| |
| |||||||
Log-Analyse und Auswertung: Unterschiedliche Prozesse führen zu äußerst hoher CPU-AuslastungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2011, 19:11
| #1 |
 |  Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung Hi liebe Forennutzer, ich habe folgendes Problem: Mein Computer arbeitet äußerst langsam. Ich habe bereits eurer Thema "PC wird immer langsamer-was tun?" gelesen und abgearbeitet.Leider ohne Verbesserung. Wenn ich den Taskmanager öffne, ist zu erkennen, dass unterschiedliche prozesse eine enorme(meist bis zu 100%) CPU-Auslastung hervorrufen. Selbst kleinste Programme,z.B. IE8 oder wordpad brauchen eine Ewigkeit beim Laden. Ich habe Malewarebytes' Anti-Malware einen Komplettscan durchführen lassen. Dies war das Ergebnis: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19019 14.02.2011 17:48:14 mbam-log-2011-02-14 (17-48-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 359538 Laufzeit: 2 Stunde(n), 43 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\****\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. Ich persönliche(Laie) vermute, dass irgendetwas im Hintergrund läuft, welches den Großteil des Speichers frisst. Ich bedanke mich schon mal im voraus für Hilfe. Gruß crackbone |
|
14.02.2011, 19:15
| #2 |
| /// Malware-holic   | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
14.02.2011, 20:35
| #3 |
| | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung Hier die Logs von OTL:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.02.2011 19:46:26 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\****\Desktop\Desktop\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): c:\pagefile.sys 9000 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 57,51 Gb Free Space | 51,54% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 65,50 Gb Free Space | 58,72% Space Free | Partition Type: NTFS Computer Name: NB-**** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\Desktop\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\MARTIN\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Users\****\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - D:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) PRC - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE (CANON INC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Windows\BR040286.exe (Bison Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\Desktop\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation) MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll () MOD - C:\Windows\System32\shfolder.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- File not found SRV - (gupdate1ca65662288ba80) Google Update Service (gupdate1ca65662288ba80) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1004071232\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1004071232\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1004071232\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.msn.com/ [binary data] IE - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1004071232\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.02.09 18:59:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\mozilla\components [2010.12.22 16:39:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\mozilla\plugins [2011.02.12 00:48:06 | 000,000,000 | ---D | M] [2009.08.25 20:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Extensions [2011.02.10 09:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\extensions [2009.09.03 09:26:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.30 19:17:09 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.02.22 16:10:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.07 11:32:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.01.02 14:47:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.02.09 13:50:50 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\searchplugins\icqplugin-1.xml [2010.07.23 19:12:06 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\searchplugins\icqplugin-2.xml [2010.07.26 11:41:45 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\searchplugins\icqplugin-3.xml [2010.04.07 11:32:30 | 000,000,168 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\searchplugins\icqplugin.gif [2010.04.07 11:32:30 | 000,000,618 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\searchplugins\icqplugin.src [2010.06.24 14:56:05 | 000,000,947 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\searchplugins\icqplugin.xml [2011.02.09 18:59:14 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2011.02.12 00:48:12 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll () O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1004071232\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BR040286.exe (Bison Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003..\Run: [Txtwin] C:\Users\****\AppData\Roaming\Cscjava\visfree.exe () O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004..\Run: [BLASC] File not found O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004..\Run: [DAEMON Tools Lite] File not found O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004..\Run: [ICQ] File not found O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1811794223-3802095774-1639634765-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\SASWINLO.dll - File not found O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0b195a05-caec-11de-b472-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{0b195a05-caec-11de-b472-000000000000}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: BLASC - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.02.14 19:43:04 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\Desktop\Desktop\OTL.exe [2011.02.14 19:33:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2011.02.14 14:49:01 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Desktop\Desktop\MFTools [2011.02.13 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Desktop\Desktop\Autoruns [2011.02.12 00:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.02.12 00:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.02.12 00:48:06 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.02.12 00:48:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.02.12 00:48:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.02.12 00:48:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.02.12 00:30:50 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\****\Desktop\Desktop\Desktop\jre-6u23-windows-i586.exe [2011.02.10 17:42:26 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.10 17:42:18 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.10 17:42:18 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.10 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.02.10 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\REPORTS [2011.02.10 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LOGFILES [2011.02.10 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\INFECTED [2011.02.10 15:00:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.10 15:00:54 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.10 15:00:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.10 15:00:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.10 15:00:53 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.10 15:00:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.10 15:00:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.10 15:00:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.10 15:00:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.10 15:00:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.10 15:00:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.10 15:00:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.10 15:00:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.10 15:00:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.10 15:00:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.10 15:00:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.10 15:00:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.10 15:00:17 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.10 15:00:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.07 13:56:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Cscjava [2011.01.30 13:18:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Desktop\Desktop\Gothic 3 ========== Files - Modified Within 30 Days ========== [2011.02.14 19:43:08 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\Desktop\Desktop\OTL.exe [2011.02.14 19:38:03 | 000,009,271 | ---- | M] () -- C:\Windows\System32\Config.MPF [2011.02.14 19:35:51 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACFBE452-B257-4DF3-A5F8-E89262126C00}.job [2011.02.14 19:33:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.14 19:33:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.14 19:31:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.14 19:31:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.14 19:30:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.02.14 19:30:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2011.02.14 19:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.14 14:49:46 | 000,296,448 | ---- | M] () -- C:\Users\****\Desktop\Desktop\Desktop\g2m3e4r.exe [2011.02.14 14:49:41 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Desktop\Desktop\defogger.exe [2011.02.14 14:46:03 | 000,472,080 | ---- | M] () -- C:\Users\****\Desktop\Desktop\Desktop\Load.exe [2011.02.14 13:09:53 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D1F105BF-47DB-4119-B318-210E2F1DA9B5}.job [2011.02.13 20:15:43 | 000,620,465 | ---- | M] () -- C:\Users\****\Desktop\Desktop\Desktop\Autoruns1006.zip [2011.02.12 18:19:58 | 000,000,556 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ****.job [2011.02.12 00:47:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.02.12 00:47:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.02.12 00:47:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.02.12 00:47:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.02.12 00:31:04 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\****\Desktop\Desktop\Desktop\jre-6u23-windows-i586.exe [2011.02.11 19:39:50 | 000,004,484 | ---- | M] () -- C:\Users\****\Documents\cc_20110211_193945.reg [2011.02.11 19:38:42 | 000,092,250 | ---- | M] () -- C:\Users\****\Documents\cc_20110211_193750.reg [2011.02.11 03:20:30 | 000,372,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.09 15:17:59 | 000,700,202 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.09 15:17:59 | 000,654,888 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.09 15:17:59 | 000,156,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.09 15:17:59 | 000,126,974 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.07 13:43:10 | 000,000,012 | ---- | M] () -- C:\Users\****\AppData\Roaming\mdjaw.dat [2011.02.06 16:43:00 | 000,030,320 | ---- | M] () -- C:\Users\****\Desktop\Desktop\Desktop\unbekannter Anhang [2011.01.20 09:26:07 | 002,169,620 | ---- | M] () -- C:\Users\****\Desktop\Desktop\Desktop\EE-AOC.rar ========== Files Created - No Company Name ========== [2011.02.14 19:32:48 | 000,000,398 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACFBE452-B257-4DF3-A5F8-E89262126C00}.job [2011.02.14 14:49:42 | 000,296,448 | ---- | C] () -- C:\Users\****\Desktop\Desktop\Desktop\g2m3e4r.exe [2011.02.14 14:49:40 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Desktop\Desktop\defogger.exe [2011.02.14 14:45:57 | 000,472,080 | ---- | C] () -- C:\Users\****\Desktop\Desktop\Desktop\Load.exe [2011.02.13 20:15:42 | 000,620,465 | ---- | C] () -- C:\Users\****\Desktop\Desktop\Desktop\Autoruns1006.zip [2011.02.11 19:39:46 | 000,004,484 | ---- | C] () -- C:\Users\****\Documents\cc_20110211_193945.reg [2011.02.11 19:37:55 | 000,092,250 | ---- | C] () -- C:\Users\****\Documents\cc_20110211_193750.reg [2011.02.07 13:43:00 | 000,000,012 | ---- | C] () -- C:\Users\****\AppData\Roaming\mdjaw.dat [2011.02.06 16:42:59 | 000,030,320 | ---- | C] () -- C:\Users\****\Desktop\Desktop\Desktop\unbekannter Anhang [2011.01.20 09:26:26 | 006,251,008 | ---- | C] () -- C:\Users\****\Desktop\Desktop\Desktop\EE-AOC.exe [2011.01.20 09:25:28 | 002,169,620 | ---- | C] () -- C:\Users\****\Desktop\Desktop\Desktop\EE-AOC.rar [2010.10.21 14:52:19 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.27 19:59:32 | 000,000,092 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2010.09.04 11:20:08 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.06.24 20:53:41 | 000,001,348 | ---- | C] () -- C:\Windows\WAVEMIX.INI [2010.04.07 20:07:27 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.11.03 14:31:14 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2009.06.05 12:39:09 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.06.01 18:13:05 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2008.12.19 13:21:39 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008.12.19 13:21:38 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008.12.19 13:18:55 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.08.27 18:32:30 | 000,017,408 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.24 23:08:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.05.24 14:29:09 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.05.24 14:28:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.05.24 14:22:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.03.28 09:16:44 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.28 04:27:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.28 04:26:55 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.03.28 04:26:55 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.03.28 04:26:54 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.03.27 19:57:46 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.08.28 17:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2010.11.15 17:23:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Anbyu [2009.03.14 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ascaron Entertainment [2008.07.23 18:01:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari [2011.02.07 13:56:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cscjava [2009.06.05 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2009.12.19 23:20:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Pro [2008.07.23 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2008.09.10 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2008.09.09 22:58:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.02.01 14:11:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Petroglyph [2010.11.15 17:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Roized [2010.03.31 02:36:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SPORE [2009.06.05 12:40:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Teeworlds [2011.01.20 09:49:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tunngle [2010.09.27 20:52:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Turbine [2009.12.04 19:39:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2009.12.04 19:39:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2008.03.27 21:39:54 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2010.11.01 00:59:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2011.02.14 19:30:55 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.14 19:35:51 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ACFBE452-B257-4DF3-A5F8-E89262126C00}.job [2011.02.14 13:09:53 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D1F105BF-47DB-4119-B318-210E2F1DA9B5}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.22 12:33:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe [2010.11.15 17:23:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Anbyu [2009.11.14 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer [2009.03.14 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ascaron Entertainment [2008.07.23 18:01:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari [2008.07.22 20:11:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI [2010.07.21 06:53:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avira [2011.02.07 13:56:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cscjava [2008.08.01 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CyberLink [2009.06.05 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2009.12.19 23:20:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Pro [2010.06.05 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX [2009.03.01 10:04:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Google [2010.02.18 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hamachi [2008.07.22 20:10:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities [2009.01.26 20:38:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Intel [2008.07.23 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2011.02.06 16:24:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2010.03.22 19:05:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs [2008.09.10 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2008.09.09 22:58:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.09.27 20:52:23 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2009.08.25 20:17:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2010.02.01 14:11:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Petroglyph [2010.11.15 17:19:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Roized [2008.11.27 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Roxio [2008.09.04 22:27:14 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM [2011.02.14 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype [2011.02.14 17:50:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM [2010.03.31 02:36:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SPORE [2010.09.08 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sun [2010.03.24 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SUPERAntiSpyware.com [2009.02.15 20:34:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\teamspeak2 [2009.06.05 12:40:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Teeworlds [2011.01.20 09:49:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tunngle [2010.09.27 20:52:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Turbine [2010.08.22 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\U3 [2009.12.16 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR [2008.07.23 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2011.02.14 13:10:19 | 000,354,304 | ---- | M] () -- C:\Users\****\AppData\Roaming\Cscjava\visfree.exe [2010.01.22 12:31:49 | 000,038,784 | ---- | M] () -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008.11.23 17:50:24 | 001,887,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.03.24 19:01:59 | 000,018,944 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe [2010.03.24 19:01:59 | 000,065,024 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe [2010.03.24 19:01:59 | 000,005,120 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe [2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\****\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\****\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.06.05 12:39:09 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.08 06:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.12.18 07:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2008.01.21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.02.2011 19:46:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\****\Desktop\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): c:\pagefile.sys 9000 9000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 57,51 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 65,50 Gb Free Space | 58,72% Space Free | Partition Type: NTFS
Computer Name: NB-**** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1811794223-3802095774-1639634765-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D2A798C-29C0-44B7-B60B-FBCC37F9575D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FF52F59-D88B-4D9E-8ED6-8F9507D8001E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52F20779-9D2A-441F-B71F-F1938420793D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5785A702-1A71-4ED9-9A11-0F03E7FAEB66}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C05AA29-A821-4289-99A9-2983FFCFE7B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{637DDB72-511E-4EF8-B05C-8E1FB6C7D39B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68E725C6-CF7F-444A-B123-352E344EF720}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7C4C07A2-3EFC-44F6-8688-9C5AC5637CF8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94D60BCD-36A2-4ADC-8DE6-AC4853263D09}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E13C84F-F82D-4701-9AA7-7FAF5013CA90}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A41D7116-D5D1-4296-B60A-D163704B0CEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA3E14DA-342D-4610-A2D1-1CEFE022D141}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{ABF654AD-19A0-4AD2-B6ED-31CD55D26081}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4BD9E25-73FF-4955-9479-E2C10ECB0583}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD0A0A51-8844-44BC-A846-D9C924D0E1E6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E82C28AE-7025-48C6-8A5C-93FDB241E792}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F47F5966-B1AB-460F-80CE-C8BC5D35E890}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FE99F79C-5BF9-4F27-B420-35CFC40B6530}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A8CDE6-DFC0-4F81-B353-F9565B80A1C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{010BD59A-ED4A-478B-A26D-A1B747CF832D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02C243CB-5B60-4003-AFBF-C597322BF862}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0CC62C99-D175-4778-B8DE-E8B66F257714}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{170222EC-5DC5-4CE2-9CAE-1A504BA35A35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{199ADD62-8668-4487-944D-E932106AFF78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B9EAF85-C2B0-4253-B3F8-0453D3970428}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BD0A14C-60D8-40C2-B612-45D7F3DA211C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BDB5816-DAF9-4EF2-ACF9-7B620D517CF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F7B8960-F315-4CA7-83DA-EA00BE8B67AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{207F8173-E026-48D2-8926-60D9FD606328}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22E14D55-259F-4156-9E09-44C9E1CC0C0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{233CA2F9-0559-4D20-8B0B-E5176653B849}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{249297F5-FF71-4A54-83E0-2DF60DF44D73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{24D770C6-728F-49C5-9424-E7D8AE1E95A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28A92CAC-3667-476A-A1EF-B046810DF4F2}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2 demo\bf2.exe |
"{29FE238E-CD52-4A61-BFDE-7F827D31489E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D0ED96A-3B1A-4BCE-AD6A-53548E8D11E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E918334-B476-4A5E-84D4-1FEC3EF16C85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FE733C2-028F-4952-8DBB-AEA0627F84E5}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{340D8A8E-B922-4338-973D-1BD70658AE75}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{3701389D-1402-46EA-B03E-101878F42DFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3738B79E-1008-4359-9B8D-8759CEA04263}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38EAF533-14B8-451E-B08C-FC8D37D3C8FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44410BEB-42EB-46CC-B557-A1D5A86BDD76}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{477E7744-0C0C-4FBB-922C-099EB0BC5073}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48898308-0D92-4D2C-BD80-8E2EEDFD1587}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49718B9E-442B-481C-A61B-46E2749C08FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AFD6B21-27D0-431A-BC6A-D1DB909DF34B}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{50F7DAE4-D871-486F-8CC6-D2152A8BE457}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52D3A006-0F5D-4B02-969E-111BF1A4ACFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{554C58B1-F71B-4A59-9869-7785E71D1677}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55F3F983-AF77-4560-96BC-7FF7EFAE7401}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"{55FD9B75-F1A8-4F6F-B3DA-3FA134F93CBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B836F0D-B4DB-4AC6-A182-F8B92BB96A01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6469FE1F-9BB2-47D4-8A7C-25D1EFDD4DDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65DBEF53-AE93-4D1D-8EFA-26F204A77531}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{661D8D8C-3F22-4FC3-87CD-2F758694CF34}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{6A8FAB9C-2D05-4AD7-9E9E-A668844D78F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C0D524A-2642-4A67-BE19-2E8FD47DEB11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C7384CD-82AD-4237-BE41-277E73217D52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71D6C654-F97F-40E3-B22A-54437B4B34B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C545AFB-5472-47D3-AA63-05AD53588E1A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7C6AD187-1602-4B2C-92AE-694FEDC9F024}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80749B91-5933-4B89-B618-702F5372A195}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{836F566A-5BE3-4099-A93B-C5F504A653B1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8C0293D0-6236-4D30-812F-648526674565}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F2ED2FE-8AD0-4643-90B3-0093ECDB7D4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9076EE28-466A-442D-8B3D-A1ECA76E86A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93B02A1D-F3E4-4F05-93E4-DD88ACBCB6DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{940CCEAD-BAD5-4BD4-A97F-193BE89E519D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97F7E5EB-20E9-4801-A22A-304223ADB30A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A754141B-A62D-4B88-B1E1-CCA4E06DE0A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8D0D5F7-F68F-472A-A6EC-B9F57C72CD41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD48D585-469F-42A0-8624-823935668EA0}" = protocol=6 | dir=out | app=system |
"{AF8F9915-E062-4F39-853A-5EB15070F250}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B026E53F-98DC-4835-A5B8-BC76A8C294F9}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{B115FAE0-3BC5-4802-8A55-75EACF738DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B196EDEE-2C01-4EEE-826E-59AB30A679F1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"{B1D7C6B8-D1BB-4F35-ABA4-A9C03E6DE781}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3699447-E1BA-44BA-A46E-51BBAD19B16D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B527122D-0911-421F-98D1-9711BFD64F8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B630B220-7FA5-453B-9960-92229B6CF9BF}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{B6A2494E-BC25-4C30-9B5C-4A4501263B68}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2 demo\bf2.exe |
"{B79430A4-306E-4402-8E58-C7458D2FA40F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7EAB42E-54E4-4644-B1B5-0F240AFBD334}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BBA2EF7B-B2BD-44C9-B8EA-148900075ADB}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{BED06FA7-CAF2-49DD-9F4D-816BB72F9073}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1D9CE15-CFCF-44EF-BCCA-9102DE0280B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C68D22F8-DF7B-4674-B0B9-5B95FFDA4014}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1B32168-7A22-41C1-B9B5-94EDB012A421}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1DAA01C-9D0B-4A98-BD2B-6E02A031F95D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
"{D2FA27BE-3CD8-4A0E-B9D6-D1BA2D6A70E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6081734-66CD-4B08-940D-BE3460B6F188}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D79C90B8-0408-4B5C-8061-2CD7E14BE7AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9018C75-07E1-4C66-BAF2-06C891A0DE86}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DA750A46-1184-45C8-AF1E-4651BF182A75}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{DA9344AB-1A08-4558-BCE6-FCE93123D2B7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE83BCA2-2075-4A77-8318-F957675EAAC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E88324AC-E484-4441-BF49-F519E82EF821}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC77CB99-042C-4EE0-A64F-F3496E6B3101}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4D3CB4F-5773-4D2C-A7E2-658E7A7ADFD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6D6C081-9251-4CF3-8168-640683B474BC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F73AEE3C-888C-4C8B-BF43-A682E64ECCDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7614A40-AF7A-4E3C-A5D4-910CEE29F940}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F917A400-5494-4ADF-8C03-FF0802DE41B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F990BA50-849B-4E5C-A5DB-0CAC3BDC31AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAD80C6F-B68C-4BE3-90B5-947A6A1D7F57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEA19A97-0B83-41EA-945B-8D68FD232818}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{05381DBE-A55B-483C-A38C-769898F98105}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{20E7AFD5-A262-4D1F-9482-E367FB710CF2}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"TCP Query User{234C4789-293C-4FC1-8017-63013C7C44D1}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{244ECEE2-5743-41D7-B31A-6833042B248E}C:\users\****\desktop\addon\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\addon\tmnationsforever\tmforever.exe |
"TCP Query User{32C0922B-282B-4E4D-B3DE-D85389687D8E}D:\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=d:\firefly studios\stronghold 2\stronghold2.exe |
"TCP Query User{3903FBF2-A992-40D0-AFF0-9E755C0CB8FA}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{40177871-3320-4613-96A3-3E574A536077}D:\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\left4dead\left4dead.exe |
"TCP Query User{415EF798-AE37-4387-B473-79AC4D4CEB7E}D:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{4F2F3DA0-850F-4785-8563-71E3A9439C20}D:\hdr\conquest.exe" = protocol=6 | dir=in | app=d:\hdr\conquest.exe |
"TCP Query User{666399F6-A556-4F57-8446-BFC36D5BB149}C:\users\****\desktop\desktop\desktop\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\desktop\desktop\stronghold\stronghold.exe |
"TCP Query User{6B5C644A-7194-4555-8BCA-B4132CD42777}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{72B87AD5-3E51-45B3-AC5C-33F4B6BC5084}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{7501E904-99D0-4BAF-946F-33338005F9BA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7E8EBE5E-A900-46CE-A5B6-9D0C96F7149E}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"TCP Query User{7EC2AAFE-030B-4004-8377-D30E03AEBC6F}C:\users\****\desktop\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\tmnationsforever\tmforever.exe |
"TCP Query User{818FD9F3-9927-4A9D-A601-E6F2A97DEB83}C:\users\****\desktop\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\stronghold crusader\stronghold crusader.exe |
"TCP Query User{94A79226-93EB-4AC0-93C5-472E582BA4A5}D:\ea games\bf2.exe" = protocol=6 | dir=in | app=d:\ea games\bf2.exe |
"TCP Query User{9BD9CDFB-FD53-4BC6-9AD2-C68ACD5BD6FA}C:\users\****\desktop\mp3's und dateien\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\mp3's und dateien\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{9E7CF914-5956-4AA0-B9A7-668D7E37D8F9}D:\hdr\conquest.exe" = protocol=6 | dir=in | app=d:\hdr\conquest.exe |
"TCP Query User{9F33E4C5-A123-4129-91C8-0C52A4A63382}D:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{ABE5C053-A288-4B61-9BEA-C1D0195B6FFF}D:\milesredist\tqit.exe" = protocol=6 | dir=in | app=d:\milesredist\tqit.exe |
"TCP Query User{AEBDAE6D-1FA8-4C8C-BEFA-0F4D8409174E}C:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{B664B1AC-0863-41DD-BF74-6CD27E47EC4E}C:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{B9989221-44FE-4F5A-94EE-A0BD17F1949F}C:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"TCP Query User{C13A00FB-6B85-4C9E-BBFC-144EBE047C58}C:\users\****\desktop\saustall\mp3's und dateien\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\saustall\mp3's und dateien\tmnationsforever\tmforever.exe |
"TCP Query User{C8CC298F-76CF-4D78-B2E9-86886550A21D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{CD25FA29-E6FA-4EC0-B275-44040D4AAA2B}D:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{EAA10CFF-067F-4F6F-9A1C-7F479C7334A3}D:\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\left4dead\left4dead.exe |
"TCP Query User{EBDE9994-0D48-4054-9D64-467E8E7C91B9}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{EE0D9B01-997E-42DB-9203-835E26952ECA}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"TCP Query User{F6448CBA-E3FF-4E4F-B731-DF6096480515}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{F83E7686-748C-40E2-A237-AE5459B99E8E}C:\users\****\desktop\desktop\desktop\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\desktop\desktop\stronghold crusader\stronghold crusader.exe |
"UDP Query User{06FC9A91-50B4-4990-AEBF-AD9031D371F5}C:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"UDP Query User{08ADFD3C-2FBA-4D51-A142-C5EAC386A470}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{0BBF8BC0-22DA-4598-BC18-D3546CB09960}C:\users\****\desktop\desktop\desktop\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\desktop\desktop\stronghold\stronghold.exe |
"UDP Query User{173A984F-B245-4DD7-AD39-F9DC3AFE74B3}C:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{1DC31420-A298-44DD-AD34-C4DBEB719576}D:\hdr\conquest.exe" = protocol=17 | dir=in | app=d:\hdr\conquest.exe |
"UDP Query User{3304EEA6-E9F5-404A-9370-44BA279A2F2D}D:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{39859E43-C611-4F0A-B7E8-E8B341012E84}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"UDP Query User{4CF43419-5864-496A-9CC0-663D8C7D26A5}C:\users\****\desktop\mp3's und dateien\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\mp3's und dateien\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{65FE1B27-3299-4A36-B680-6A2705A40091}D:\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\left4dead\left4dead.exe |
"UDP Query User{6D2E2635-2BBF-4CAC-A8A2-50319345B40A}D:\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\left4dead\left4dead.exe |
"UDP Query User{6E47001D-9FBE-42FC-ABFC-C95B654550A0}D:\milesredist\tqit.exe" = protocol=17 | dir=in | app=d:\milesredist\tqit.exe |
"UDP Query User{7B60446D-49FF-4918-9A06-74AFF5047AFD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8505B2F3-AE11-4062-9B84-897FD02A3062}C:\users\****\desktop\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\stronghold crusader\stronghold crusader.exe |
"UDP Query User{85DDF08F-6886-4B27-8BA2-AC050D62C393}D:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{86F7D32A-BBC1-468B-A27E-64F0429404E1}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{932D465B-63EA-44ED-8FD5-CBD220E38AB6}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{9E94CD5C-527A-4F9D-BE28-B63F27D52828}C:\users\****\desktop\saustall\mp3's und dateien\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\saustall\mp3's und dateien\tmnationsforever\tmforever.exe |
"UDP Query User{9F950322-EE24-40B3-A1CA-0F9E23870659}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"UDP Query User{A89FD827-CA02-4CE8-921F-B0B4873BC335}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AA12354A-2431-4E98-BAB2-A212519EE802}C:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{B960C2B9-A8A8-4657-9057-5FD9CA7FCB8B}D:\ea games\bf2.exe" = protocol=17 | dir=in | app=d:\ea games\bf2.exe |
"UDP Query User{BFCB0FDD-98CD-40F7-80F4-F775F23EFEF6}D:\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=d:\firefly studios\stronghold 2\stronghold2.exe |
"UDP Query User{C08054A2-3DD0-43A6-A71C-7BFC85B548A9}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"UDP Query User{C35E702A-2E3C-4509-923D-55EC13DEF596}D:\hdr\conquest.exe" = protocol=17 | dir=in | app=d:\hdr\conquest.exe |
"UDP Query User{C3EF195D-9448-4153-9FAD-8BE85461BB8D}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{CB88286D-3AFB-4B3D-9ABE-71780C668984}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{CCEB12B9-064E-4EE1-BC28-1F68321A76FC}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{D2F6544B-C136-4630-B8C1-B5656A007D6A}D:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{D92E4DCF-0D4A-4CD7-A77C-65C8D6EEF5D9}C:\users\****\desktop\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\tmnationsforever\tmforever.exe |
"UDP Query User{E6C5E97E-1A3C-4E31-8D28-C4163D5E25DF}C:\users\****\desktop\addon\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\addon\tmnationsforever\tmforever.exe |
"UDP Query User{F92CB865-99F2-4AB0-9474-8F55D65BAC3A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{F9EA0E4C-9D3E-40DF-9E99-B6D8B1F97C16}C:\users\****\desktop\desktop\desktop\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\desktop\desktop\stronghold crusader\stronghold crusader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05291CC4-91E6-C32E-CAC3-779980664817}" = Catalyst Control Center Localization Thai
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27581226-F339-D2C8-4424-78D656B5DAFC}" = Catalyst Control Center Localization Finnish
"{2D4756B6-6F83-B48F-20B3-1C2579495FF9}" = Catalyst Control Center Localization Chinese Traditional
"{2DD7607D-265C-5C4D-66DE-5E895E5D3C43}" = Catalyst Control Center Localization Chinese Standard
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{324E7965-58B8-915E-4A2A-54E712A2F1CE}" = Catalyst Control Center Localization Russian
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49E766E4-4B3F-40F7-B987-89F2DF6D524C}" = Moorhuhn Kart XXL
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{547134DA-18E1-8223-82C6-DEFCC121BFA1}" = Catalyst Control Center Localization Danish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E2EF7A-DA33-148F-C7DA-BE77E25CBF38}" = Catalyst Control Center Localization Italian
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5D282891-DC5D-EEFB-9922-8820528DC438}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63270097-3D97-86EB-FDA0-3DA2BACBFCED}" = Catalyst Control Center Localization Dutch
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{6FD61EE9-06F7-0E69-248F-3A6DCDB8C616}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A2FD295-38D2-4AAF-BF41-2C95EBB96126}" = Moorhuhn Kart 2 XXL
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{846DF5BB-5954-22B3-F2CE-FA873E10707D}" = Catalyst Control Center Localization German
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8A2A414F-612A-AEB2-6162-4943D6EE8451}" = Catalyst Control Center Localization Spanish
"{8AE9B25F-BB40-CCE0-18F5-D671140E2827}" = Catalyst Control Center Localization Hungarian
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9339B9F6-6FD7-E49A-3F52-E67E743985EE}" = Catalyst Control Center Localization Portuguese
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A38BCAE4-6C8E-FA74-5161-41D4B5320538}" = ccc-core-static
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{BDD47313-659C-6AAB-550C-7023BE2B1A62}" = Catalyst Control Center Localization Japanese
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
"{C7773434-258E-DB2D-92D7-F49C49674960}" = Catalyst Control Center Localization Turkish
"{CAB8E698-2EC4-DD41-6731-4DCFC9AD072C}" = Catalyst Control Center Localization Czech
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD5F037E-6CE4-7BF4-AAE3-9E52D37216B0}" = Catalyst Control Center Graphics Light
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CFA84FB2-9807-02DB-E1AF-F762EC1A2E26}" = Catalyst Control Center Localization Polish
"{DB13E2CD-DA81-1D65-1233-7EF36900CA27}" = Catalyst Control Center Core Implementation
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DE60CAE2-4CA8-4A6A-A557-0668004FE889}" = Moorhuhn Kart Extra XXL
"{E23BE718-6CAF-8EF5-8016-157D9DB422BB}" = Catalyst Control Center Localization French
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FC36C6-754E-EEEB-66FB-CA5A1CC6B175}" = Catalyst Control Center Localization Norwegian
"{FA4DDF14-0227-47ED-9FB0-3290E84E8938}" = Catalyst Control Center - Branding
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FE9CCC3C-23F2-BA6C-1C36-BFBE9C1D2F35}" = Catalyst Control Center Localization Korean
"{FEE5BB3D-E73F-7FA8-3161-BFAA4B3E8C81}" = Catalyst Control Center Localization Swedish
"{FEF44AF0-1288-AAC1-9621-2D3AD4BF48D5}" = Catalyst Control Center Localization Greek
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eGames Pinball" = eGames Pinball
"FIFA RTWC 98" = FIFA RTWC 98
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GameSpy Arcade" = GameSpy Arcade
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee SecurityCenter
"NSS" = Norton Security Scan
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1811794223-3802095774-1639634765-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
14.02.2011, 21:02
| #4 |
| /// Malware-holic | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung bitte *** im script durch namen ersetzen sonst klappts nicht" • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL :Files C:\Users\****\AppData\Roaming\Cscjava :Commands [purity] [EMPTYFLASH] [emptytemp] [resethosts] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.02.2011, 21:44
| #5 |
| | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung All processes killed ========== OTL ========== ========== FILES ========== C:\Users\****\AppData\Roaming\Cscjava folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: **** ->Flash cache emptied: 434 bytes User: **** ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 209291 bytes ->Temporary Internet Files folder emptied: 1816767 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4096 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.20.6 log created on 02142011_212915 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\mcafee_lzRacOYrNcMsd4j not found! File\Folder C:\Windows\temp\mcafee_ozxOpPKmzLq86XF not found! File\Folder C:\Windows\temp\mcafee_v3KX10MozlqjsoB not found! File\Folder C:\Windows\temp\mcmsc_2FSMhO5TcVgahOo not found! File\Folder C:\Windows\temp\mcmsc_y8h7IHK6jcHvHAL not found! File\Folder C:\Windows\temp\sqlite_MzSRa8nu7Yx0Tag not found! File\Folder C:\Windows\temp\sqlite_tZK93gdisSwDtmy not found! File\Folder C:\Windows\temp\sqlite_UEchAAGhV6u85Up not found! File\Folder C:\Windows\temp\sqlite_WI10M5V2chXJzYV not found! Registry entries deleted on Reboot... PS: Der PC und die Programme laufen jetzt wieder alle flüssig |
|
14.02.2011, 21:47
| #6 |
| /// Malware-holic | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung bitte den upload nicht vergessen!
__________________ --> Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung |
|
14.02.2011, 21:52
| #7 |
| | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung Gerade erledigt Wissen sie schon was es für ein Problem war? Und danke für die schnelle und unkomplizierte Hilfe, wenn ich volljährig wäre würde ich ihnen etwas spenden. Gruß crackbone |
|
15.02.2011, 11:31
| #8 |
| /// Malware-holic | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung 1. brauchst du mich nicht mit sie ansprechen. 2. dateien sehe ich mir gleich an. 3. kannst du mal Malwarebytes updaten und erneut nen kompletten scan machen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 15:32
| #9 |
| | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung Log von Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5767 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19019 15.02.2011 15:29:03 mbam-log-2011-02-15 (15-29-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 387354 Laufzeit: 1 Stunde(n), 25 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\****\AppData\Roaming\mdjaw.dat (Malware.Trace) -> Quarantined and deleted successfully. |
|
15.02.2011, 15:37
| #10 |
| /// Malware-holic | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 16:14
| #11 |
| | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung Combofix Logfile: Code:
ATTFilter ComboFix 11-02-14.02 - **** 15.02.2011 15:54:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.1814 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\Desktop\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee VirusScan *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
c:\windows\system32\drivers\labl.sys
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kqktsgob
((((((((((((((((((((((( Dateien erstellt von 2011-01-15 bis 2011-02-15 ))))))))))))))))))))))))))))))
.
2011-02-15 14:59 . 2011-02-15 15:02 -------- d-----w- c:\users\****\AppData\Local\temp
2011-02-15 14:59 . 2011-02-15 14:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-15 14:59 . 2011-02-15 14:59 -------- d-----w- c:\users\****\AppData\Local\temp
2011-02-15 14:59 . 2011-02-15 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 20:15 . 2011-02-14 20:44 -------- d-----w- C:\_OTL
2011-02-14 18:35 . 2011-02-14 18:35 -------- d-----w- c:\users\****\AppData\Roaming\Apple Computer
2011-02-14 18:34 . 2011-02-14 18:36 -------- d-----w- c:\users\****\AppData\Local\LogMeIn Hamachi
2011-02-11 23:49 . 2011-02-11 23:49 -------- d-----w- c:\program files\Common Files\Java
2011-02-11 23:48 . 2011-02-11 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-10 16:42 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 16:42 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 16:42 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-10 16:42 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 16:40 . 2011-02-10 16:45 -------- d-----w- c:\programdata\LOGFILES
2011-02-10 16:40 . 2011-02-10 16:40 -------- d-----w- c:\programdata\REPORTS
2011-02-10 16:40 . 2011-02-10 16:40 -------- d-----w- c:\programdata\INFECTED
2011-02-10 14:02 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 16:21 . 2010-10-21 13:52 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-01 16:21 . 2010-10-21 13:51 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-01 16:21 . 2010-10-21 13:51 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-28 14:57 . 2011-01-12 15:29 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2010-03-22 18:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-03-22 18:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 16:55 . 2010-07-21 05:50 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 15:49 . 2011-01-12 15:29 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-22 16:50 . 2010-07-21 05:50 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-27 2969496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Product Registration.lnk - c:\users\****\AppData\Local\Temp\is-3V94E.tmp\ATR1.exe [N/A]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-27 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 16:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-05-19 15:11 136544 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-19 23:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R1 SASDIFSV;SASDIFSV;D:\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [x]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca65662288ba80;Google Update Service (gupdate1ca65662288ba80);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 SASENUM;SASENUM;D:\SASENUM.SYS [x]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-05 721904]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 88176]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2008-03-27 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-24 11:22]
2010-10-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-24 11:22]
2011-02-12 c:\windows\Tasks\Norton Security Scan for ****.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 07:48]
2011-02-14 c:\windows\Tasks\User_Feed_Synchronization-{ACFBE452-B257-4DF3-A5F8-E89262126C00}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
2011-02-15 c:\windows\Tasks\User_Feed_Synchronization-{D1F105BF-47DB-4119-B318-210E2F1DA9B5}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://de.intl.acer.yahoo.com
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\capmhlw9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\mozilla\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
HKCU-Run-Txtwin - c:\users\****\AppData\Roaming\Cscjava\visfree.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - D:\SASWINLO.dll
MSConfigStartUp-BLASC - c:\program files\buffed\BLASC.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
AddRemove-Die Gilde Gold-Edition - d:\progra~1\JoWooD\DIEGIL~1\UNWISE.EXE
AddRemove-eGames Pinball - d:\progra~1\eGames\EGAMES~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-15 16:03
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1811794223-3802095774-1639634765-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,05,26,e5,b4,03,b6,ca,54,90,20,1b,56,0c,98,9c,7a,c5,37,a5,54,de,1e,
27,13,ed,d6,2b,3d,26,53,5e,95,7f,c6,64,e5,8c,c8,b9,f3,33,d8,97,dd,26,60,67,\
"??"=hex:a0,7a,69,d6,d4,3b,4d,f5,58,4b,8d,23,40,7a,8c,cb
[HKEY_USERS\S-1-5-21-1811794223-3802095774-1639634765-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ba,64,6a,3a,54,d0,8a,4f,48,be,4a,a9,5b,ca,d0,24,11,35,67,a9,1a,
88,21,c3,d2,17,80,e8,e1,e4,c1,97,80,94,8d,f1,b4,a1,57,35,17,d9,58,3e,96,ef,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4688)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-15 16:10:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-15 15:09
ComboFix2.txt 2010-03-24 15:59
Vor Suchlauf: 15 Verzeichnis(se), 66.448.113.664 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 66.131.103.744 Bytes frei
- - End Of File - - 3C75A87A175431536423EF86B5BA6529
|
|
15.02.2011, 16:21
| #12 |
| /// Malware-holic | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 16:34
| #13 |
| | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung 2007 Microsoft Office system Microsoft Corporation 01.02.2010 555,4MB 12.0.6425.1000 notwendig Acer Crystal Eye Acer Crystal Eye 23.05.2008 5,44MB 7.32.701.13d notwendig Acer Crystal Eye Webcam Acer Crystal Eye Webcam 23.05.2008 2,79MB 2.0.0.20 notwendig Acer eDataSecurity Management Egis Inc. 23.05.2008 63,3MB 2.8.4354 notwendig Acer eLock Management Acer Inc. 23.05.2008 13,3MB 2.5.4302 notwendig Acer Empowering Technology Acer Inc. 26.03.2008 230,7MB 2.5.4301 notwendig Acer eNet Management Acer Inc. 23.05.2008 8,71MB 2.6.4303 notwendig Acer ePower Management Acer Inc. 23.05.2008 16,1MB 2.5.4309 notwendig Acer ePresentation Management Acer Inc. 23.05.2008 3,53MB 2.5.4300 notwendig Acer eSettings Management Acer Inc. 23.05.2008 13,2MB 2.5.4302 notwendig Acer GridVista 23.05.2008 1,51MB 2.72.317 notwendig Acer Mobility Center Plug-In Acer Inc. 23.05.2008 4,13MB 1.0.4301 notwendig Acer ScreenSaver Acer Inc. 26.03.2008 2.11.20071207 notwendig Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 23.05.2008 14,0MB unbekannt Adobe AIR Adobe Systems Inc. 21.01.2010 30,7MB 1.5.3.9120 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.03.2010 10.0.45.2 notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 23.06.2010 10.1.53.64 notwendig Adobe Reader 8.1.3 Adobe Systems Incorporated 14.02.2011 85,0MB 8.1.3 notwendig Apple Application Support Apple Inc. 21.12.2010 52,7MB 1.4.1 unbekannt Apple Mobile Device Support Apple Inc. 16.11.2010 21,7MB 3.3.0.69 unbekannt Apple Software Update Apple Inc. 13.09.2010 2,26MB 2.1.2.120 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 23.05.2008 13,9MB 3.0.664.0 unbekannt Avira AntiVir Personal - Free Antivirus Avira GmbH 02.02.2011 110,0MB 10.0.0.611 notwendig Battlefield 2(TM) 20.10.2010 3.881,6MB notwendig Battlefield 2: Special Forces 20.10.2010 865,2MB notwendig Broadcom Gigabit Integrated Controller Broadcom Corporation 26.03.2008 0,80MB 10.50.08 unbekannt Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 01.02.2010 31,5MB 3.0.8619.1 unbekannt Canon Easy-WebPrint EX 27.09.2010 6,81MB notwendig Canon IJ Network Scan Utility 27.09.2010 1,05MB notwendig Canon IJ Network Tool 27.09.2010 3,15MB notwendig Canon MP Navigator EX 3.0 27.09.2010 72,3MB notwendig Canon MP560 series Benutzerregistrierung 27.09.2010 1,09MB notwendig Canon MP560 series MP Drivers 27.09.2010 327,4MB notwendig Canon Utilities Easy-PhotoPrint EX 27.09.2010 221,9MB notwendig Canon Utilities My Printer 27.09.2010 4,69MB notwendig Canon Utilities Solution Menu 27.09.2010 3,05MB notwendig Catalyst Control Center - Branding ATI 23.05.2008 0,47MB 1.00.0000 unbekannt CCleaner Piriform 21.03.2010 2,88MB 2.29 notwendig EA Download Manager Electronic Arts, Inc. 21.01.2010 25,0MB 6.0.0.93 notwendig EA Download Manager UI Electronic Arts 21.01.2010 0,72MB 6.0.0.93notwendig EE-ZDE 18.12.2008 5,30MB notwendig Empire Earth 09.02.2010 5,94MB notwendig FIFA RTWC 98 31.08.2010 109,9MB notwendig Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. 24.10.2010 12,5MB notwendig GameSpy Arcade 26.08.2008 14,5MB notwendig HDAUDIO Soft Data Fax Modem with SmartCP 23.05.2008 0,71MB unbekannt Intel(R) Matrix Storage Manager 23.05.2008 3,77MB unbekannt Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 25.01.2009 78,4MB 12.02.0000 unbekannt iTunes Apple Inc. 21.12.2010 144,8MB 10.1.1.4 notwendig Java(TM) 6 Update 23 Oracle 11.02.2011 97,1MB 6.0.230 notwendig Launch Manager 23.05.2008 3,24MB unbekannt LogMeIn Hamachi LogMeIn, Inc. 13.01.2011 3,14MB 2.0.3.89 notwendig Malwarebytes' Anti-Malware Malwarebytes Corporation 14.02.2011 4,08MB notwendig McAfee SecurityCenter McAfee, Inc. 23.03.2010 101,9MB notwendig Microsoft .NET Framework 1.1 26.09.2010 unbekannt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 22.08.2009 37,0MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21.08.2009 37,0MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 unbekannt Microsoft Office 2003 Web Components Microsoft Corporation 15.09.2010 21,7MB 11.0.8003.0 unbekannt Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 11.06.2010 17,9MB 12.0.4518.1014 unbekannt Microsoft Office Home and Student 2007 Microsoft Corporation 01.02.2010 555,4MB 12.0.6425.1000 notwendig Microsoft Office Small Business Connectivity Components Microsoft Corporation 26.03.2008 0,15MB 2.0.7024.0 unbekannt Microsoft SQL Server 2005 Microsoft Corporation 26.03.2008 236,2MB unbekannt Microsoft SQL Server Native Client Microsoft Corporation 18.03.2009 2,63MB 9.00.4035.00 unbekannt Microsoft SQL Server VSS Writer Microsoft Corporation 18.03.2009 0,68MB 9.00.4035.00 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.05.2008 2,37MB 8.0.56336 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.07.2010 0,58MB 9.0.30729.4148 unbekannt MobileMe Control Panel Apple Inc. 16.11.2010 11,9MB 3.1.4.0 unbekannt Moorhuhn Kart 2 XXL 26.08.2008 12,0MB notwendig Moorhuhn Kart Extra XXL 26.08.2008 3,51MB notwendig Moorhuhn Kart XXL 26.08.2008 2,24MB notwendig Mozilla Firefox (3.6.8) Mozilla 25.07.2010 37,3MB 3.6.8 (de) unnötig Norton Security Scan Symantec Corporation 13.05.2010 10,8MB 2.7.3.34 unnötig NTI Backup NOW! 4.7 NewTech Infosystems 26.03.2008 7,23MB 1.00.0000 unbekannt NTI CD & DVD-Maker NewTech Infosystems 26.03.2008 40,1MB 7 unbekannt NTI Shadow NewTech Infosystems 26.03.2008 7,34MB 3.7.6.37 unbekannt Pando Media Booster Pando Networks Inc. 26.09.2010 7,07MB 2.3.4.3 unbekannt PowerDVD CyberLink Corporation 23.05.2008 58,9MB 7.32.3704d.0 notwendig QuickTime Apple Inc. 21.12.2010 73,7MB 7.69.80.9 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 26.03.2008 16,0MB 6.0.1.5543 unbekannt Skype Toolbars Skype Technologies S.A. 06.01.2011 5,93MB 5.0.4137 notwendig Skype™ 5.0 Skype Technologies S.A. 06.01.2011 21,4MB 5.0.156 notwendig SPORE™ Electronic Arts 30.03.2010 101,6MB 1.02.0000 notwendig SPORE™ Süß & Schrecklich Ergänzungs-Pack Electronic Arts 30.03.2010 93,8MB 1.00.0000 notwendig Star Wars Battlefront II LucasArts 13.05.2010 4.405,3MB 1.0 notwendig Stronghold 2 Deluxe Firefly Studios 23.07.2009 1.188,7MB 1.40.100 notwendig SUPERAntiSpyware Free Edition SUPERAntiSpyware.com 23.03.2010 29,9MB 4.34.0.1000 notwendig Synaptics Pointing Device Driver Synaptics 26.03.2008 13,6MB 10.0.15.0 unbekannt Texas Instruments PCIxx21/x515/xx12 drivers. Texas Instruments Inc. 26.03.2008 0,94MB 2.00.0002 unbekannt Tunngle beta Tunngle.net GmbH 11.05.2010 7,99MB notwendig Uninstall 1.0.0.1 24.10.2010 30,8MB unbekannt Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 18.03.2009 36,4MB 9.00.4035.00 unbekannt VoiceOver Kit Apple Inc. 31.03.2010 35,7MB 1.30.128.0 unbekannt WIDCOMM Bluetooth Software 6.1.0.2000 Broadcom Corporation 23.05.2008 41,9MB 6.1.0.2000 unbekannt WinRAR 15.12.2009 3,82MB notwendig |
|
15.02.2011, 16:45
| #14 |
| /// Malware-holic | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung deinstaliere Adobe Reader 8 ersetzen: Adobe - Adobe Reader herunterladen - Alle Versionen bitte den mcafee security scan nicht mit instalieren. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. Launch Manager McAfee SecurityCenter du hast 2 antiviren programme drauf, das ist nicht gut, deinstaliere avra oder mcafee teile mir mit welches. Microsoft Office das ist excel, word etc falls nicht nötig alles weg. Microsoft SQL Server alle Mozilla Firefox Norton Security Scan QuickTime Skype Toolbars toolbars sind ein sicherheitsrisiko, weg damit, skype läuft auch ohne. Unterstützungsdateien für das Microsoft SQL Server-Setup VoiceOver Kit bereinige mit dem CCleaner dateien + registry.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 17:20
| #15 |
| | Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung So ich habe alles gemacht, ich habe Mac Afee deinstalliert alles andere auch. dann habe ich bereinigt und neugestartet. |
|
| Themen zu Unterschiedliche Prozesse führen zu äußerst hoher CPU-Auslastung |
| 100%, anti-malware, appdata, arbeitet, bis zu 100%, brauche, computer, cpu-auslastung, dateien, ergebnis, erkennen, explorer, folge, folgendes, foren, hintergrund, minute, problem, programme, prozesse, roaming, scan, service, taskmanager, thema, version |
Linear-Darstellung
