x96F10000 \SystemRoot\System32\cdd.dll
  0x905DC000 \SystemRoot\system32\drivers\luafv.sys
  0x903CB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9D603000 \SystemRoot\system32\drivers\spsys.sys
  0x9D6B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9D6C2000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9D6EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9D6F6000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9D709000 \SystemRoot\system32\drivers\HTTP.sys
  0x9D776000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x9D77F000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D79C000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D7B5000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D7CA000 \SystemRoot\system32\drivers\mrxdav.sys
  0x903E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9E60B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9E644000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9E65C000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E684000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E6D2000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0x9E6D9000 \SystemRoot\System32\Drivers\TBPanel.SYS
  0x9E6DB000 \SystemRoot\system32\drivers\peauth.sys
  0x9E7B9000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9E7C3000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9E7CF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x9E7E4000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x9D7EA000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x775F0000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 62):
       0 System Idle Process
       4 System
     444 C:\Windows\System32\smss.exe
     560 csrss.exe
     620 C:\Windows\System32\wininit.exe
     628 csrss.exe
     664 C:\Windows\System32\services.exe
     680 C:\Windows\System32\lsass.exe
     688 C:\Windows\System32\lsm.exe
     808 C:\Windows\System32\winlogon.exe
     892 C:\Windows\System32\svchost.exe
     956 C:\Windows\System32\nvvsvc.exe
     984 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\audiodg.exe
    1332 C:\Windows\System32\SLsvc.exe
    1488 C:\Windows\System32\svchost.exe
    1524 C:\Windows\System32\rundll32.exe
    1540 C:\Windows\System32\svchost.exe
    1860 C:\Windows\System32\taskeng.exe
    1868 C:\Windows\System32\spoolsv.exe
    1928 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1956 C:\Windows\System32\svchost.exe
     332 C:\Windows\System32\dwm.exe
     748 C:\Windows\System32\taskeng.exe
     880 C:\Windows\explorer.exe
     524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2128 C:\Windows\System32\PnkBstrA.exe
    2196 C:\Windows\System32\svchost.exe
    2208 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2312 C:\Windows\System32\svchost.exe
    2356 C:\Windows\System32\svchost.exe
    2416 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2500 C:\Windows\System32\SearchIndexer.exe
    2804 WUDFHost.exe
    2904 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3088 C:\Windows\servicing\TrustedInstaller.exe
    3316 C:\Program Files\Windows Defender\MSASCui.exe
    3336 C:\Windows\System32\rundll32.exe
    3360 C:\Program Files\Winamp\winampa.exe
    3388 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3428 C:\Program Files\Java\jre6\bin\jusched.exe
    3436 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    3444 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3508 C:\Program Files\Windows Sidebar\sidebar.exe
    3528 C:\Program Files\Vtune\TBPANEL.exe
    3540 C:\Program Files\DAEMON Tools Lite\daemon.exe
    3548 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    3556 C:\Program Files\RayV\RayV\RayV.exe
    3576 C:\Program Files\ICQ7.2\ICQ.exe
    3988 C:\Windows\System32\wbem\unsecapp.exe
    4060 WmiPrvSE.exe
    2736 C:\Program Files\Windows Sidebar\sidebar.exe
    3404 WmiPrvSE.exe
    3000 C:\Program Files\Mozilla Firefox\firefox.exe
    3700 C:\Windows\System32\SearchProtocolHost.exe
    3808 C:\Windows\System32\SearchFilterHost.exe
    1112 C:\Users\Patrick\Desktop\MBRCheck.exe
    3272 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         
__________________


Alt 17.01.2011, 17:44   #18
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Achso, ich habe nur Windows Vista installiert, sonst nichts.
__________________

Alt 17.01.2011, 17:58   #19
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Dann poste bitte nochmal zwei neue OTL-Logs, Einstellungen wie oben.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 17.01.2011, 18:06   #20
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.01.2011 18:01:05 - Run 3
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 569,81 Gb Free Space | 61,17% Space Free | Partition Type: NTFS
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe
PRC - [2008.01.21 03:24:41 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:59 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.11 23:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M]
 
[2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions
[2011.01.16 19:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.27 15:22:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\illimitux@illimitux.net
[2010.05.27 15:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\staged-xpis
[2011.01.11 17:14:46 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml
[2011.01.11 17:14:46 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml
[2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\progra~2\wietulopto.dat File not found
O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.15 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Falkenbach [Discography]
[2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.01.12 11:05:26 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 11:05:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 23:18:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google
[2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira
[2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.19 16:20:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Rock The Nation 2010
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.17 17:41:09 | 000,080,384 | ---- | M] () -- C:\Users\Patrick\Desktop\MBRCheck.exe
[2011.01.17 17:39:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.17 17:39:29 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.17 17:39:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.17 17:39:22 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.17 14:54:50 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.17 14:54:41 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.01.17 11:25:16 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
[2011.01.15 13:47:21 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.15 13:47:21 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.15 13:47:21 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.15 13:47:21 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.14 13:05:53 | 001,465,501 | ---- | M] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3
[2011.01.14 12:56:43 | 000,000,852 | ---- | M] () -- C:\Users\Patrick\Desktop\mp3DirectCut.lnk
[2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe
[2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc
[2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 22:58:19 | 000,066,560 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.01.17 17:41:27 | 000,080,384 | ---- | C] () -- C:\Users\Patrick\Desktop\MBRCheck.exe
[2011.01.14 13:05:52 | 001,465,501 | ---- | C] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3
[2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe
[2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc
[2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
[2010.12.18 21:38:34 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi
[2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm
[2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.28 12:05:41 | 000,066,560 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.#
[2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC
[2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado
[2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports
[2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo
[2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2
[2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools
[2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla
[2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0
[2011.01.17 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ
[2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn
[2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech
[2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics
[2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda
[2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream
[2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV
[2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws
[2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee
[2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp
[2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent
[2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft
[2011.01.17 17:38:31 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.17 11:25:16 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.01.2011 18:01:05 - Run 3
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 569,81 Gb Free Space | 61,17% Space Free | Partition Type: NTFS
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
"TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.1.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Hamachi" = Hamachi 1.0.1.5
"Hospital" = Theme Hospital
"ImgBurn" = ImgBurn
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RayV" = RayV
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SopCast" = SopCast 3.0.3
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TV Sponsoren 2007" = TV Sponsoren 2007
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VLC media player" = VLC media player 1.0.5
"Vtune_is1" = Vtune 6.6
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V7" = Skat-Online V7
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1020  Anfangszeit: 01cab6e7fe4ce69f  Zeitpunkt der Beendigung:
 6
 
Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: e64  Anfangszeit: 01cab6e80eda6b4f  Zeitpunkt der Beendigung:
 2
 
Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.03.2010 07:15:25 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.01.2011 19:01:49 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.01.2011 06:20:07 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.01.2011 06:20:19 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2011 06:20:19 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.01.2011 06:20:57 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 17.01.2011 12:38:21 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17.01.2011 12:39:27 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.01.2011 12:39:44 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2011 12:39:44 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.01.2011 12:40:38 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---


Alt 17.01.2011, 18:26   #21
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Hm, seltsam. Versuchen wir den Fix nochmal:


1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Denke daran die xxx wieder in deinen Benutzernamen zu ändern!

    Code:
    ATTFilter
    :OTL
    O20 – Winlogon\Notify\SensLogn: DllName – c:\progra~2\wietulopto.dat – c:\ProgramData\wietulopto.dat ()c:\progra~2\wietulopto.dat File not found
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.




2.) Rootkit Unhooker
Downloade Dir bitte RKUnhookerLE
und speichere die Datei auf deinem Desktop.
  • Entpacke die .rar Datei auf deinem Desktop. ( Rechtsklick --> hier entpacken )
    Solltes du keine Zip Software auf deinem Rechner haben downloade dir bitte 7zip und installiere es.
  • Öffne den neuen Ordner und starte die RKU3.8.388.590.exe.
  • Wähle als Sprache English und installiere RKU im vorgegebenen Pfad.
  • Trenne Dich vom Internet ( Wlan nicht vergessen ), deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
  • Start --> Alle Programme und im Ordner Rootkit Unhooker LE die Datei RKU starten.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Klicke auf den Report Tab und danach auf Scan
  • Setze ein Häckchen bei
    • Drivers
    • Stealth Code
    • Files
    • Code Hooks
    Entferne alle anderen Hacken
  • Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
  • Klicke OK
  • Wenn der Scan beendet wurde
    File --> Save Report
    klicken.
  • Speichere die Datei als RKU.txt auf dem Desktop.
  • Klicke Close
Hinweis: Solltest Du folgende Warnung bekommen
Zitat:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Klicke auf OK
__________________
--> TR/Crypt.XPACK.Gen

Alt 17.01.2011, 19:16   #22
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Welche xxx soll ich denn wieder in welchen Benutzernamen umändern?

Alt 17.01.2011, 19:37   #23
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Oh sorry, ich hab bloss vorhin vergessen den Hinweis aus der Anleitung zu entfernen
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 18.01.2011, 18:48   #24
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Code:
ATTFilter
All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Patrick
->Temp folder emptied: 44271 bytes
->Temporary Internet Files folder emptied: 1972811 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79698958 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 816 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33234 bytes
RecycleBin emptied: 614908 bytes
 
Total Files Cleaned = 79,00 mb
 

 
OTL by OldTimer - Version 3.2.20.1 log created on 01172011_205446

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F004000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7376896 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.98 )
0x82052000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82052000 PnpManager 3903488 bytes
0x82052000 RAW 3903488 bytes
0x82052000 WMIxWDM 3903488 bytes
0x8FC07000 C:\Windows\system32\drivers\RTKVHDA.sys 2977792 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x96C90000 Win32k 2109440 bytes
0x96C90000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x8B00F000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x8AC06000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x80695000 PCI_PNP3793 1048576 bytes
0x80695000 sptd 1048576 bytes
0x80695000 C:\Windows\System32\Drivers\spzu.sys 1048576 bytes
0x8AE00000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul)
0x9EED6000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9D80C000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8F70D000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8ED05000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8060C000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x826EB000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9D91B000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x80417000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x90108000 C:\Windows\system32\drivers\csc.sys 368640 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x9EE7F000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x82614000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9000B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x805B1000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x80490000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8278A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8AF04000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x900C2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8AD3C000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9EE06000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B11E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x8ADC4000 C:\Windows\System32\Drivers\atyxivxv.SYS 221184 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8EDC2000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8201F000 ACPI_HAL 208896 bytes
0x8201F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x826A9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x90053000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8275C000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8EC0C000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AD11000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8EC5E000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D8CB000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9EE57000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8B16E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x807CC000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0x90179000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8079E000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8EC39000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8ECAA000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8B1A6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8FF11000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9D9D3000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8FFD8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8268B000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9D988000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8AEE9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x901D8000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x8F7E5000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serieller Gerätetreiber)
0x9D9A5000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8ADAC000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9EE3F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8AD76000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Treiber für parallelen Anschluss)
0x90162000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EC88000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8B1D0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x90085000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner)
0x8FF64000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8FFC3000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x9D9BE000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8ECF0000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9EFCA000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8ECDC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FFAF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8AD8E000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0x9D8FF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x900A9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F7D3000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8FF7A000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9EFDF000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B195000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x827E2000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80477000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x826DB000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FF97000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9D8BB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82673000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8ED8E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8B000000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x901C9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B15F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80400000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8ECCD000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F7C4000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82605000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x96ED0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9009B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FF4D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82665000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x9019F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EDB5000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8F7AC000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80688000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x827D6000 C:\Windows\system32\drivers\ScreamingBAudio.sys 49152 bytes (Screaming Bee LLC, Screaming Bee Audio Driver)
0x9EFBE000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FF05000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x901AC000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8ADA1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber)
0x8ED9E000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber)
0x8FF42000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EC9F000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x827CB000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8F7B9000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x901BF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8EDAB000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9D8F5000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x900FE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9EFB4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8AFF1000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9D912000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B1C7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8FEDE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8FF8E000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9EFF1000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8FF5B000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96EB0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B1F0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80795000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82683000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80488000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x901B7000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8040F000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8FFA7000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0x807C4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FF32000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FF3A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B157000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8FEEE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8FEFE000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8FEE7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9EECD000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM-Paralleltreiber)
0x8265E000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x900BC000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8EDA9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9EED4000 C:\Windows\System32\Drivers\TBPanel.SYS 8192 bytes (Windows (R) 2000 DDK provider, Display Control Program)
0x8FF8C000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x856EE1F8 unknown_irp_handler 3592 bytes
0x856ED1F8 unknown_irp_handler 3592 bytes
0x870CB1F8 unknown_irp_handler 3592 bytes
0x877481F8 unknown_irp_handler 3592 bytes
0x870CA1F8 unknown_irp_handler 3592 bytes
0x871271F8 unknown_irp_handler 3592 bytes
0x876D51F8 unknown_irp_handler 3592 bytes
0x877DC1F8 unknown_irp_handler 3592 bytes
0x84D5C1F8 unknown_irp_handler 3592 bytes
0x870DF1F8 unknown_irp_handler 3592 bytes
0x8711D500 unknown_irp_handler 2816 bytes
0x87958500 unknown_irp_handler 2816 bytes
0x8863D500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x82106EEA-->82106EF1 [ntkrnlpa.exe]
[1424]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[1424]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[1424]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[1424]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[1424]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[1636]svchost.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x010010FC-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x01001100-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: IAT modification 0x0100113C-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x01001130-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x01001118-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegisterServiceCtrlHandlerW, Type: IAT modification 0x01001134-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0100112C-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x01001128-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->SetEntriesInAclW, Type: IAT modification 0x0100110C-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x01001110-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->SetSecurityDescriptorGroup, Type: IAT modification 0x01001108-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->SetSecurityDescriptorOwner, Type: IAT modification 0x01001104-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->SetServiceStatus, Type: IAT modification 0x01001138-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->StartServiceCtrlDispatcherW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x0100109C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x01001074-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x01001008-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001090-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001018-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x01001050-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x01001004-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x01001084-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x0100104C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x01001044-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x01001038-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x01001034-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001098-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001028-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0100108C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0100103C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x01001030-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x01001068-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x01001000-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001080-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0100101C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x01001010-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0100107C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001078-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x01001070-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010AC-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A4-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x01001014-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0100102C-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObject, Type: IAT modification 0x01001020-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x0100100C-->00000000 [svchost.exe.mui]
[1636]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x01001060-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x01001054-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001024-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x01001088-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x01001040-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001048-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x0100106C-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x01001158-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100114C-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001148-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x01001160-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x0100116C-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x0100115C-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001154-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001164-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001150-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001144-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001168-->00000000 [unknown_code_page]
[2152]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2152]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2152]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[2152]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
         

Alt 18.01.2011, 20:50   #25
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



1.) Registry mit ERUNT sichern

Bevor nötige Änderungen in der Registry gemacht werden, solltest Du ein Backup der aktuellen Registry erstellen. Bitte lade dazu das Tool ERUNT von Lars Hederer von folgendem Downloadlink herunter und installiere es. Bitte ERUNT nicht so einrichten, dass es bei jedem Systemstart läuft, das ist nicht nötig! Das Programm befindet sich dann in diesem Pfad: C:\Programme\ERUNT\erunt.exe.

Doppelklicke nun die erunt.exe, beantworte die Frage, ob Du eine Sicherung erstellen willst mit OK und setze im nun aufpoppenden Fenster bei den Sicherungsoptionen alle drei Haken. Den Pfad für die Sicherung lasse am besten wie vorgegeben. Drücke wieder OK und beantworte die Frage, ob der neue Ordner erstellt werden soll mit "Ja".

ERUNT erstellt nun ein Backup Deiner Registry in diesen Ordner. Wenn Du die Standardpfade genutzt hast, wirst Du die Sicherungen hier finden: C:\WINDOWS\ERDNT.

Im Bedarfsfall stellst Du die Registry wieder her, indem Du die ERDNT.exe aus vorgenanntem Ordner startest.





2.) Registry editieren

Start--> ausführen--> notepad (reinschreiben)--> ok

Kopiere nun bitte folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"c:\ProgramData\wietulopto.dat"=-
         
  • Speichere es nun unter regfix.reg
  • achte darauf, dass bei Datei-Typ "All types *.* angegeben ist
  • nun sollte die regfix.reg auf Deinem Desktop erscheinen
  • Mache nun einen Doppelklick auf die Datei regfix.reg
  • Bestätige mit Ja, dann drücke OK
  • Starte den Rechner neu auf.





3.) Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

Download Mirror #1 - Download Mirror #2
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    wietulopto.dat
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 19.01.2011, 20:10   #26
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Code:
ATTFilter
SystemLook 04.09.10 by jpshortstuff
Log created at 20:08 on 19/01/2011 by Patrick
Administrator - Elevation successful

========== filefind ==========

Searching for "wietulopto.dat"
C:\_OTL\MovedFiles\01112011_232513\C_ProgramData\wietulopto.dat	--ah--- 1857838 bytes	[17:45 20/10/2010]	[17:45 20/10/2010] E0ED9DAF71F29987CFD7EB097693E5E3

-= EOF =-
         

Alt 19.01.2011, 20:33   #27
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Ich geh davon aus, dass du alle Schritte durchgeführt hast, auch die wo keine Logs bei rauskommen?


Poste bitte zwei neue OTL-Logfiles. Einstellungen wie sonst. Wie läuft der Rechner in der Zwischenzeit?
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 19.01.2011, 20:57   #28
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.01.2011 20:47:13 - Run 4
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 572,70 Gb Free Space | 61,48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D41B45-0D44-4C1F-B668-102527C49476}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15358FBF-C225-4A3B-8DDA-43F202A0F46F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B96113C-562E-4234-9450-3306E0D2D47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34FAD8E7-E70E-4B5A-BEAD-0274EDB94D54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38DCF776-A8C9-463C-ABEA-A48F1580B86C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{399B6C3A-F849-4630-AA5F-F0A4DEDE8FB9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{41D8DBAB-17AA-435B-82B0-0A7D4325CA7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A473520-C977-4B6B-9D7C-29FE78CCA636}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BCA044E-C9E8-48C6-ADAD-3D9C3E810EE5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{65D250FF-92F5-4422-B0FA-498A62C05846}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B46D8BB-96E0-4261-BE10-310FF6B3339D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7CD7580D-8716-41B6-B4E8-3CC1C3965243}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93956125-F074-4C5F-A41C-2EB9BF882027}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98424306-D9D7-4EEB-9C9A-EBDBF1557217}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AD5345A5-4F40-4096-ACEF-5821B65E2F88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C826D3FE-B7CE-4113-BCA0-E8F5F38601D7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E8E749EA-CB47-4B40-80B0-F38780912894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E9764180-3D87-494D-8E0C-D5DDB6F9E5AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FC540642-0716-4636-969E-4A1A1B32F0DE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FEE65BE2-3A1F-429C-82C6-1E558256C5B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045E3921-22F4-4B9F-BC43-1E804FF68E2D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{08689B32-CF82-4814-97B9-83A668852904}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{08C5C4FA-B210-41A6-A497-BDB3FCF59EA2}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{0F882304-454C-460E-90B6-5A58E1F4C0A7}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{105D4E88-83DE-42DF-A637-AF696397D19C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{133E2E25-643D-4A81-B35F-7E02190DD415}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1444ADE7-D40D-4C26-86D0-729F21716822}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{190B697E-5944-43AD-A99B-5EC97F184020}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{193867D6-6FEF-40FF-AFBC-1B9B654BD277}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2029D321-DB87-49E6-B087-12FB18A11AA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{239975C6-7A2E-40B7-AF3A-9368FBDD5112}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{3EFC1E20-E32F-4062-90A1-ED4DB87E0B02}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{43E00F3B-8AA1-455C-9044-CDDDC15E5F44}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{5F7AC141-B4CD-4266-BF16-9AF9773C0B5C}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{64A4DCC4-4D7F-4F80-820C-FDCBBC32ABC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{659EF873-292C-4376-A62A-C9822A963FB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67459BF3-6955-46FD-BE79-E7F66300E019}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{719CD1BD-B71E-4C0B-AECE-AE4EB3720501}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7B9FEA17-ACBD-4772-B956-94DD878F2CD6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8AB7B6AD-4631-4E46-9230-1C3796A266B3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9AEF4FA3-D372-4706-87D6-BA066CD26224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5D3802D-C125-4D9A-BFD7-39C26EFA41E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8C9EA4D-AA8D-4B93-97A3-DDD55697BC62}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{C221DDCC-FDB7-4A1A-B24F-CF29651B7602}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{C7668D0B-6480-4980-AF10-F6D1F897215E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC71855E-C643-4937-B203-00CA950DF935}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D1F96787-F6B6-4B2B-8D36-B327B7ADD5B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E0114CDB-E673-4D29-B7B5-6DE2D523469C}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{FA79E7CD-93C8-41EF-A5E7-F63AE9C70135}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD202FC6-7C6A-4ADA-AE05-973872167CF9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{00B59935-F8EB-40C5-BF36-4F71CF9F361D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{04E1AD27-60A4-42C3-8E39-7ED080724471}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{10AFF931-5FE0-4176-99BD-D4DFC77C0A96}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"TCP Query User{1819189D-0D53-4822-A013-2C6C76880204}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{19AA6F99-2078-400F-ABB8-30A8C9B09C49}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
"TCP Query User{260C5939-B36C-4716-9C3D-AA54336BD287}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"TCP Query User{285E5FAD-1F52-4200-9BCB-1EFAD0BDBB71}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"TCP Query User{41F9268F-2672-41DF-9225-0F4F6BBAF545}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{44CE239E-0AA4-43B4-B55B-BF52DFC19096}C:\team17\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"TCP Query User{45BDF051-E4C1-4B16-9A01-1728F2CA1E8B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{53FCF646-4770-4423-9076-FF6AA8B755C4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"TCP Query User{5E186B78-2130-465C-BF11-E47E4FEAD31B}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"TCP Query User{6A8A4648-143C-4AC4-9CE2-646D78D071C2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{7E06CF12-A627-44B6-A416-EBAFA497D1AD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8AE1D458-3092-4413-A356-961397FF5645}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"TCP Query User{8E671482-B971-454B-9F7A-AB83E09E7663}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{91F04DFE-B86D-4C0C-B6E6-CF8C772BF441}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=6 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"TCP Query User{97CCC9EA-D356-4F05-8057-26D785314714}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"TCP Query User{9FD53621-CE89-4715-953E-94B0A66881F8}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{A215EE35-B8B7-48E9-8F2C-887F24F89BDC}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{A6C95C42-A68C-47D5-912A-1AC4D20BBA92}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{B2385233-32CE-40B5-838E-511FC4223DDB}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=6 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"TCP Query User{C85CDA1D-7B6F-4AFC-B1EA-74842A135310}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{CA402386-4488-403D-A1BE-F1C27B1B1215}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"TCP Query User{D07F8636-41E1-43E7-A627-EB9581BDD3A8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{D2C5C0B6-E85D-464B-A98C-46C0547E56E3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{DAA32C4D-E145-4B55-8A4E-A5478CB7862C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E61C7932-98B5-4111-8C3D-1D1F6134BD1C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E6EE873A-FE33-4224-B2D8-43C59B9DFDD5}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"TCP Query User{E9885724-2C61-41EF-890E-E30B3CD1C2E2}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe | 
"TCP Query User{EAB31E83-B9EF-46DD-B517-FCEA5B18DD8C}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"TCP Query User{EF0896EE-E399-42F2-9837-5A2DC6353381}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"TCP Query User{F94C8AA6-1CD6-4BC4-8E82-4CA2065F80E4}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{1401695A-72EF-431B-A180-FA685C9BC232}C:\program files\atari\act of war - direct action\actofwar.exe" = protocol=17 | dir=in | app=c:\program files\atari\act of war - direct action\actofwar.exe | 
"UDP Query User{1C2A6692-D294-4FC5-BECB-EBCEF30BC726}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{25F0F1A2-8151-4259-B963-059EFAE0587F}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{28FE4992-ABEF-4730-838B-D18222412AA7}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe | 
"UDP Query User{397D4A1B-CBF2-4289-932E-A390C96941C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{42ADE4F2-59FF-4E67-A5CF-252BF9A25DB0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"UDP Query User{4433C4FB-ABC8-4922-8C04-7F963BA179AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{552B5017-0BAB-45DC-9B64-842143DEEAC6}C:\team17\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\team17\worms world party\wwp.exe | 
"UDP Query User{56C7B6F3-556F-4B57-96F9-E6816013663D}C:\users\patrick\downloads\gamin16\gamin16\gameunp.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\gamin16\gamin16\gameunp.exe | 
"UDP Query User{627BFBF3-54D2-437F-A3C1-F11902944ECF}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"UDP Query User{6DFF0CC8-9C3F-4905-8A0F-2DB534908356}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{70E214B8-D330-466D-B5FE-53C5CB913E30}C:\users\patrick\downloads\utorrent-1.6.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\utorrent-1.6.exe | 
"UDP Query User{768C52CA-1F16-4761-AFF8-169754FF1FF2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{79104CBC-878D-405B-AE2F-49EBE1E1824C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{7BF603ED-CFA7-4EB7-A28A-B09F8A526AAE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8D140389-D4DE-44EB-972F-B561DDBBE36F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{97956C4F-1C85-4A5F-BF14-01ACD37C0E17}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9DC08AF4-B06C-48BE-B871-6C2D23370750}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"UDP Query User{9EF30B3C-4E92-450B-BE6E-F493F8B0D37A}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | 
"UDP Query User{A25F97B6-C999-40CE-A377-A55C203E7F5C}C:\program files\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k10\nba2k10.exe | 
"UDP Query User{A36DBF21-433C-4E47-A66F-ED533DF020E4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A6596895-D88D-4CAD-B0FD-F88D06CEC29E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{A71E4261-01A4-44BE-BDAA-E47B490B5D3C}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe | 
"UDP Query User{B349ABF4-481F-4BB5-8EB7-EF1BF4E118DB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{BF64B0F9-5001-46D2-91A2-9E3222AF20DB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C78D5ADF-FF9C-4436-864E-0D8ED7594C72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CD106CAD-C880-4429-8471-0B5538E8B7AF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe | 
"UDP Query User{DAA76258-F697-4A84-BD4C-E91AEF0BEA33}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{DF89037A-6D60-4F7D-9D96-BF3C490255F4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals zero hour\game.dat | 
"UDP Query User{E58F61F4-BCEA-4EEE-988B-3114B2794DD0}C:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe" = protocol=17 | dir=in | app=c:\users\patrick\downloads\bitcomet 1.19 sbi leecher pack\bitcomet 1.19 sbi leecher pack\fakeup-i.exe | 
"UDP Query User{EABE8875-6115-493A-8296-5806742F7E04}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{EBBCDB8A-F84D-4E55-AD93-6C57098BD6C7}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"UDP Query User{FC342459-2115-47BC-A2A2-13AF0C100116}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{31D543E6-2234-47CA-B3F7-2C5765CA2D9B}" = LG PC Suite II
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFD5ED58-271A-4907-96C2-2745C83BB035}" = NVIDIA PhysX v8.08.18
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2008 Advanced_is1" = Ashampoo Burning Studio 2008 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.1.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Hamachi" = Hamachi 1.0.1.5
"Hospital" = Theme Hospital
"ImgBurn" = ImgBurn
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RayV" = RayV
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SopCast" = SopCast 3.0.3
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TV Sponsoren 2007" = TV Sponsoren 2007
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VLC media player" = VLC media player 1.0.5
"Vtune_is1" = Vtune 6.6
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter 6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V7" = Skat-Online V7
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2010 07:23:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2010 11:46:21 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 07:15:19 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 09:31:49 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1020  Anfangszeit: 01cab6e7fe4ce69f  Zeitpunkt der Beendigung:
 6
 
Error - 26.02.2010 09:32:11 | Computer Name = Patrick-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: e64  Anfangszeit: 01cab6e80eda6b4f  Zeitpunkt der Beendigung:
 2
 
Error - 26.02.2010 17:27:55 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2010 20:16:41 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2010 07:38:18 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2010 17:16:35 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2010 07:01:42 | Computer Name = Patrick-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 19.01.2011 05:29:11 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.01.2011 05:29:11 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 19.01.2011 11:26:14 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.01.2011 11:26:57 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.01.2011 11:27:01 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.01.2011 11:27:01 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 19.01.2011 15:05:54 | Computer Name = Patrick-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 19.01.2011 15:06:49 | Computer Name = Patrick-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.01.2011 15:07:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.01.2011 15:07:26 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.01.2011 20:47:13 - Run 4
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Patrick\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 572,70 Gb Free Space | 61,48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.2\ICQ.exe
PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.07.12 17:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winamp.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.31 19:44:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.25 18:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.10.26 16:18:00 | 002,544,936 | ---- | M] (RayV) -- C:\Programme\RayV\RayV\RayV.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe
PRC - [2008.12.10 10:02:30 | 000,216,520 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.05 18:24:24 | 002,154,496 | ---- | M] () -- C:\Programme\Vtune\TBPANEL.exe
PRC - [2008.06.12 02:47:22 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:59 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.12.13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.25 18:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.26 21:55:59 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.24 23:40:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.09.11 10:13:43 | 007,373,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.03.26 14:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.03.26 14:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.03.26 14:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.05 23:30:32 | 000,695,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Encyclopaedia Metallum (Bands)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/pat_at_pc"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.11 23:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.30 12:09:00 | 000,000,000 | ---D | M]
 
[2008.12.24 23:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions
[2011.01.19 19:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.29 17:00:49 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.01.18 19:11:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.11.29 14:37:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\110yvcr7.default\extensions\firefox@tvunetworks.com
[2011.01.18 18:56:17 | 000,002,331 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-albums.xml
[2011.01.18 18:56:17 | 000,002,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\110yvcr7.default\searchplugins\encyclopaedia-metallum-bands.xml
[2010.02.25 19:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.11 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.03.26 12:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.31 19:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.31 19:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.31 19:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.31 19:44:59 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.31 19:44:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - c:\progra~2\wietulopto.dat - c:\progra~2\wietulopto.dat File not found
O24 - Desktop WallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.19 19:45:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.01.19 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
[2011.01.18 11:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\MustBeRandomlyNamed
[2011.01.18 11:46:15 | 000,719,574 | ---- | C] (UG North                                                    ) -- C:\Users\Patrick\Desktop\RkU3.8.388.590.exe
[2011.01.15 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Falkenbach [Discography]
[2011.01.12 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.01.12 11:05:26 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 11:05:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.11 23:25:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.01.11 23:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 23:18:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.11 21:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.01.11 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Google
[2011.01.11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2011.01.11 20:42:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.11 20:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.11 20:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.11 20:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.11 20:42:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.11 17:55:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Avira
[2011.01.11 17:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.01.11 17:52:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.01.11 17:52:44 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.01.11 17:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.01.11 17:39:44 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.19 20:05:58 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.19 20:05:57 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.19 20:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.19 20:05:48 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.19 19:57:30 | 000,000,167 | ---- | M] () -- C:\Users\Patrick\Desktop\regfix.reg
[2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
[2011.01.18 19:55:39 | 000,068,096 | ---- | M] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.18 17:41:30 | 000,138,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.18 17:41:08 | 000,214,816 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.01.17 20:59:43 | 000,629,057 | ---- | M] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar
[2011.01.17 17:41:09 | 000,080,384 | ---- | M] () -- C:\Users\Patrick\Desktop\MBRCheck.exe
[2011.01.15 13:47:21 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.15 13:47:21 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.15 13:47:21 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.15 13:47:21 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.14 13:05:53 | 001,465,501 | ---- | M] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3
[2011.01.14 12:56:43 | 000,000,852 | ---- | M] () -- C:\Users\Patrick\Desktop\mp3DirectCut.lnk
[2011.01.12 20:03:14 | 235,694,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.12 19:07:02 | 000,296,448 | ---- | M] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe
[2011.01.12 15:53:47 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc
[2011.01.11 20:59:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.01.11 17:53:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 14:41:27 | 000,012,392 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 21:30:14 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.03 01:04:09 | 000,061,440 | ---- | M] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | M] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2010.12.30 17:36:52 | 000,026,112 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010.12.25 19:05:53 | 000,270,566 | ---- | M] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010.doc
[2010.12.23 20:12:20 | 000,028,160 | ---- | M] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.22 15:15:18 | 000,025,600 | ---- | M] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:15 | 000,027,136 | ---- | M] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
 
========== Files Created - No Company Name ==========
 
[2011.01.19 19:57:30 | 000,000,167 | ---- | C] () -- C:\Users\Patrick\Desktop\regfix.reg
[2011.01.18 19:18:34 | 750,239,744 | ---- | C] () -- C:\Users\Patrick\Desktop\nmp_cube.avi
[2011.01.17 20:59:55 | 000,629,057 | ---- | C] () -- C:\Users\Patrick\Desktop\RkU3.8.388.590.rar
[2011.01.17 17:41:27 | 000,080,384 | ---- | C] () -- C:\Users\Patrick\Desktop\MBRCheck.exe
[2011.01.14 13:05:52 | 001,465,501 | ---- | C] () -- C:\Users\Patrick\Desktop\Alf Hallenturnier.mp3
[2011.01.12 19:07:01 | 000,296,448 | ---- | C] () -- C:\Users\Patrick\Desktop\bxdqsytv.exe
[2011.01.11 23:17:27 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Woods Of Desolation - Torn Beyond Reason.doc
[2011.01.11 17:53:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.01.10 14:41:27 | 000,012,392 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel
[2011.01.09 21:30:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Scarcross - Freidenker.doc
[2011.01.03 01:02:30 | 000,061,440 | ---- | C] () -- C:\Users\Patrick\Documents\Microsoft Word-Dokument (neu).doc
[2011.01.03 00:24:08 | 000,037,376 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest Wien.doc
[2011.01.03 00:23:30 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest München.doc
[2011.01.03 00:22:51 | 000,034,816 | ---- | C] () -- C:\Users\Patrick\Documents\THRASHFEST Oberhausenn.doc
[2011.01.03 00:22:41 | 000,028,160 | ---- | C] () -- C:\Users\Patrick\Documents\Thrashfest 2010 Giessen.doc
[2010.12.30 17:36:47 | 000,026,112 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Puteraeon - The Esoteric Order.doc
[2010.12.25 19:05:53 | 000,270,566 | ---- | C] () -- C:\Users\Patrick\Desktop\The-Total-Package-Lenz-Luger.png
[2010.12.21 18:15:14 | 000,025,600 | ---- | C] () -- C:\Users\Patrick\Documents\(Review) Waking The Cadaver - Beyond Cops Beyond God.doc
[2010.12.21 15:58:14 | 000,027,136 | ---- | C] () -- C:\Users\Patrick\Documents\Jahrespoll 2010 Patrick.doc
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.02 13:21:59 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi
[2010.06.16 14:54:53 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.25 19:43:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.02 16:18:45 | 000,000,294 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.07.06 16:15:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.07.06 16:15:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.07.06 16:15:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.01.29 16:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\Patrick\AppData\Local\keyfile3.drm
[2008.12.30 20:16:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.12.28 12:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.28 12:05:41 | 000,068,096 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.26 17:14:53 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008.12.25 13:33:34 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.12.25 13:33:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.12.24 23:40:06 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.08.22 13:26:51 | 000,000,000 | -HSD | M] -- C:\Users\Patrick\AppData\Roaming\.#
[2010.10.09 10:41:41 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.ABC
[2009.11.18 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\.BitTornado
[2009.10.13 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\2K Sports
[2009.04.10 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ashampoo
[2010.02.22 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Bioshock2
[2010.08.24 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BitComet
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools
[2008.12.24 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite
[2008.12.24 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Pro
[2010.10.09 10:37:55 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.10 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FileZilla
[2011.01.10 14:41:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0
[2011.01.19 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ
[2010.08.26 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ImgBurn
[2008.12.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech
[2010.06.12 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LG Electronics
[2010.08.09 10:11:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Miranda
[2009.02.01 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ppstream
[2011.01.12 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RayV
[2010.08.24 16:03:51 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\RigNRoll_usa_ws
[2010.11.23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Screaming Bee
[2010.09.20 19:57:26 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\temp
[2010.12.22 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent
[2010.05.11 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Xilisoft
[2011.01.19 20:04:53 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.19 17:57:05 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE1B8ECE-814A-4F23-A245-854520A52B49}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 19.01.2011, 20:59   #29
Desolation
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Der PC läuft soweit besser und auch die Meldung taucht nicht mehr auf, stattdessen schlägt AntiVir manchmal mit irgendeiner anderen .exe an, die ebenfalls als TR/Crypt.Xpack.Gen gekennzeichnet ist. Wenn ich dann auf Remove gehe, ist ein paar Tage Ruhe und irgendwann taucht die Meldung wieder auf.

Alt 19.01.2011, 21:28   #30
rea
/// Helfer-Team
 
TR/Crypt.XPACK.Gen - Standard

TR/Crypt.XPACK.Gen



Ich meinte oben, dass ich es gut fände, wenn du mir auch mitteilst, ob du die Schritte durchgeführt hast Sonst muss ich bald anfangen, die Glaskugel zu bedienen, denn ich kann nicht wissen, was du machst ->

So gehts weiter:



1.) Scan mit SystemLook
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





2.) Avira Antivir - Was wurde gefunden?

Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
  • Starte Avira Antivir
  • Unter dem Reiter Übersicht auf Ereignisse klicken
  • Dort bitte überprüfen, dass oben Alle angehakt sind und unter Filter nur das Kästchen Fund, die anderen bitte auslassen.
  • Alle Funde markieren (Sofern vorhanden)
  • Oben auf den runden Pfeil klicken (Ausgewählte Ereignisse exportieren)
  • Unter dem vorgegebenen Namen abspeichern und den Inhalt dieser .txt-Datei hier ebenfalls posten.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Antwort

Themen zu TR/Crypt.XPACK.Gen
antivir, arbeiten, bereits, datei, erkennt, erscheint, folge, folgende, funktionsfähige, gestern, lösung, malware, meldung, neuling, nichts, programdata, richtig, schei, schädliche, sekunden, sofort, ständige, tr/crypt.xpack.ge, tr/crypt.xpack.gen, viren, virus, wenige




Ähnliche Themen: TR/Crypt.XPACK.Gen


  1. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  2. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  3. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  4. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  5. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  6. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  12. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)
  13. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  14. tr\crypt.xpack.gen2 und tr\crypt.xpack.gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (4)
  15. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  16. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  17. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)

Zum Thema TR/Crypt.XPACK.Gen - Ist eigentlich kein Problem, nur bin ich bald einige Wochen unterwegs und bereinige in der Zeit nicht. Wie lange würde es ungefähr noch dauern bei dir, sonst würde ich jemanden - TR/Crypt.XPACK.Gen...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.