| |
| |||||||
Log-Analyse und Auswertung: win32killAV-ahy von avast-antivir erkannt - was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2011, 22:07
| #1 |
| |  win32killAV-ahy von avast-antivir erkannt - was nun? hallo, liebe community! erstmal glückwunsch zu eurem forum, die threads, die ich bisher gelesen habe, zeugen von eurer fachkompetenz und eurer hilfsbereitschaft, klasse! zu meinem problem(chen): nach dem gestrigen hochfahren meines lappies kam eine warnmeldung von avast!, die mir mitteilte, es hätte den rootkit win32:killAV-AHY in zwei dateien entdeckt und in quarantäne gestellt. leider versteh ich die logfunktion bei avast! nicht (gibts überhaupt eine?!?), daher von hand: dateiname und -ort: S-1-5-21-3777084760-1419628056-2041107218-1000_UserData.bin in C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d} und ShutdownPerformanceDiagnostics_SystemData.bin in C:\Windows\System32\WDI wie gesagt, diese beiden dateien wurde unter quarantäne gesetzt und da verweilen sie bis jetzt, da ich gestern keine zeit hatte mich darum zu kümmern. dann bin ich heute im zuge meiner recherchen auf euer forum gestoßen und hab mit Malwarebytes zwei durchläufe gemacht, einen quick, einen vollständig, aber ohne ergebnisse, siehe hier: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6625
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
20.05.2011 14:50:43
mbam-log-2011-05-20 (14-50-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159676
Laufzeit: 6 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6627
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
20.05.2011 18:32:23
mbam-log-2011-05-20 (18-32-23).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 294890
Laufzeit: 1 Stunde(n), 15 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
dumme frage: was soll ich tun?!?  im voraus vielen dank für eure hilfe! lg, marius EDIT: mir ist noch was eingefallen: war vor kurzem auf tournee und am abreisetag kam beim hochfahren meines ansonsten wirklich gut gepflegten windows ein bluescreen nach dem booten, auch die internetlags nahmen zu, obwohl ich per cfos keinen erhöhten traffic erkennen kann.. systemperformance kann ich ansonsten schlecht abschätzen, da mein lappie schon 4 jahre auf dem buckel hat und ich daher an schwindende performance gewähnt bin :-) nochmals danke im voraus! Geändert von MerV (20.05.2011 um 22:13 Uhr) |
|
21.05.2011, 12:03
| #2 |
| /// Malware-holic   |  win32killAV-ahy von avast-antivir erkannt - was nun? hi, sorry, bei "gut gepflegt" kann ich nur lachen.
__________________Windows 6.0.6000 Internet Explorer 7.0.6000.17037 dein windows hat laut diesen angaben noch nie updates gesehen, wo sind zb die servicepacks? aber das machen wir später. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
21.05.2011, 15:59
| #3 |
| | win32killAV-ahy von avast-antivir erkannt - was nun? hi,
__________________erstmal danke für deine hilfe! ein wort zu den updates: hab seit anbeginn die automatischen windowsupdates aktiviert (allerdings nur für windows) und laut updateverlauf auch regelmäßig bis heute alle 3,4 tage updates erhalten, nur das service pack 1 für vista ging nicht, hab aber gestern den DataStore ordner gelöscht und siehe da, es hat jetzt (endlich) geklappt.. hab jetzt alles ausgeführt wie verlangt, hier die logfiles: Code:
ATTFilter OTL logfile created on: 21.05.2011 16:20:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): d:\pagefile.sys 3072 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 27,83 Gb Total Space | 8,13 Gb Free Space | 29,21% Space Free | Partition Type: NTFS Drive D: | 121,21 Gb Total Space | 35,05 Gb Free Space | 28,92% Space Free | Partition Type: NTFS Computer Name: SUCKMYROCKET | User Name: Marius Gussmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Anwendungen\firefox 2.0.11\firefox.exe (Mozilla Corporation) PRC - D:\Anwendungen\avast! Antivirus\AvastUI.exe (AVAST Software) PRC - D:\Anwendungen\avast! Antivirus\AvastSvc.exe (AVAST Software) PRC - D:\Anwendungen\cfos speed\spd.exe (cFos Software GmbH) PRC - D:\Anwendungen\cfos speed\cfosspeed.exe (cFos Software GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Anwendungen\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - D:\Anwendungen\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - D:\Anwendungen\avast! Antivirus\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Antivirus) -- D:\Anwendungen\avast! Antivirus\AvastSvc.exe (AVAST Software) SRV - (cFosSpeedS) -- D:\Anwendungen\cfos speed\spd.exe (cFos Software GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (cFosSpeed) -- C:\Windows\System32\drivers\cfosspeed.sys (cFos Software GmbH) DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider) DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider) DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.at" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Anwendungen\RealPlayer 11\browserrecord [2008.02.26 21:52:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Anwendungen\avast! Antivirus\WebRep\FF [2011.03.20 13:51:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Anwendungen\firefox 2.0.11\components [2011.05.01 11:44:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Anwendungen\firefox 2.0.11\plugins [2011.05.15 12:24:45 | 000,000,000 | ---D | M] [2008.10.17 14:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius Gussmann\AppData\Roaming\mozilla\Extensions [2011.05.21 13:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius Gussmann\AppData\Roaming\mozilla\Firefox\Profiles\n68u5dnk.default\extensions File not found (No name found) -- () (No name found) -- C:\USERS\MARIUS GUSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N68U5DNK.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}.XPI () (No name found) -- C:\USERS\MARIUS GUSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N68U5DNK.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI () (No name found) -- C:\USERS\MARIUS GUSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N68U5DNK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MARIUS GUSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N68U5DNK.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2009.08.09 14:34:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.03.20 13:51:56 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\ANWENDUNGEN\AVAST! ANTIVIRUS\WEBREP\FF [2008.11.03 13:59:31 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008.12.03 08:35:57 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.17 12:52:46 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.02.08 16:33:35 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.05 10:38:39 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.19 10:46:15 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.27 12:58:51 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.31 11:03:00 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.14 11:07:05 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.28 11:53:19 | 000,000,000 | ---D | M] (Java Console) -- D:\ANWENDUNGEN\FIREFOX 2.0.11\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} O1 HOSTS File: ([2009.04.16 16:16:57 | 000,305,200 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10510 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Anwendungen\RealPlayer 11\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Anwendungen\avast! Antivirus\aswWebRepIE.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Anwendungen\avast! Antivirus\aswWebRepIE.dll () O4 - HKLM..\Run: [avast] D:\Anwendungen\avast! Antivirus\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [cFosSpeed] D:\Anwendungen\cfos speed\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [VirtualCloneDrive] D:\Anwendungen\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000..\Run: [DAEMON Tools Lite] D:\Anwendungen\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-21-3777084760-1419628056-2041107218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1305978133378 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Marius Gussmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Marius Gussmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4423e17c-1f87-11de-bd94-001060d07533}\Shell - "" = AutoRun O33 - MountPoints2\{4423e17c-1f87-11de-bd94-001060d07533}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{682c4966-1640-11e0-a33e-001060d07533}\Shell - "" = AutoRun O33 - MountPoints2\{682c4966-1640-11e0-a33e-001060d07533}\Shell\AutoRun\command - "" = H:\DPFMate.exe O33 - MountPoints2\{862266e6-1eee-11e0-9931-001060d07533}\Shell - "" = AutoRun O33 - MountPoints2\{862266e6-1eee-11e0-9931-001060d07533}\Shell\AutoRun\command - "" = H:\DPFMate.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Free Download Manager - hkey= - key= - File not found MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - D:\Anwendungen\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.21 12:23:58 | 000,000,000 | ---D | C] -- C:\PerfLogs [2011.05.20 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Marius Gussmann\AppData\Roaming\Malwarebytes [2011.05.20 14:43:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.20 14:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.20 14:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.20 14:43:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.15 12:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.05.15 12:30:52 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2011.05.15 12:30:49 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2011.05.15 12:30:49 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2011.05.15 12:30:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2011.05.15 12:30:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2011.05.15 12:24:31 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2011.05.14 22:35:34 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.14 00:24:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.05.14 00:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.05 02:03:45 | 000,000,000 | ---D | C] -- C:\Users\Marius Gussmann\4.0 [2011.05.05 02:03:44 | 000,000,000 | ---D | C] -- C:\Users\Marius Gussmann\.tfo4 [2008.05.12 07:57:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marius Gussmann\AppData\Roaming\pcouffin.sys [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.21 16:11:40 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.21 15:55:32 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.21 15:55:32 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.21 15:47:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.21 14:01:17 | 000,647,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.21 14:01:17 | 000,612,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.21 14:01:17 | 000,126,630 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.21 14:01:17 | 000,104,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.21 13:58:30 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.21 13:55:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.21 13:47:50 | 000,001,855 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.21 12:33:34 | 000,367,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.21 12:01:26 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011.05.21 12:01:17 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011.05.20 14:43:19 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.15 12:24:45 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.05.14 22:35:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.14 00:24:05 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.02 22:57:36 | 000,184,832 | ---- | M] () -- C:\Users\Marius Gussmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.20 14:43:19 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.15 12:30:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.05.15 12:24:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2011.05.15 12:24:45 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.05.14 00:24:05 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.03.19 17:20:57 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.03.21 13:42:20 | 001,692,288 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2010.03.21 13:42:20 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2010.03.21 13:42:20 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2010.03.21 13:42:20 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2010.03.21 13:42:20 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2010.02.21 16:06:42 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2009.12.23 23:57:30 | 000,000,536 | ---- | C] () -- C:\Windows\eReg.dat [2009.11.03 16:40:28 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.11.03 16:40:15 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.17 15:26:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.05.17 13:55:22 | 000,000,604 | ---- | C] () -- C:\Windows\Edofma.INI [2008.05.12 07:57:51 | 000,087,608 | ---- | C] () -- C:\Users\Marius Gussmann\AppData\Roaming\inst.exe [2008.05.12 07:57:51 | 000,007,887 | ---- | C] () -- C:\Users\Marius Gussmann\AppData\Roaming\pcouffin.cat [2008.05.12 07:57:51 | 000,001,144 | ---- | C] () -- C:\Users\Marius Gussmann\AppData\Roaming\pcouffin.inf [2008.04.06 22:48:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.03.21 05:35:46 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.01.21 00:57:43 | 000,000,034 | ---- | C] () -- C:\Windows\System32\oeminfo.ini [2008.01.21 00:46:44 | 000,001,855 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.01.18 12:16:43 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.01.18 12:16:43 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.01.18 11:21:01 | 000,022,328 | ---- | C] () -- C:\Users\Marius Gussmann\AppData\Roaming\PnkBstrK.sys [2008.01.18 11:20:43 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.01.18 11:20:42 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2008.01.17 23:25:39 | 000,184,832 | ---- | C] () -- C:\Users\Marius Gussmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.17 21:14:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.17 20:17:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.01.17 19:52:10 | 000,001,356 | ---- | C] () -- C:\Users\Marius Gussmann\AppData\Local\d3d9caps.dat [2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2007.10.12 01:02:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.08.08 18:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys [2007.07.16 13:37:40 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 17:33:31 | 000,647,692 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,630 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,367,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,612,656 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,594 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2008.02.15 11:41:16 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Ashampoo [2009.06.01 20:06:36 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\avidemux [2008.02.14 22:23:16 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\DAEMON Tools [2010.10.06 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\FileZilla [2011.03.17 00:23:40 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\gtk-2.0 [2008.05.05 18:00:45 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Leadertech [2009.06.02 01:43:56 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Pegasys Inc [2009.04.07 19:38:24 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\PPLive [2009.04.07 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\PPMate [2010.04.06 15:11:12 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\QuickScan [2010.08.23 22:25:06 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Simple Sudoku [2011.04.05 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Spacejock Software [2011.01.10 21:39:29 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\TeamViewer [2011.03.20 02:04:24 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Tobit [2009.12.20 21:55:17 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\TS3Client [2008.05.05 10:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\TuneUp Software [2008.05.25 15:27:42 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Vso [2011.05.21 13:47:48 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.26 21:15:32 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Adobe [2008.01.17 23:56:26 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Ahead [2008.01.25 16:03:36 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Apple Computer [2008.02.15 11:41:16 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Ashampoo [2008.01.17 20:17:47 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\ATI [2010.03.26 21:47:11 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\atitray [2009.06.01 20:06:36 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\avidemux [2008.02.14 22:23:16 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\DAEMON Tools [2010.05.09 21:17:08 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\DivX [2011.03.03 17:23:37 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\dvdcss [2010.10.06 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\FileZilla [2008.06.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Google [2011.03.17 00:23:40 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\gtk-2.0 [2008.01.17 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Identities [2008.01.17 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\InstallShield [2008.05.05 18:00:45 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Leadertech [2008.01.18 10:57:38 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Macromedia [2011.05.20 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Media Center Programs [2011.03.02 10:30:30 | 000,000,000 | --SD | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Microsoft [2008.10.17 14:11:53 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Mozilla [2009.06.02 01:43:56 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Pegasys Inc [2009.04.07 19:38:24 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\PPLive [2009.04.07 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\PPMate [2010.04.06 15:11:12 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\QuickScan [2010.02.08 15:19:36 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Real [2008.01.29 13:52:09 | 000,000,000 | R--D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\SecuROM [2010.08.23 22:25:06 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Simple Sudoku [2011.05.21 00:53:15 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Skype [2010.12.12 01:02:24 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\skypePM [2011.04.05 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Spacejock Software [2009.10.19 03:19:39 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\teamspeak2 [2011.01.10 21:39:29 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\TeamViewer [2011.03.20 02:04:24 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Tobit [2009.12.20 21:55:17 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\TS3Client [2008.05.05 10:17:03 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\TuneUp Software [2009.03.11 20:10:30 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\vlc [2008.05.25 15:27:42 | 000,000,000 | ---D | M] -- C:\Users\Marius Gussmann\AppData\Roaming\Vso < %APPDATA%\*.exe /s > [2008.05.25 15:27:41 | 000,087,608 | ---- | M] () -- C:\Users\Marius Gussmann\AppData\Roaming\inst.exe [2009.03.29 02:44:15 | 000,010,134 | R--- | M] () -- C:\Users\Marius Gussmann\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe [2010.04.05 10:32:21 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marius Gussmann\AppData\Roaming\Real\Update\setup3.10\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.21 00:52:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.03.21 00:52:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.03.21 00:52:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.03.21 00:57:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.03.21 00:57:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.02.12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.02.12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2007.02.12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.02.12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2008.03.01 10:47:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.03.01 10:47:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.02.14 22:23:28 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007.10.12 01:02:10 | 000,356,352 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2008.01.19 00:34:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2008.01.19 00:34:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.05.2011 16:20:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): d:\pagefile.sys 3072 5000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27,83 Gb Total Space | 8,13 Gb Free Space | 29,21% Space Free | Partition Type: NTFS
Drive D: | 121,21 Gb Total Space | 35,05 Gb Free Space | 28,92% Space Free | Partition Type: NTFS
Computer Name: SUCKMYROCKET | User Name: Marius Gussmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-3777084760-1419628056-2041107218-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Anwendungen\firefox 2.0.11\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Anwendungen\VLC 0.9.8a\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Anwendungen\VLC 0.9.8a\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Anwendungen\PPMate\ppmate.exe" = D:\Anwendungen\PPMate\ppmate.exe:*:Enabled:PPMate
"D:\Anwendungen\PPMate\ppamnet.exe" = D:\Anwendungen\PPMate\ppamnet.exe:*:Enabled:PPMate
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E1573FA-D408-4461-B2BA-FB3144CCCFCA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2853B3EA-A895-4D2D-B607-A900B99B6236}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34A65AAF-43C6-452A-8986-36CAA5225985}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35CDB942-510D-4332-B50C-5A92C24C3D33}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3906B6B2-C126-4810-9169-C0300A70BD4B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3D65AA59-7577-468A-A6E1-F38AE4B5940F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{47660F0A-B51D-4EE2-83AB-835D9A63C1EB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{55C060CE-1DCB-4EED-8065-06E409DFB5C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5F2C0F83-19DB-461B-A9D4-C852E083B7FF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5FFC3E28-E7EC-4BD1-AF89-6843EEFA1EF8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{68502382-5329-4EB6-AD54-FD3E3051D5E6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6E617222-CD3C-4FCE-A850-2D25F2513656}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{70D1AA70-2531-46FE-91D6-8C57B923119F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9801D9AC-4F08-460F-A1ED-AD8C3E18610E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{99518E3B-E0A8-40EA-9E91-72EA50B06CA0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B3808B6A-0621-49D3-AD3A-EBC64BEC4731}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B85B8FCB-DD0F-4604-B226-5F1B96209C18}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BF6D3444-8749-4EA7-8721-BAF219F29FC3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C83B425D-8259-4BB7-85B7-89630139AC9D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{EDDC3042-7A02-425D-8BC2-598D41EE8077}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F2131B62-0059-4543-9A0B-69EBC841E412}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F66F56F9-4ECA-4330-B51A-F36442E5E7D9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA0093E-951C-4775-B005-07AD21CD6BEB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0E46052A-71A0-4CB3-8F77-9210C7EC0398}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{12202631-280A-417B-84FB-986D0E8DAE20}" = protocol=17 | dir=in | app=d:\anwendungen\teamviewer6\teamviewer_service.exe |
"{18524573-B3C6-43EF-A39A-070F71B3FE72}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{19079853-1845-423E-9B53-96D7E399C794}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1B5F4F69-8EAC-4309-8CCA-D62654109CF8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{211B357A-C5AA-40D5-9A75-6C3A61E4E79F}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{22B4BAA6-1ECE-4F7F-AE00-8ED6FFC488E9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{284FEA72-6BD9-4039-92BA-068814CA12CE}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{2AE4574B-8C25-4A7E-B03E-ADDFE1AD4329}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3C924C27-2ABB-44B6-A6DD-FCA455A996DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D8B587D-5119-48C7-8DA6-B533BE371B61}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3FCB5D41-0F96-4D53-8B0A-6493F126CF1B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B2FDB4F-1AB0-462E-A078-1EE687EAD0C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4C1AC002-C639-4713-AC7E-C886EC8F5D4B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4DB8E60C-50D0-4E12-A967-967EE8B43992}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{550562B4-E127-4CB0-BC6B-C057516C8F85}" = protocol=6 | dir=in | app=d:\anwendungen\tobit radio.fx\client\rfx-client.exe |
"{59301E30-DABC-4A40-BF00-2F0A3CFE52DC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5A870DEB-56D7-4E23-A599-DD6150210801}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5CB3CCAE-6747-4C2C-88C5-737F19A2D1FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5CC4563B-9431-45FD-93A3-17639732B5E9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{603A676D-110A-4BA6-95A1-01ED05398217}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{62BCC21D-D9F7-45B3-8291-AB9482C9E798}" = protocol=6 | dir=in | app=d:\anwendungen\teamviewer6\teamviewer_service.exe |
"{6446164D-B975-4BE4-A4AE-0E2CF9227E32}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6583A0E4-8324-45DA-955E-6DFCE3E07405}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6EFD60E2-27F5-4E48-A1FD-8CFC368E7E30}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{715862FE-457B-438A-B87C-C61B4D9A3D6D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{716C1D54-49BB-4C67-A24F-4E0E6DF249A3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7440AE72-C9F0-4D9B-B502-E39E70B9558C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{799A8695-D520-44F0-BFF6-850C6D7AA013}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7A7020E2-0E85-4BAA-92CA-22D93005938D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7AD258A7-8208-4155-89F4-2FF0064CC832}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EB10364-7EB2-45B8-801B-FEE5BFE3E9BC}" = protocol=17 | dir=in | app=d:\anwendungen\tobit radio.fx\client\rfx-client.exe |
"{877C5B99-D4D3-4365-9FE7-40D772ABAD1E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{877D8BAC-1F9C-404B-9708-9EDCC0CB2CE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91C67273-3DCF-4A38-8E78-C8652EE73111}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93CEF1D1-1DF2-4667-A02A-C5E83E90E623}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{98F5E66D-4008-4D43-B3D3-4B30F28A73B9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9D1053CC-3857-4358-8632-267DA57EA719}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E035502-0080-492B-9BA7-68FA60CB0556}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F08F04C-619D-4462-A6F6-60858E653BF0}" = protocol=17 | dir=in | app=d:\anwendungen\teamviewer6\teamviewer.exe |
"{A09B467F-F8E5-43DD-95CD-E36CF8668A75}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A5A7CA21-F308-46B2-8C31-32412E0E776B}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{ADE9EFD2-B57B-4103-9CBB-716D4FEA3C46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B3D1D8F6-2FA3-4D47-AD42-3AA76540822D}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{B888AE74-D172-463D-8C62-8A98BAB04921}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{BD833AA0-9B22-426B-9778-8E762AF8AEEE}" = protocol=6 | dir=in | app=d:\anwendungen\tobit radio.fx\server\rfx-server.exe |
"{BE6A8BB2-8FA3-4643-A099-0C727295FAA5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BFA98891-E03C-405C-B060-5AC669104AAB}" = protocol=17 | dir=in | app=d:\anwendungen\tobit radio.fx\server\rfx-server.exe |
"{C2335CE1-F94B-423B-9989-B993BAE3A916}" = protocol=6 | dir=in | app=d:\anwendungen\teamviewer6\teamviewer.exe |
"{C36CB964-005B-4085-BADD-A1DA7B9026AA}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{C3CA2C0F-315C-47AB-B0EF-4B0AE7391D0A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4851DE8-10A9-4558-843F-C835683AE50C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4E894FB-DEF6-496F-9A16-860B7E24AE21}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CF38034E-A026-4D61-89D2-0580F7A772A4}" = protocol=6 | dir=in | app=d:\anwendungen\steam\steam.exe |
"{D18ED1B2-61E6-4198-85F1-86C5A8877CF0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DFA64EF3-5693-4D29-AA5B-F68470B32CF4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E0955A95-ACF5-465F-A236-C1CDCCF4877D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E55E4AB0-3A45-4C97-9C85-26C13F9253A0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EB0EC76E-4E50-4B9E-A953-26E95229BA91}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED4857AB-BDAB-4AD3-B1F8-E0EDC6E9ECAF}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{EE9DE772-B673-4902-A993-11AB407B7ED6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F062C963-9F63-49B8-A1DA-E8E5D8006C8B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FA6BDA22-240D-49ED-A6F5-A34F255A72E9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FA6E153F-EAF4-480F-83E0-4FAEDFD632A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FB5F9A08-A525-462C-8E59-3CC5E30F057C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FD932CB5-F22E-46C9-8822-75105469FD93}" = protocol=17 | dir=in | app=d:\anwendungen\steam\steam.exe |
"TCP Query User{1310AD8B-3963-4D5D-98BC-C77E6565E29F}D:\anwendungen\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\anwendungen\sopcast\sopcast.exe |
"TCP Query User{30FEE4FB-9714-42CA-AB3B-E5049ACE0BD9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{31238375-0452-466B-AB07-432AD69FA58D}D:\anwendungen\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\anwendungen\sopcast\sopcast.exe |
"TCP Query User{6EABA32E-8165-43A7-A52A-89E2DD490386}D:\anwendungen\steam\steamapps\common\zero gear\server\iw4mp.exe" = protocol=6 | dir=in | app=d:\anwendungen\steam\steamapps\common\zero gear\server\iw4mp.exe |
"TCP Query User{7C6AB2EB-5DCA-4969-8760-347C0EB8694C}D:\spiele\cod4\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele\cod4\iw3mp.exe |
"TCP Query User{9E33F7F2-3D8F-4A2B-9A4A-DFED130BF409}D:\anwendungen\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\anwendungen\xfire\xfire.exe |
"TCP Query User{9EE48DB3-DF31-47C1-942A-DA92A6CDA29F}D:\anwendungen\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\anwendungen\sopcast\adv\sopadver.exe |
"TCP Query User{A37D7B6F-DE9B-4DE0-BAC2-A0409DF7A53A}D:\anwendungen\firefox 2.0.11\firefox.exe" = protocol=6 | dir=in | app=d:\anwendungen\firefox 2.0.11\firefox.exe |
"TCP Query User{D1958135-A1AC-45BE-9765-AC7FF796CC93}D:\anwendungen\qtactix\gtactix.exe" = protocol=6 | dir=in | app=d:\anwendungen\qtactix\gtactix.exe |
"TCP Query User{D2EB292B-4211-4B7E-89B9-46E28058A767}D:\anwendungen\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\anwendungen\sopcast\adv\sopadver.exe |
"TCP Query User{D7519C16-7612-4890-9C4A-99F7576EC270}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DDB788F4-2C49-4A12-B9C5-BA22534F1DF4}D:\anwendungen\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\anwendungen\xfire\xfire.exe |
"TCP Query User{E6E436C7-E60F-4C83-AE2E-47E9EBE4F3A0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{ED536892-DF89-4B82-8183-87ADD69A184E}D:\anwendungen\realplayer 11\realplay.exe" = protocol=6 | dir=in | app=d:\anwendungen\realplayer 11\realplay.exe |
"TCP Query User{FA7E04DB-D5C5-46CB-9A5A-6F69A9CA85F5}C:\program files\common files\synacast\synalive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\common files\synacast\synalive\pplive.exe |
"UDP Query User{0585B967-E22C-4254-9728-ABF4C08C5012}D:\anwendungen\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\anwendungen\xfire\xfire.exe |
"UDP Query User{0DB9DEC7-D58A-4BE3-BE3C-5EAD07AFD4F4}D:\spiele\cod4\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele\cod4\iw3mp.exe |
"UDP Query User{2BCC9577-0EBC-4144-ABBA-9311360BB23D}D:\anwendungen\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\anwendungen\xfire\xfire.exe |
"UDP Query User{35F204B8-9307-4682-807B-7A68A2F0EE0F}C:\program files\common files\synacast\synalive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\common files\synacast\synalive\pplive.exe |
"UDP Query User{39DE1EBF-E396-4414-8656-50816C52A466}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5691B010-59D9-4B82-BE01-CD81E437F58C}D:\anwendungen\realplayer 11\realplay.exe" = protocol=17 | dir=in | app=d:\anwendungen\realplayer 11\realplay.exe |
"UDP Query User{6DD71F4D-55F6-402B-BA8B-59EF6EC50B61}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{89546CBF-A1E0-45F1-969A-20CFF99E093B}D:\anwendungen\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\anwendungen\sopcast\sopcast.exe |
"UDP Query User{8ABC39E6-8082-4ABA-8BA2-BDA3F1FD9411}D:\anwendungen\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\anwendungen\sopcast\adv\sopadver.exe |
"UDP Query User{981F157D-2707-444C-AA1E-5D95A2072B2F}D:\anwendungen\firefox 2.0.11\firefox.exe" = protocol=17 | dir=in | app=d:\anwendungen\firefox 2.0.11\firefox.exe |
"UDP Query User{A372DC1D-348D-4D8B-B24E-C9A95DFF1B23}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AB285ACC-A8A3-4947-A338-2EE4198EC7EB}D:\anwendungen\steam\steamapps\common\zero gear\server\iw4mp.exe" = protocol=17 | dir=in | app=d:\anwendungen\steam\steamapps\common\zero gear\server\iw4mp.exe |
"UDP Query User{D4DA3548-B3CB-4C30-90B1-B526112CE220}D:\anwendungen\qtactix\gtactix.exe" = protocol=17 | dir=in | app=d:\anwendungen\qtactix\gtactix.exe |
"UDP Query User{D54DEE17-08FF-402D-9512-88A9E91D7B5F}D:\anwendungen\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\anwendungen\sopcast\adv\sopadver.exe |
"UDP Query User{F4379C37-5F54-4F0C-9571-DB1A49941290}D:\anwendungen\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\anwendungen\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03AEE2B3-F368-E3A8-9EBB-4465FED5ECCF}" = CCC Help Japanese
"{0D32CEAA-E78B-9E26-582F-D2261E440C11}" = Catalyst Control Center Localization Chinese Traditional
"{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5
"{1CD220E7-1512-A5E1-327F-9607587B75AD}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{2ED7986A-FFCF-7CE8-8714-10FADD57F93E}" = CCC Help Dutch
"{3569D31A-9079-9242-5506-72E724897CCE}" = CCC Help Chinese Traditional
"{3E5948BC-A071-3C35-7DC4-31F5F293F35B}" = Catalyst Control Center Graphics Full New
"{418E2CBE-A6E4-7391-ABA0-B57CC95FB00A}" = Catalyst Control Center Localization Chinese Standard
"{42C5F6CE-D945-995C-033A-8401107567FA}" = CCC Help Spanish
"{43EA3C14-C1F7-A093-1F4D-362A09F9A63B}" = CCC Help German
"{44135984-1326-48ED-8071-BE0626892362}" = Catalyst Control Center Localization Italian
"{462F002C-0A03-6C5F-3475-228396D8F2AB}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5375B71B-6413-0C4D-9EDF-B059FECF66F7}" = CCC Help Swedish
"{5A66C68A-42E6-BB9E-2EC7-5C170DD944E9}" = Catalyst Control Center Localization Dutch
"{5B622752-7D0C-D1F6-85FC-7CD5604E6FA2}" = Catalyst Control Center Localization Swedish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6BB19E5E-2AD7-B464-3B80-FB0CD8C504FB}" = Catalyst Control Center Graphics Full Existing
"{71DAE231-77A6-A1A9-EE96-E2C965988C54}" = Catalyst Control Center Localization French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B9678F-E73B-E49F-4E21-EB5C839A1503}" = CCC Help Italian
"{763A5318-9657-9D47-3750-59DC1B00315E}" = CCC Help Chinese Standard
"{7C379BEF-4E12-3224-B2E8-513363B99181}" = ccc-utility
"{7DD05E71-618C-4494-A2BD-9C0B2FC6ADEE}" = Tele2 Internet
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8AC6C353-E7E2-163C-5C77-4D71F3A02443}" = CCC Help French
"{8E4E938B-3D60-4F44-4E0A-CBC4259D96F9}" = CCC Help English
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95ED7549-7C66-A618-3100-B6999F6A79A4}" = Catalyst Control Center Localization German
"{960EED1D-8F37-9EF5-C2F2-19C19983658B}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E55D626-6CC8-780C-248E-486574EB08B7}" = CCC Help Korean
"{A471D44A-03B3-7D4D-D302-00430F5E992A}" = Catalyst Control Center Localization Portuguese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC80104-036E-6193-566F-4308420A4005}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B71ACC25-ED80-056C-8184-F3A282F00818}" = Catalyst Control Center Localization Japanese
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{D8CF7C31-55A2-03EA-4998-89B44D559BBD}" = CCC Help Portuguese
"{D984A737-6615-4C2C-8A0D-B7A56B06C3A0}" = inSSIDer 2.0
"{DEE7AE5E-A8D1-05CF-5383-E5DC68486A54}" = Skins
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E8673265-836F-796B-4923-27EC0D563810}" = Catalyst Control Center Localization Spanish
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F252645C-3259-9DCC-C235-64562E08E868}" = Catalyst Control Center Localization Korean
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 6 Advanced_is1" = Ashampoo Burning Studio 6 Advanced
"avast" = avast! Free Antivirus
"cFosSpeed" = cFosSpeed v4.50
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Foto-Mosaik_is1" = Foto-Mosaik 4.1.0
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"klvideoconvert_is1" = K-Lite Video Conversion Pack 1.4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"OpenAL" = OpenAL
"RealPlayer 6.0" = RealPlayer
"SereneScreen Marine Aquarium Crystal_is1" = SereneScreen Marine Aquarium Crystal
"Simple Sudoku_is1" = Simple Sudoku 4.2
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SopCast" = SopCast 3.3.2
"Tele2 Internet" = Tele2 Internet
"Uninstall_is1" = Uninstall 1.0.0.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.8a
"WinGimp-2.0_is1" = GIMP 2.6.5
"xp-AntiSpy" = xp-AntiSpy 3.96-7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3777084760-1419628056-2041107218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2011 05:44:56 | Computer Name = SuckMyRocket | Source = VSS | ID = 8194
Description =
Error - 21.05.2011 06:26:17 | Computer Name = SuckMyRocket | Source = WerSvc | ID = 5007
Description =
Error - 21.05.2011 06:34:42 | Computer Name = SuckMyRocket | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2011 06:34:42 | Computer Name = SuckMyRocket | Source = SecurityCenter | ID = 4
Description = Es konnten keine Instanzen von FirewallProduct aus der WMI geladen
werden.
Error - 21.05.2011 06:34:42 | Computer Name = SuckMyRocket | Source = SecurityCenter | ID = 5
Description = Es konnten keine Instanzen von AntiVirusProduct aus der WMI geladen
werden.
Error - 21.05.2011 06:34:42 | Computer Name = SuckMyRocket | Source = SecurityCenter | ID = 6
Description = Es konnten keine Instanzen von AntiSpywareProduct aus der WMI geladen
werden.
Error - 21.05.2011 06:40:36 | Computer Name = SuckMyRocket | Source = ESENT | ID = 215
Description = WinMail (4016) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 21.05.2011 07:17:53 | Computer Name = SuckMyRocket | Source = Steam Client Service | ID = 1
Description =
Error - 21.05.2011 07:20:56 | Computer Name = SuckMyRocket | Source = VSS | ID = 8194
Description =
Error - 21.05.2011 07:47:22 | Computer Name = SuckMyRocket | Source = EventSystem | ID = 4621
Description =
[ Media Center Events ]
Error - 16.04.2008 13:13:30 | Computer Name = SuckMyRocket | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 12.02.2011 13:36:17 | Computer Name = SuckMyRocket | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21467
seconds with 11520 seconds of active time. This session ended with a crash.
Error - 12.02.2011 13:53:39 | Computer Name = SuckMyRocket | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 922
seconds with 720 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.05.2011 10:25:51 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7023
Description =
Error - 21.05.2011 10:25:51 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2011 10:26:53 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7023
Description =
Error - 21.05.2011 10:26:53 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2011 10:26:54 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7023
Description =
Error - 21.05.2011 10:26:54 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2011 10:26:54 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7023
Description =
Error - 21.05.2011 10:26:54 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7001
Description =
Error - 21.05.2011 10:47:52 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7023
Description =
Error - 21.05.2011 10:47:52 | Computer Name = SuckMyRocket | Source = Service Control Manager | ID = 7001
Description =
< End of report >
lg, marius |
|
21.05.2011, 16:29
| #4 |
| /// Malware-holic | win32killAV-ahy von avast-antivir erkannt - was nun? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2011, 00:04
| #5 |
| | win32killAV-ahy von avast-antivir erkannt - was nun? erledigt. und nochmals danke! Code:
ATTFilter ComboFix 11-05-21.03 - Marius Gussmann 22.05.2011 0:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1158 [GMT 2:00]
ausgeführt von:: c:\users\Marius Gussmann\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\log.tmp
c:\users\Marius Gussmann\AppData\Roaming\inst.exe
c:\users\Marius Gussmann\AppData\Roaming\Microsoft\Windows\Cookies\Index_9FC2302B.dat
c:\users\Marius Gussmann\AppData\Roaming\Microsoft\Windows\Cookies\Index_FEAF72BD.dat
c:\users\Marius Gussmann\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_9FC2302B.dat
c:\users\Marius Gussmann\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_FEAF72BD.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-21 bis 2011-05-21 ))))))))))))))))))))))))))))))
.
.
2011-05-21 22:55 . 2011-05-21 22:55 -------- d-----w- c:\users\Marius Gussmann\AppData\Local\temp
2011-05-21 20:34 . 2011-05-21 20:35 -------- d-----w- c:\programdata\Skype Extras
2011-05-21 15:55 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-21 15:55 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-21 15:55 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-21 15:55 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-21 15:55 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-21 15:43 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-05-21 15:42 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-05-21 12:28 . 2011-05-21 12:28 -------- d-----w- c:\users\Daily
2011-05-21 10:23 . 2011-05-21 10:23 -------- d-----w- C:\PerfLogs
2011-05-21 09:26 . 2011-05-21 09:26 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-20 12:43 . 2011-05-20 12:43 -------- d-----w- c:\users\Marius Gussmann\AppData\Roaming\Malwarebytes
2011-05-20 12:43 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 12:43 . 2011-05-20 12:43 -------- d-----w- c:\programdata\Malwarebytes
2011-05-20 12:43 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 10:26 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26FADFDE-5260-4139-B10E-77019F60DD1B}\mpengine.dll
2011-05-15 10:30 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-15 10:30 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-05-15 10:30 . 1998-07-06 15:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2011-05-15 10:30 . 1998-07-06 15:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2011-05-15 10:30 . 1998-07-06 15:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2011-05-15 10:30 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-05-14 20:35 . 2011-05-14 20:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 22:24 . 2011-05-13 22:24 -------- d-----w- c:\program files\Common Files\Skype
2011-05-05 00:03 . 2011-05-05 00:03 -------- d-----w- c:\users\Marius Gussmann\4.0
2011-05-05 00:03 . 2011-05-05 00:04 -------- d-----w- c:\users\Marius Gussmann\.tfo4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-21 10:01 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-05-21 10:01 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-02-23 15:04 . 2011-03-20 11:51 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2011-03-20 11:51 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-03-20 11:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2011-03-20 11:52 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2011-03-20 11:52 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2011-03-20 11:52 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2011-03-20 11:52 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2011-03-20 11:52 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- d:\anwendungen\avast! Antivirus\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"DAEMON Tools Lite"="d:\anwendungen\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"VirtualCloneDrive"="d:\anwendungen\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"cFosSpeed"="d:\anwendungen\cfos speed\cFosSpeed.exe" [2009-02-11 876760]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast"="d:\anwendungen\avast! Antivirus\avastUI.exe" [2011-02-23 3451496]
"Skytel"="Skytel.exe" [2007-05-07 1826816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- d:\anwendungen\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Steam"="d:\anwendungen\Steam\Steam.exe" -silent
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="d:\anwendungen\Quicktime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="d:\anwendungen\Acrobat Reader 8.1\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"OSD"=c:\program files\C&E\OSD\osd.exe
"TomTomHOME.exe"="d:\anwendungen\Tom Tom 6\TomTomHOME.exe" -s
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 OsdService;OsdService;c:\program files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 53248]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 gsplittm;gsplittm;c:\users\MARIUS~1\AppData\Local\Temp\gsplittm.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-07-25 212008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-02-14 716272]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S3 CEBFilter;CEBFilter;c:\program files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120]
S3 CEIO;CEIO;c:\program files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608]
S3 cKBFilter;cKBFilter;c:\program files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 46592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-13 08:40]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 08:52]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 08:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Marius Gussmann\AppData\Roaming\Mozilla\Firefox\Profiles\n68u5dnk.default\
FF - prefs.js: browser.startup.homepage - www.google.at
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Free Download Manager - d:\anwendungen\Free Download Manager\fdm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-22 00:55
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3777084760-1419628056-2041107218-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:14,d5,c8,8f,42,ae,2f,55,f3,64,cc,bc,e8,cb,ec,8d,fc,2a,8d,e7,93,61,73,
82,2f,d7,31,49,2f,0f,9e,cd,cf,e7,40,39,ed,ff,68,ac,e0,ea,ff,48,e6,28,f8,bf,\
"??"=hex:5f,f5,85,cb,46,5e,2c,72,c6,c8,75,40,9b,ca,2b,2a
.
[HKEY_USERS\S-1-5-21-3777084760-1419628056-2041107218-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9c,26,16,b1,30,d7,7e,e0,ac,ef,f8,1d,e5,3e,86,de,d4,f2,ed,ab,19,
b2,4f,d5,48,69,25,c7,4d,2e,e0,ce,f7,aa,99,6c,6f,2e,07,12,ef,fc,f0,9e,4e,cb,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-05-22 00:59:44
ComboFix-quarantined-files.txt 2011-05-21 22:59
.
Vor Suchlauf: 5.380.239.360 Bytes frei
Nach Suchlauf: 6.599.917.568 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6
- - End Of File - - FC7FDFA584242E92178D884ECAA86370
|
|
22.05.2011, 14:56
| #6 |
| /// Malware-holic | win32killAV-ahy von avast-antivir erkannt - was nun? hi, nutzt du avast 5 oder 6?
__________________ --> win32killAV-ahy von avast-antivir erkannt - was nun? |
|
22.05.2011, 15:09
| #7 |
| | win32killAV-ahy von avast-antivir erkannt - was nun? avast 6. hab heute auch avast nochmal drüber laufen lassen, aber ohne ergebnis. dennoch kommts mir vor, als würde die performance schlechter sein als noch zuvor.. vielleicht aber auch nur einbildung. lg |
|
22.05.2011, 15:13
| #8 |
| /// Malware-holic | win32killAV-ahy von avast-antivir erkannt - was nun? lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2011, 17:07
| #9 |
| | win32killAV-ahy von avast-antivir erkannt - was nun? so, habs zusammengeschrieben. brauchte noch ne kategorie - verzichtbar  da ich eigentlich nur die programme aufm lappie hab, die ich auch (mehr oder weniger) wirklich brauch, soll heißen auch "unnötig" trifft nur in manchen fällen wirklich zu..danke und lg |
|
22.05.2011, 17:13
| #10 |
| /// Malware-holic | win32killAV-ahy von avast-antivir erkannt - was nun? deinstaliere: Adobe Reader 8 Adobe - Adobe Reader herunterladen - Alle Versionen ohne mc affe instalieren (haken weg) öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. DivX alle DVD Shrink wenn nicht nötig weg Foto Free YouTube beide Google beide HijackThis inSSIDer K-Lite Microsoft Xbox Mozilla wieso 2 versionen und warum auf englisch? PDFCreator zum erstellen von pdfs RealPlayer SereneScreen Simple Sudoku VLC media player update VideoLAN - Official download of VLC media player for Windows xp-AntiSpy bereinige mit dem ccleaner.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2011, 17:34
| #11 |
| | win32killAV-ahy von avast-antivir erkannt - was nun? ok, gemacht. mir fällt grad auf, dass der CCleaner wie auch andere programme nachm installieren jetzt auf englisch laufen.. wichtig? der 2. firefox war nur ein falscher eintrag in der registry... Geändert von MerV (22.05.2011 um 18:10 Uhr) |
|
22.05.2011, 18:33
| #12 |
| /// Malware-holic | win32killAV-ahy von avast-antivir erkannt - was nun? hast du beim setup nicht deutsch ausgewählt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2011, 18:43
| #13 |
| | win32killAV-ahy von avast-antivir erkannt - was nun? doch, es war auch auf deutsch beim ersten programmstart.. beim deinstallieren ist mir dann auch aufgefallen, dass bei ein paar programmen die uninstaller trotz deutscher software auf englisch waren bzw. geswitcht sind.. |
|
22.05.2011, 19:10
| #14 |
| /// Malware-holic | win32killAV-ahy von avast-antivir erkannt - was nun? welche programme sinds denn? vllt mal neu instalieren
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2011, 19:37
| #15 |
| | win32killAV-ahy von avast-antivir erkannt - was nun? ccleaner eben, dann malwarebytes, das auch öfters switched, und zwei programme, die ich schon runtergeworfen hab. ich schaus mir mal an. heißt das jetzt eigentlich, dass ich kein rootkit (mehr) drauf habe? und was mach ich mit den beiden dateien unter quarantäne, wo avast jetzt sagt, sie hätten keinen virus? hab ansonsten alles geupdated inkl. windows, mir auch ien zweites benutzerkonto angelegt, firefox noch sicherer gemacht, dank dir die komplexität meines systems verringert, denke also, vom setting dürft jetzt alles passen, eben nur die frage mit dem rootkit.. lg, marius |
|
| Themen zu win32killAV-ahy von avast-antivir erkannt - was nun? |
| anti-malware, avast, avast!, c:\windows, code, dateien, erkannt, explorer, forum, frage, hochfahren, ics, malwarebytes, meldung, problem, quarantäne, rootkit, system, system32, version, virendatenbank, warnmeldung, win, win32, windows |
Linear-Darstellung
