|
Plagegeister aller Art und deren Bekämpfung: Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AHWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.05.2011, 15:33 | #1 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH So, ich habe ein Problem mit den oben genannten Viren, Java-Virus JAVA/Stutter.AH wurde 1xmal gefunden und Java-Virus JAVA/Stutter.AG 2xMal Wie gehe ich jetzt dagegen vor? Bin ein absoluter Neuling in sachen PC's bitte um Hilfe. Danke im Voraus |
23.05.2011, 19:22 | #2 | |||
/// Helfer-Team | Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. ** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 5. Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse jeden Fund markieren => Rechtsklick auf Funde => Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow
__________________ |
26.05.2011, 20:52 | #3 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AHCode:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6674 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 25.05.2011 17:43:47 mbam-log-2011-05-25 (17-43-47).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 355900 Laufzeit: 1 Stunde(n), 5 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{003541A1-3BC0-1B1C-AAF3-040114001C01} (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SwUpdate (Trojan.Agent) -> Value: SwUpdate -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Bad: (C:\PROGRA~2\\MACROM~1\SWFUPD~1\swfupdate.dll) Good: () -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\macromedia\swfupdate\swfupdate.dll (Trojan.Agent) -> Delete on reboot. c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\K72RMM3K\users_root_file_file[1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully. c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. Code:
ATTFilter OTL logfile created on: 25.05.2011 18:26:26 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alex\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 26,86% Memory free 4,24 Gb Paging File | 1,94 Gb Available in Paging File | 45,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,50 Gb Total Space | 59,17 Gb Free Space | 50,79% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alex\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Progfiles\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Progfiles\Adobe\Reader8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Progfiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (SafeList) ========== MOD - C:\Users\Alex\Downloads\OTL(2).exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- File not found SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_8832f4b.dll () SRV - (AntiVirSchedulerService) -- C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (avgio) -- C:\Progfiles\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation) DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation) DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI) DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation) DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation) DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation) DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation) DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (PLCNDIS5) -- C:\Windows\System32\PLCNDIS5.SYS (Intellon, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su=" FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Windows\system32\config\systemprofile\AppData\Roaming\5015 [2011.05.01 14:14:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 19:01:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.20 14:37:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2011.05.15 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions [2011.05.07 14:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.12 06:42:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.07 14:01:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.12 06:42:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com [2011.05.15 19:03:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\support@lastpass.com [2011.05.16 06:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.21 14:29:02 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX\APPDATA\ROAMING\5015 () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DI26CSR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\progfiles\Adobe\Reader8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\ProgFiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108800 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.25 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia [2011.05.24 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2011.05.24 16:03:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.24 16:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.05.24 16:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.24 16:03:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.24 16:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.24 15:58:33 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll [2011.05.23 15:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Downloaded Installers [2011.05.21 14:29:02 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll [2011.05.20 19:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CCleaner [2011.05.20 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.05.16 21:16:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.16 06:50:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.15 19:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dabou [2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Bive [2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source [2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Counter-Strike Source [2011.05.07 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECHNO4EVER Player [2011.05.07 13:23:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.05.07 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Koenr [2011.05.05 17:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Counter-Strike Source [2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock [2011.05.04 15:16:28 | 000,000,000 | ---D | C] -- C:\2011838ae5cda6dd97 [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl [2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu [2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum [2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu [2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu [2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel [2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi [2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob [2011.05.01 13:34:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Vasago [2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Heuty [2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Duiclu [2011.04.28 12:26:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\5015 [2011.04.26 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Black & White 2 [2011.04.26 21:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Black & White 2 [2011.04.26 21:04:18 | 000,000,000 | ---D | C] -- C:\Programme\Lionhead Studios [2011.04.26 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Drakensang [2011.04.26 18:49:16 | 000,000,000 | ---D | C] -- C:\Programme\Drakensang [2011.04.26 15:28:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Uniblue [2011.04.26 15:27:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.04.26 15:27:51 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2011.04.26 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\xmldm [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.25 17:55:05 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.25 17:55:05 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.25 17:55:05 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.25 17:55:04 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.25 17:50:31 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.25 17:50:31 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.25 17:49:47 | 000,030,259 | ---- | M] () -- C:\Users\Alex\Desktop\hjtscanlist.bat [2011.05.25 17:44:05 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rabcfw.sys [2011.05.25 16:33:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.25 14:26:59 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job [2011.05.25 14:25:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job [2011.05.25 13:51:39 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job [2011.05.25 13:50:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.24 15:58:33 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll [2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job [2011.05.23 17:57:23 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\MafiaBug.rtf [2011.05.23 16:43:47 | 000,014,408 | ---- | M] () -- C:\Users\Alex\Documents\Antivir².rtf [2011.05.23 16:08:35 | 000,014,402 | ---- | M] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf [2011.05.23 14:05:53 | 000,001,280 | ---- | M] () -- C:\Users\Alex\Documents\CMV.rtf [2011.05.22 19:21:48 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf [2011.05.21 22:54:49 | 000,001,390 | ---- | M] () -- C:\Users\Alex\Documents\lehrer..rtf [2011.05.21 17:59:05 | 000,001,326 | RHS- | M] () -- C:\Users\Alex\ntuser.pol [2011.05.21 14:29:02 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll [2011.05.20 16:04:36 | 000,000,962 | ---- | M] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf [2011.05.16 21:16:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.16 06:50:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.05.16 06:50:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.15 19:01:22 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.15 13:33:57 | 206,240,140 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.05.14 08:47:32 | 2926,603,649 | ---- | M] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe [2011.05.11 16:23:37 | 000,000,210 | ---- | M] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf [2011.05.09 15:11:01 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.05.09 07:13:02 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat [2011.05.08 21:46:23 | 000,001,808 | ---- | M] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk [2011.05.07 13:46:38 | 000,000,823 | ---- | M] () -- C:\Users\Alex\Desktop\T4E Player.lnk [2011.04.26 19:15:07 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001119.LCS [2011.04.26 13:55:11 | 000,000,112 | ---- | M] () -- C:\ProgramData\56iE4qch.dat [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.25 17:44:05 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rabcfw.sys [2011.05.24 16:03:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 17:57:22 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\MafiaBug.rtf [2011.05.23 16:43:47 | 000,014,408 | ---- | C] () -- C:\Users\Alex\Documents\Antivir².rtf [2011.05.23 16:08:35 | 000,014,402 | ---- | C] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf [2011.05.23 16:01:48 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Error Fix Scan.job [2011.05.23 14:05:53 | 000,001,280 | ---- | C] () -- C:\Users\Alex\Documents\CMV.rtf [2011.05.22 19:21:48 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf [2011.05.21 22:54:49 | 000,001,390 | ---- | C] () -- C:\Users\Alex\Documents\lehrer..rtf [2011.05.15 19:45:18 | 000,000,962 | ---- | C] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf [2011.05.15 19:01:22 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.14 08:15:34 | 2926,603,649 | ---- | C] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe [2011.05.11 16:23:36 | 000,000,210 | ---- | C] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf [2011.05.09 07:13:02 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat [2011.05.08 21:46:23 | 000,001,808 | ---- | C] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk [2011.05.07 13:46:38 | 000,000,823 | ---- | C] () -- C:\Users\Alex\Desktop\T4E Player.lnk [2011.04.26 19:14:42 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001119.LCS [2011.04.26 13:31:37 | 000,000,112 | ---- | C] () -- C:\ProgramData\56iE4qch.dat [2011.04.25 11:12:06 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41672456r [2011.04.25 11:12:06 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41672456 [2011.04.25 11:11:53 | 000,000,400 | ---- | C] () -- C:\ProgramData\41672456 [2011.04.25 11:05:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41017096r [2011.04.25 11:05:41 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41017096 [2011.04.25 11:05:22 | 000,000,400 | ---- | C] () -- C:\ProgramData\41017096 [2011.03.27 15:22:11 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2011.03.24 20:04:02 | 000,065,040 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.02.28 19:04:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2011.02.19 23:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini [2009.08.02 16:29:26 | 000,000,276 | ---- | C] () -- C:\Windows\thug2.ini [2009.05.27 17:05:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.27 17:05:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.12.28 04:59:54 | 000,138,608 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.12.28 04:59:37 | 000,189,800 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.12.28 04:59:35 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.12.28 04:59:34 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2008.12.21 13:51:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.11.21 20:30:29 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2008.11.02 22:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.11.02 22:46:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.11.02 22:17:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2008.11.02 22:14:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2008.09.10 17:25:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008.09.02 17:04:44 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.09.02 17:04:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.07 11:52:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.11 17:24:03 | 000,399,736 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2008.04.10 17:28:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.04.02 15:52:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.18 18:53:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.03.17 17:05:08 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.27 10:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631 [2008.01.04 13:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.12.23 12:00:36 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2007.12.23 11:50:55 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2007.12.16 15:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.12.09 22:15:31 | 000,479,232 | ---- | C] () -- C:\Windows\System32\HookShield.dll [2007.12.09 22:15:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\executeosd.exe [2007.12.09 22:15:30 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll [2007.12.09 22:15:30 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll [2007.12.09 22:15:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\startup.exe [2007.12.09 22:15:27 | 000,462,848 | ---- | C] () -- C:\Windows\System32\HookMap.dll [2007.12.09 20:23:49 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2007.12.09 20:23:49 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2007.12.09 20:23:49 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2007.12.09 20:23:49 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2007.12.09 20:23:49 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2007.12.09 20:23:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 17:33:31 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,272,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.05.21 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\5015 [2011.05.23 06:49:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bive [2011.02.20 20:41:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Bombermaaan [2011.05.21 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dabou [2011.05.04 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Duiclu [2011.03.03 20:47:42 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.02 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Erakwi [2011.05.04 15:24:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ewonum [2011.05.04 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Exyl [2011.05.03 08:08:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Fyel [2011.05.03 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Heuty [2011.02.20 14:59:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ICQ [2011.05.02 18:29:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Iwreob [2011.05.04 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\kock [2011.05.07 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Koenr [2011.05.04 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Oghipu [2011.03.24 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2011.02.19 23:00:40 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ParentalControl [2011.05.04 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ruyqit [2011.03.23 18:30:11 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Sony [2011.05.07 14:01:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony Setup [2011.05.24 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SpeedSim [2011.03.02 14:58:51 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer [2011.03.23 18:41:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Teleca [2011.04.26 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue [2011.05.01 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vasago [2011.04.26 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\xmldm [2011.05.03 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Xyopu [2011.05.03 15:59:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ythuu [2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\Error Fix Scan.job [2011.05.25 14:28:49 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.25 14:26:59 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job [2011.05.25 13:51:39 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job [2011.05.25 14:25:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job ========== Purity Check ========== < End of report > OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alex\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 26,86% Memory free 4,24 Gb Paging File | 1,94 Gb Available in Paging File | 45,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,50 Gb Total Space | 59,17 Gb Free Space | 50,79% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{065E1C38-973B-420F-B300-BDE7042A66CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{153011C4-F9EB-4BF1-AEBB-27FB9BA2E179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{166FABF1-D78E-44B7-A59A-B1DFB57652EE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{3DD9E3BA-BBE6-4022-AB7A-BF11F5A333FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59671036-B829-4941-A9E3-F7379DB24EB0}" = lport=6112 | protocol=17 | dir=in | name=warcraft hosten (udp) | "{603119FC-035D-4A3A-9327-6807EC4345EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6F655981-E0B6-49CB-9EED-1541861992A3}" = lport=2869 | protocol=6 | dir=in | app=system | "{74474826-2651-4A2C-97A1-92B0A325D5B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8ECFC677-3E3C-4DE5-9DBE-FFC1C658C195}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe | "{A5A54654-BB71-4AEB-831F-7E0C6A3EE5C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AA24654D-64AE-4106-8141-753E04303CC4}" = lport=10243 | protocol=6 | dir=in | app=system | "{AD3F7378-5448-477B-8039-67EA7A916894}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{ADB8B2A9-030F-4370-9AD3-9C1952FE31E0}" = rport=10243 | protocol=6 | dir=out | app=system | "{BF180437-BA42-47EA-86C4-E1034F2652C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C1674B6F-19D8-46E7-B498-56D0B5AC4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C1B99E14-D1A6-441E-847E-22D821F81ABA}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | "{DCDF20B5-C6DC-4B06-9DCB-71E40B6C704A}" = lport=6112 | protocol=6 | dir=in | name=warcraft hosten (tcp) | "{DEE52D1E-7AD8-4587-8797-A336A942CFD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DFB2FDC5-AC69-46D9-B918-C8D3C3D1C974}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E4ED2BDD-F5F1-4448-86EF-22328182D7C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0AD1039-C922-48D5-A915-75A6627719C8}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{F4B94E0C-13A7-4238-ADE2-CFEA87226B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD234473-D514-4495-9D7E-DA93CD8571DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD9D77BE-C2C6-46A8-B921-44B7FF0CC0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FEBE93D1-C791-43D6-A149-03E12BAA9F98}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03EA7C1D-C51B-4363-B127-4D11EF1F7CF2}" = protocol=41 | dir=out | app=system | "{07857146-54F5-404C-B2AF-23E5F8B270FD}" = protocol=58 | dir=in | app=system | "{0AE01A6B-3E5B-4186-B521-5E57A0908AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1516A6E8-5B15-4ADC-B6A7-AC141C8EB166}" = protocol=58 | dir=out | name=kernnetzwerk - routerankündigung (icmpv6 ausgehend) | "{18398135-4B64-4406-B89A-6893889751F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{19C5B54D-4E44-4D0F-A81B-8721687466C0}" = protocol=58 | dir=in | app=system | "{2D881E67-AC89-4417-B94D-B1F12B22AEEA}" = protocol=58 | dir=in | app=system | "{3056500B-E1AD-4B9F-9192-61A8C5A36D06}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{3127CCFC-444D-4677-8BB6-3FCADB49CC9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{31F7B4CC-315B-4771-90C5-2346508D32D1}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörabfrage (icmpv6 ausgehend) | "{34975BFD-5193-4648-88B8-E11456940F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35318073-168C-4CBA-9ACC-B5B5C2438A5B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{380053FD-4EC8-48C1-B580-87E0EA7C9CCD}" = protocol=6 | dir=in | app=c:\progfiles\itunes\itunes.exe | "{4B50C50A-C5D8-4BB1-BF95-4FA8348197CA}" = protocol=1 | dir=in | app=system | "{52C5FB71-3087-40A9-9258-02A001F6C752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{539EE3FA-207C-4BA5-B539-F9F7695B6704}" = protocol=58 | dir=in | app=system | "{5C96D9AE-02AC-4F75-8531-9BE55F67520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{60231891-8EDF-4967-908D-0B19B961CF5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B0D204E-BE84-4507-BC7F-E9C0D60E0ACE}" = protocol=58 | dir=out | name=kernnetzwerk - zeitüberschreitung (icmpv6 ausgehend) | "{6EB29043-E7B3-4627-95F5-862CEE5B892B}" = protocol=58 | dir=in | app=system | "{72EE8667-87C0-4714-B93C-FA98BA3AF6F4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{790FFA2C-EBCD-4103-A7C1-3447363CEEAB}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht (icmpv6 ausgehend) | "{7B6C17ED-459C-41E4-890B-7854F2B640B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E07FE11-8F48-4EC8-8ABF-5F96B4E9BC6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{847993E7-A11C-4B11-9DCA-C208A2650937}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{857BDD0D-295F-4026-BEEF-2DD2A010222D}" = protocol=58 | dir=in | app=system | "{8BA0DDA9-D3C0-4D15-A650-6213891173AB}" = protocol=17 | dir=in | app=c:\progfiles\itunes\itunes.exe | "{8E493B07-5F47-48F6-AE90-5C7E3DB88CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{921E215D-E43B-4C4C-8FD3-4A0B3B8481D1}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsanfrage (icmpv6 ausgehend) | "{92D14525-95D6-4698-AD31-7ECFA02F7350}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht v2 (icmpv6 ausgehend) | "{965E55CF-7ADF-495F-95A5-262731EDFCA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{9B91B485-E126-4A8C-A06A-6EA661D9E790}" = protocol=41 | dir=in | app=system | "{9C1649E5-F2C9-4A26-8FDD-1C1686D24D6B}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsankündigung (icmpv6 ausgehend) | "{A6B366F9-F865-4036-AD89-BB5308496B7D}" = protocol=58 | dir=out | name=kernnetzwerk - routeranfrage (icmpv6 ausgehend) | "{A9E45AAD-C3EB-46C3-B13F-618218A2B693}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{AB2F0A65-7D60-4257-8191-CA9AEC3BF39F}" = protocol=6 | dir=out | app=system | "{AE50CCDF-CE9B-49E5-A7EE-8234071B33B8}" = protocol=2 | dir=in | app=system | "{AF3964B1-517D-43AD-B6E8-9869A17C1799}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{AF6942F8-3D04-470D-B417-A814BE9CF585}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörvorgang abgeschlossen (icmpv6 ausgehend) | "{B17E2752-A463-4FF4-88D3-5BB5228E1C09}" = protocol=58 | dir=in | app=system | "{BEDDA3A2-E64C-4CFD-9438-0763C8ECCCF5}" = protocol=58 | dir=in | app=system | "{C151598C-C645-4AB0-A7BF-3943C343F230}" = protocol=58 | dir=in | app=system | "{C46D1837-4E3D-4637-BFCD-B9FF14FC106A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D083D3B2-816D-43ED-A0AF-8577CE985BDD}" = protocol=2 | dir=out | app=system | "{D67D5A69-C19C-4255-BFB3-398D2BEF48FA}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{D9C8C3D5-E97B-4275-A216-267C11A87FB4}" = protocol=58 | dir=in | app=system | "{E2982187-6155-4B4C-AD9D-556DB2CC8AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E444E485-F907-4E74-876E-7F05871BAB07}" = protocol=58 | dir=in | app=system | "{E68D854F-15AC-4168-89FC-B4D5B8CFDCD1}" = protocol=58 | dir=out | name=kernnetzwerk - parameterproblem (icmpv6 ausgehend) | "{E8089052-4DA6-4B5F-9A62-293A4498981B}" = protocol=58 | dir=out | name=kernnetzwerk - paket zu gross (icmpv6 ausgehend) | "{E97F0E39-5924-4C45-9DCB-E7A96F9C7533}" = protocol=58 | dir=in | app=system | "{F38372D4-EF54-4052-B299-FF49CFA53380}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{F3FCC74E-5FC4-48AD-BEF1-87402F2B2D79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FACAEB83-3312-4D9C-979D-241358EA7513}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "TCP Query User{040A77D4-C269-4FEC-9843-AE0918C9F810}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | "TCP Query User{0D1A2328-BB85-406B-B69A-21DCD2E563F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{22372A26-D688-4650-953E-FB0CBE63AD6F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | "TCP Query User{288018B9-20ED-4065-8190-340DAB7156C1}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | "TCP Query User{2D9EE5FD-7FAF-4D3D-A6FB-6BF3AF079657}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{2E648958-69DD-4501-8A4E-0D9DCE0AF2F8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{2FE0DB96-0D88-4DE3-99C4-97245DF2D068}F:\callofduty4\iw3mp.exe" = protocol=6 | dir=in | app=f:\callofduty4\iw3mp.exe | "TCP Query User{4518FABE-E6A7-4276-98A6-212B8B70330F}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | "TCP Query User{475C53F3-55E2-402E-AB30-70E9C7CD1C3F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | "TCP Query User{58D32D27-08C6-44E3-800F-358C6990D4B2}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | "TCP Query User{5A0DF772-B951-4485-906B-9AE926786D3F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{62F9BB5A-047F-45AB-9888-7227980F8F96}C:\progfiles\screamerradio\screamer.exe" = protocol=6 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | "TCP Query User{68A290FC-BF34-4278-BC2D-1F0543CAB416}C:\progfiles\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\progfiles\zattoo\zattood.exe | "TCP Query User{6BEB8DDB-06FE-49DF-9D3B-A60123DC6F19}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{70972043-A089-4B7D-9CEB-02940A6501B9}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{740BAB1F-6D64-4B75-A0F0-2C0959463A21}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | "TCP Query User{7CF46998-ED4B-44FE-BA2A-9DB7CE7E7919}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | "TCP Query User{84E52A8F-7A12-4E26-A5A3-E94F139147A1}C:\progfiles\garena\garena.exe" = protocol=6 | dir=in | app=c:\progfiles\garena\garena.exe | "TCP Query User{87862B45-EA94-4065-A0D2-D0814254A4B4}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | "TCP Query User{8B10CF85-D4DC-44A4-A5D8-EF6E6A8D09B1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{8EB4347A-06C9-4FF2-9592-57C118DBD47E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{986C8BEC-9FAE-4AFE-9768-C9391CD2B4AB}C:\progfiles\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\progfiles\firefox\firefox.exe | "TCP Query User{98A2A7F9-770B-4676-A924-FFF15EA432BE}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | "TCP Query User{99311A98-6A0C-419A-81E4-C68269C737EB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "TCP Query User{B53B81CA-32F9-4D7C-9431-B17872382D31}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | "TCP Query User{BDF81878-22DF-4784-8B0D-063E84A4BB2B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | "TCP Query User{D7127690-B8D7-4BCB-BE91-B9777A037CBA}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | "TCP Query User{DDD2B434-CB82-48A1-AECC-E57EC3D967E8}C:\progfiles\icq6\icq.exe" = protocol=6 | dir=in | app=c:\progfiles\icq6\icq.exe | "TCP Query User{E61D138D-11DC-4EF7-9B44-F68CF26866D4}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | "TCP Query User{E8B709B1-9ACC-49DE-9EAA-702937865120}F:\serios sam ii\bin\sam2.exe" = protocol=6 | dir=in | app=f:\serios sam ii\bin\sam2.exe | "TCP Query User{E8EC0FD6-9538-4903-8B6A-0B62353E23F1}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "TCP Query User{E91CD75E-963F-43A5-B4E3-825044A163B8}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "TCP Query User{ED0BDEDC-B31B-4F37-BCC9-446AE8A1921B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | "TCP Query User{EDA64722-9CC6-41AA-A50D-A3D5DB7D2E84}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{F2484FDC-7C5E-4351-A3F9-3012DDBA3C8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{03E7B46B-31B0-436D-A1EE-DFD92363438E}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | "UDP Query User{0969CEB8-4C31-4381-95F0-7049E7E22BE3}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | "UDP Query User{10EC67F6-663D-47A2-A4D6-F5AFF2C10406}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{13544F0F-3A35-4B25-9F54-CA3ED7FFF3DC}C:\progfiles\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\progfiles\firefox\firefox.exe | "UDP Query User{1935E1FF-9806-4C40-BBAD-29AE173F99B5}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | "UDP Query User{217316AA-80B0-4B6D-A694-4D03F611CE9C}C:\progfiles\screamerradio\screamer.exe" = protocol=17 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | "UDP Query User{2B3C385E-FBB8-4C6B-A3C9-C9808776DE65}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | "UDP Query User{315F4795-2594-4011-A831-281BADCCCD69}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{42C667E3-7F8D-4844-A3C8-100B870922E3}F:\serios sam ii\bin\sam2.exe" = protocol=17 | dir=in | app=f:\serios sam ii\bin\sam2.exe | "UDP Query User{435FFE92-F275-40B0-BC64-6FE106BF4A2A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "UDP Query User{46D5DB42-95CF-4125-AE0A-A61419396A55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{5540E194-BF17-4517-BB89-88962D3EADC1}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | "UDP Query User{5586E9DA-02D1-41CC-898D-ED60E72152B3}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{56F3ABFF-8D06-4332-B5AD-F85EA33E7E91}F:\callofduty4\iw3mp.exe" = protocol=17 | dir=in | app=f:\callofduty4\iw3mp.exe | "UDP Query User{57F199C6-D85F-4715-A523-2A2069E2E38C}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | "UDP Query User{59C856D3-5AB1-4F10-90EF-D4EB41491BB4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{66575AE9-C0D4-454C-8157-FCB1129EB4BD}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | "UDP Query User{6AC60CC6-AFC7-4E39-944C-BA11887C964D}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "UDP Query User{6D0260B9-6763-485A-A942-EC606691F259}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | "UDP Query User{6F78FF01-CA2C-4BE8-9B19-6B274198FEC5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{70904A82-EF0D-46D5-9628-BF11580D11E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{710C74B2-1A3C-46E0-A97D-240CAB43E0C1}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{85E1CFB1-B4AA-4ED5-9D14-F5CFF96B2B76}C:\progfiles\garena\garena.exe" = protocol=17 | dir=in | app=c:\progfiles\garena\garena.exe | "UDP Query User{95428427-AFB4-4EE3-A146-6049A5A7E105}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{9C18AEC0-4DA4-4F32-9019-B51D3B240235}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | "UDP Query User{9E22FA4F-0B9A-438C-8912-66BF20ACEEC2}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | "UDP Query User{A1FA7043-06C2-4E10-AD02-9C99BD56FD8D}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | "UDP Query User{B6D23BB0-FC4C-4F83-A59E-EAA0B3331E00}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "UDP Query User{BADEBABF-AF1B-4478-B5AB-34D0EC5E04E0}C:\progfiles\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\progfiles\zattoo\zattood.exe | "UDP Query User{C4405CDE-EF56-4DF8-A473-00952B53ACD5}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | "UDP Query User{D58B51BF-353D-4741-A9CD-B1EE0C087809}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | "UDP Query User{DA60D498-5BFB-4FAE-8A46-810771B87052}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{DE111D63-5C5B-4405-96CE-7DD7528E9CCC}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | "UDP Query User{F2F2DBF3-F3F1-4F89-B8CD-1A5332A2A027}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0192ED7A-0AF2-426B-AFDF-AD8506295C94}" = Error Fix "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{128A6D30-D64D-4923-8EA3-4A4C536E0A4C}" = Mega ePower 85 Software "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4 "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch "{ADC20BE6-8CA6-4989-B3E8-68EBD2AF1031}" = Nero 7 Essentials "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "CCleaner" = CCleaner "Cossacks : Back To War" = Cossacks - Back To War "Counter-Strike: Source" = Counter-Strike: Source "DX-Ball 1.09" = DX-Ball 1.09 "ffdshow_is1" = ffdshow [rev 2033] [2008-07-05] "FoxyTunesForFirefox" = FoxyTunes for Firefox "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33 "FreePDF_XP" = FreePDF XP (Remove only) "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "Red Alert" = Red Alert Windows 95 "Rohan_DE" = R.O.H.A.N. Vendetta "SpeedSim" = SpeedSim "SuperTux_is1" = SuperTux 0.1.3 "T4EPlayer" = T4E Player "TmNationsForever_is1" = TmNationsForever "UltraStar Deluxe" = UltraStar Deluxe "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2009 18:00:19 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 20.08.2009 07:02:33 | Computer Name = MarcsPC | Source = ESENT | ID = 215 Description = WinMail (3060) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 20.08.2009 07:04:30 | Computer Name = MarcsPC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Media Center Events ] Error - 16.04.2008 09:35:30 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 18.04.2008 12:54:59 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 18.04.2008 16:09:11 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. [ System Events ] Error - 25.05.2011 02:20:27 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = Error - 25.05.2011 07:51:55 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = Error - 25.05.2011 08:12:39 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 25.05.2011 08:12:39 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 25.05.2011 11:50:49 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7034 Description = Error - 25.05.201 |
26.05.2011, 21:11 | #4 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AHCode:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6674 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 25.05.2011 17:43:47 mbam-log-2011-05-25 (17-43-47).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 355900 Laufzeit: 1 Stunde(n), 5 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{003541A1-3BC0-1B1C-AAF3-040114001C01} (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SwUpdate (Trojan.Agent) -> Value: SwUpdate -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Bad: (C:\PROGRA~2\\MACROM~1\SWFUPD~1\swfupdate.dll) Good: () -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\macromedia\swfupdate\swfupdate.dll (Trojan.Agent) -> Delete on reboot. c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\K72RMM3K\users_root_file_file[1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully. c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. |
28.05.2011, 08:43 | #5 |
/// Helfer-Team | Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH Punkt 5. fehlt noch:-> http://www.trojaner-board.de/99473-j...tml#post662613
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
30.05.2011, 20:45 | #6 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH yp, das weiß ich nich wie ich alle markieren soll oder geht das auch einzeln? |
31.05.2011, 16:51 | #7 |
/// Helfer-Team | Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH Teile es zur Not auf mehrere Beiträge auf. oder am besten nur die Funde posten
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
31.05.2011, 18:47 | #8 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe' wurde ein Virus oder unerwünschtes Programm 'HIDDENEXT/Crypted' [heuristic] gefunden. Ausgeführte Aktion: Zugriff erlauben Die Datei 'C:\Windows\Temp\639.tmp.VIR' enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.24362.2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ab3f56e.qua' verschoben! In der Datei 'C:\Windows\Temp\639.tmp.VIR' wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.24362.2' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben Die Datei 'C:\Windows\Temp\639.tmp' enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.24362.2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde nach '639.tmp.VIR' umbenannt! Die Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTFIOXXN\hudshpioitgw[1].html.VIR' enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-3552' [exploit]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a2af4f3.qua' verschoben! Die Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTFIOXXN\hudshpioitgw[1].html' enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-3552' [exploit]. Durchgeführte Aktion(en): Die Datei wurde nach 'hudshpioitgw[1].html.VIR' umbenannt! In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTFIOXXN\hudshpioitgw[1].html.VIR' wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-3552' [exploit] gefunden. Ausgeführte Aktion: Zugriff erlauben Die Datei 'C:\ProgramData\Macromedia\swfupdate\swfupdate.dll.VIR' enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. In der Datei 'C:\ProgramData\Macromedia\swfupdate\swfupdate.dll.VIR' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben Die Datei 'c:\ProgramData\Macromedia\swfupdate\swfupdate.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan]. Durchgeführte Aktion(en): Der Registrierungseintrag <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations> wurde erfolgreich entfernt. Die Datei wurde nach 'swfupdate.dll.VIR' umbenannt! n der Datei 'C:\Users\Alex\AppData\Roaming\appconf32.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Die Datei 'C:\Recycle.Bin\Recycle.Bin.exe.VIR' enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.SpyEyes.mu' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b336482.qua' verschoben! In der Datei 'C:\Recycle.Bin\Recycle.Bin.exe.VIR' wurde ein Virus oder unerwünschtes Programm 'TR/Jorik.SpyEyes.mu' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Die Datei 'C:\Windows\Temp\E114.tmp' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4adcef9f.qua' verschoben! In der Datei 'C:\Windows\Temp\E114.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\E114.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\E114.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben Die Datei 'C:\Windows\Temp\BA9F.tmp' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4aa49a88.qua' verschoben! In der Datei 'C:\Windows\Temp\BA9F.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\BA9F.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\BA9F.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Windows\Temp\hnfx\setup.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Windows\Temp\hnfx\setup.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\mrfx\setup.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\mrfx\setup.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\wpvm\setup.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\pskx\setup.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\Temp\yenr\setup.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Die Datei 'C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-5ae3f6c8.VIR' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Stutter.AG' [virus]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. Die Datei 'C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-5ae3f6c8' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Stutter.AG' [virus]. Durchgeführte Aktion(en): Die Datei wurde nach 'c669a2-5ae3f6c8.VIR' umbenannt! In der Datei 'C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-5ae3f6c8.VIR' wurde ein Virus oder unerwünschtes Programm 'JAVA/Stutter.AH' [virus] gefunden. Ausgeführte Aktion: Zugriff erlauben Die Datei 'C:\Recycle.Bin\Recycle.Bin.exe.VIR' enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.SpyEyes.mu' [trojan]. Durchgeführte Aktion(en): Die Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD98QIDH\users_root_file_file[1].exe' enthielt einen Virus oder unerwünschtes Programm 'TR/VBKrypt.dayt' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD98QIDH\users_root_file_file[1].exe' wurde ein Virus oder unerwünschtes Programm 'TR/VBKrypt.dayt' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD98QIDH\users_root_file_file[1].exe' wurde ein Virus oder unerwünschtes Programm 'TR/VBKrypt.dayt' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben Danke für die Hilfe Wollte ich am Anfang schon sagen aber leider vergessen Hab ja keine Ahnung ob das jetzt viel ist oder nicht? Aber hoffe diese Berichte sind nicht schlimm. |
31.05.2011, 20:53 | #9 |
/// Helfer-Team | Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH 1. Kommen dir bekannt vor? Wo kommen die folgenden "Dateinamen" her? von dem Spiel vlt ? Code:
ATTFilter [2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl [2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu [2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum [2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu [2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu [2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel [2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi [2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob [2011.05.01 13:34:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Vasago [2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Heuty [2011.05.01 03:15:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Duiclu [2011.05.23 06:49:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bive [2011.02.20 20:41:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Bombermaaan [2011.05.21 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dabou [2011.05.04 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Duiclu [2011.05.07 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Koenr [2011.05.04 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Oghipu [2011.03.23 18:41:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Teleca [2011.04.26 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue Fixen mit OTL
Code:
ATTFilter :OTL [2011.05.12 06:42:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com [2011.04.25 11:12:06 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41672456r [2011.04.25 11:12:06 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41672456 [2011.04.25 11:11:53 | 000,000,400 | ---- | C] () -- C:\ProgramData\41672456 [2011.04.25 11:05:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~41017096r [2011.04.25 11:05:41 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41017096 [2011.04.25 11:05:22 | 000,000,400 | ---- | C] () -- C:\ProgramData\41017096 :Commands [purity] [emptytemp]
3. erneut einen Scan mit OTL:
4. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 5. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
01.06.2011, 16:53 | #10 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH Ja sind Spiele. Spiel sehr viel zurzeit. 2. Code:
ATTFilter All processes killed ========== OTL ========== C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\searchplugin folder moved successfully. C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\META-INF folder moved successfully. C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\lib folder moved successfully. C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\DualPackage folder moved successfully. C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\defaults folder moved successfully. C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\components folder moved successfully. C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com\chrome folder moved successfully. C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\engine@conduit.com folder moved successfully. C:\ProgramData\~41672456r moved successfully. C:\ProgramData\~41672456 moved successfully. C:\ProgramData\41672456 moved successfully. C:\ProgramData\~41017096r moved successfully. C:\ProgramData\~41017096 moved successfully. C:\ProgramData\41017096 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Alex ->Temp folder emptied: 13489205 bytes ->Temporary Internet Files folder emptied: 31564690 bytes ->Java cache emptied: 4646599 bytes ->FireFox cache emptied: 134039115 bytes ->Flash cache emptied: 1840247 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 83 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 49660 bytes ->Temporary Internet Files folder emptied: 30678207 bytes ->Flash cache emptied: 698 bytes User: Marc User: Public User: Walter ->Temp folder emptied: 4043038 bytes ->Temporary Internet Files folder emptied: 36839076 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 33377807 bytes ->Flash cache emptied: 4434 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 279440 bytes Windows Temp folder emptied: 2032679617 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71595368 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 24590 bytes RecycleBin emptied: 39543 bytes Total Files Cleaned = 2.284,00 mb OTL by OldTimer - Version 3.2.23.0 log created on 06012011_151811 Files\Folders moved on Reboot... C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJ7M36V9\search[5].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJ7M36V9\search[6].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJ7M36V9\search[9].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\search[4].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\search[6].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\search[7].txt moved successfully. File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MCOKCB4P\seller[1].txt not found! C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8DUF76L\search[4].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8DUF76L\search[8].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8DUF76L\search[9].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06VK2VYG\search[2].txt moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06VK2VYG\search[3].txt moved successfully. Registry entries deleted on Reboot... Code:
ATTFilter OTL logfile created on: 01.06.2011 16:29:05 - Run 5 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alex\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,79% Memory free 4,24 Gb Paging File | 2,85 Gb Available in Paging File | 67,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,50 Gb Total Space | 57,66 Gb Free Space | 49,49% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alex\Downloads\OTL(4).exe (OldTimer Tools) PRC - C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Progfiles\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Progfiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (SafeList) ========== MOD - C:\Users\Alex\Downloads\OTL(4).exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- File not found SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_8832f4b.dll () SRV - (AntiVirSchedulerService) -- C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva385) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (avgio) -- C:\Progfiles\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation) DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation) DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI) DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation) DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation) DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation) DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation) DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (PLCNDIS5) -- C:\Windows\System32\PLCNDIS5.SYS (Intellon, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su=" FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Windows\system32\config\systemprofile\AppData\Roaming\5015 [2011.05.01 14:14:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 19:01:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.20 14:37:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2011.06.01 15:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions [2011.05.07 14:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.12 06:42:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.28 09:48:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.15 19:03:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\support@lastpass.com [2011.05.16 06:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.21 14:29:02 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX\APPDATA\ROAMING\5015 () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DI26CSR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\progfiles\Adobe\Reader8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvCplDaemonTool] C:\Windows\System32\hloads57.dll (Comp) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\ProgFiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Alex\hloads57.dll (Comp) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskk39.dll (Comp) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskzc80.dll (Comp) O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108800 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.01 15:18:11 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.31 13:54:08 | 000,000,000 | ---D | C] -- C:\xmldm [2011.05.31 06:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\alaplaya [2011.05.31 06:38:02 | 000,000,000 | ---D | C] -- C:\Programme\alaplaya [2011.05.31 06:29:56 | 711,189,938 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe [2011.05.28 09:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DVDVideoSoft [2011.05.28 09:47:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo [2011.05.28 09:47:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft [2011.05.28 09:46:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2011.05.25 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia [2011.05.24 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2011.05.24 16:03:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.24 16:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.05.24 16:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.24 16:03:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.24 16:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.24 15:58:33 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll [2011.05.23 15:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Downloaded Installers [2011.05.21 14:29:02 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll [2011.05.20 19:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CCleaner [2011.05.20 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.05.16 21:16:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.16 06:50:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.15 19:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dabou [2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Bive [2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source [2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Counter-Strike Source [2011.05.07 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECHNO4EVER Player [2011.05.07 13:23:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.05.07 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Koenr [2011.05.05 17:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Counter-Strike Source [2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock [2011.05.04 15:16:28 | 000,000,000 | ---D | C] -- C:\2011838ae5cda6dd97 [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl [2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu [2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum [2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu [2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu [2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel [2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi [2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob [1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.01 16:30:58 | 000,000,889 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.06.01 16:30:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job [2011.06.01 16:27:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job [2011.06.01 16:12:14 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.01 16:12:14 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.01 16:12:14 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.01 16:12:14 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.01 15:23:46 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.01 15:23:46 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.01 15:23:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.01 13:53:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job [2011.05.31 19:33:28 | 174,373,452 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.05.31 13:47:12 | 000,001,326 | RHS- | M] () -- C:\Users\Alex\ntuser.pol [2011.05.31 06:42:40 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2011.05.31 06:37:20 | 711,189,938 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe [2011.05.28 09:48:14 | 000,001,032 | ---- | M] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.25 20:19:52 | 000,137,542 | ---- | M] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf [2011.05.25 17:49:47 | 000,030,259 | ---- | M] () -- C:\Users\Alex\Desktop\hjtscanlist.bat [2011.05.25 16:33:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.24 15:58:33 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll [2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job [2011.05.23 17:57:23 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\MafiaBug.rtf [2011.05.23 16:43:47 | 000,014,408 | ---- | M] () -- C:\Users\Alex\Documents\Antivir².rtf [2011.05.23 16:08:35 | 000,014,402 | ---- | M] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf [2011.05.23 14:05:53 | 000,001,280 | ---- | M] () -- C:\Users\Alex\Documents\CMV.rtf [2011.05.22 19:21:48 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf [2011.05.21 22:54:49 | 000,001,390 | ---- | M] () -- C:\Users\Alex\Documents\lehrer..rtf [2011.05.21 14:29:02 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll [2011.05.20 16:04:36 | 000,000,962 | ---- | M] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf [2011.05.16 21:16:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.16 06:50:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.05.16 06:50:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.15 19:01:22 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.14 08:47:32 | 2926,603,649 | ---- | M] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe [2011.05.11 16:23:37 | 000,000,210 | ---- | M] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf [2011.05.09 15:11:01 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.05.09 07:13:02 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat [2011.05.08 21:46:23 | 000,001,808 | ---- | M] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk [2011.05.07 13:46:38 | 000,000,823 | ---- | M] () -- C:\Users\Alex\Desktop\T4E Player.lnk [1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.31 06:42:40 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2011.05.28 09:48:14 | 000,001,032 | ---- | C] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.25 20:19:52 | 000,137,542 | ---- | C] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf [2011.05.25 20:16:58 | 000,000,889 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.05.24 16:03:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 17:57:22 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\MafiaBug.rtf [2011.05.23 16:43:47 | 000,014,408 | ---- | C] () -- C:\Users\Alex\Documents\Antivir².rtf [2011.05.23 16:08:35 | 000,014,402 | ---- | C] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf [2011.05.23 16:01:48 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Error Fix Scan.job [2011.05.23 14:05:53 | 000,001,280 | ---- | C] () -- C:\Users\Alex\Documents\CMV.rtf [2011.05.22 19:21:48 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf [2011.05.21 22:54:49 | 000,001,390 | ---- | C] () -- C:\Users\Alex\Documents\lehrer..rtf [2011.05.15 19:45:18 | 000,000,962 | ---- | C] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf [2011.05.15 19:01:22 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.14 08:15:34 | 2926,603,649 | ---- | C] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe [2011.05.11 16:23:36 | 000,000,210 | ---- | C] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf [2011.05.09 07:13:02 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat [2011.05.08 21:46:23 | 000,001,808 | ---- | C] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk [2011.05.07 13:46:38 | 000,000,823 | ---- | C] () -- C:\Users\Alex\Desktop\T4E Player.lnk [2011.04.26 13:31:37 | 000,000,112 | ---- | C] () -- C:\ProgramData\56iE4qch.dat [2011.03.27 15:22:11 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2011.03.24 20:04:02 | 000,065,040 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.02.28 19:04:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2011.02.19 23:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini [2009.08.02 16:29:26 | 000,000,276 | ---- | C] () -- C:\Windows\thug2.ini [2009.05.27 17:05:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.27 17:05:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.12.28 04:59:54 | 000,138,608 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.12.28 04:59:37 | 000,189,800 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.12.28 04:59:35 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.12.28 04:59:34 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2008.12.21 13:51:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.11.21 20:30:29 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2008.11.02 22:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.11.02 22:46:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.11.02 22:17:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2008.11.02 22:14:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2008.09.10 17:25:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008.09.02 17:04:44 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.09.02 17:04:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.07 11:52:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.11 17:24:03 | 000,399,736 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2008.04.10 17:28:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.04.02 15:52:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.18 18:53:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.03.17 17:05:08 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.27 10:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631 [2008.01.04 13:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.12.23 12:00:36 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2007.12.23 11:50:55 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2007.12.16 15:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.12.09 22:15:31 | 000,479,232 | ---- | C] () -- C:\Windows\System32\HookShield.dll [2007.12.09 22:15:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\executeosd.exe [2007.12.09 22:15:30 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll [2007.12.09 22:15:30 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll [2007.12.09 22:15:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\startup.exe [2007.12.09 22:15:27 | 000,462,848 | ---- | C] () -- C:\Windows\System32\HookMap.dll [2007.12.09 20:23:49 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2007.12.09 20:23:49 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2007.12.09 20:23:49 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2007.12.09 20:23:49 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2007.12.09 20:23:49 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2007.12.09 20:23:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 17:33:31 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,272,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.05.21 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\5015 [2011.05.23 06:49:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bive [2011.02.20 20:41:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Bombermaaan [2011.05.21 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dabou [2011.05.04 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Duiclu [2011.05.28 09:47:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft [2011.05.28 09:48:21 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.02 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Erakwi [2011.05.04 15:24:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ewonum [2011.05.04 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Exyl [2011.05.03 08:08:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Fyel [2011.05.03 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Heuty [2011.02.20 14:59:26 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ICQ [2011.05.02 18:29:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Iwreob [2011.05.04 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\kock [2011.05.07 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Koenr [2011.05.04 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Oghipu [2011.03.24 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2011.02.19 23:00:40 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\ParentalControl [2011.05.04 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ruyqit [2011.03.23 18:30:11 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Sony [2011.05.07 14:01:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony Setup [2011.05.24 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SpeedSim [2011.03.02 14:58:51 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer [2011.03.23 18:41:54 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Teleca [2011.04.26 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue [2011.05.01 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vasago [2011.04.26 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\xmldm [2011.05.03 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Xyopu [2011.05.03 15:59:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ythuu [2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\Error Fix Scan.job [2011.06.01 16:05:34 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.01 16:27:00 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job [2011.06.01 13:53:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job [2011.06.01 16:30:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.06.2011 16:29:05 - Run 5 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alex\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,79% Memory free 4,24 Gb Paging File | 2,85 Gb Available in Paging File | 67,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,50 Gb Total Space | 57,66 Gb Free Space | 49,49% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{065E1C38-973B-420F-B300-BDE7042A66CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{153011C4-F9EB-4BF1-AEBB-27FB9BA2E179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1C297379-69C0-4544-8D28-F70BFF12CE9E}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | "{3DD9E3BA-BBE6-4022-AB7A-BF11F5A333FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59671036-B829-4941-A9E3-F7379DB24EB0}" = lport=6112 | protocol=17 | dir=in | name=warcraft hosten (udp) | "{603119FC-035D-4A3A-9327-6807EC4345EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6F655981-E0B6-49CB-9EED-1541861992A3}" = lport=2869 | protocol=6 | dir=in | app=system | "{74474826-2651-4A2C-97A1-92B0A325D5B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8ECFC677-3E3C-4DE5-9DBE-FFC1C658C195}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe | "{A5A54654-BB71-4AEB-831F-7E0C6A3EE5C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AA24654D-64AE-4106-8141-753E04303CC4}" = lport=10243 | protocol=6 | dir=in | app=system | "{AD3F7378-5448-477B-8039-67EA7A916894}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{ADB8B2A9-030F-4370-9AD3-9C1952FE31E0}" = rport=10243 | protocol=6 | dir=out | app=system | "{BF180437-BA42-47EA-86C4-E1034F2652C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C1674B6F-19D8-46E7-B498-56D0B5AC4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C4B28741-7742-42AC-AA0C-DD1B555B8859}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{DCDF20B5-C6DC-4B06-9DCB-71E40B6C704A}" = lport=6112 | protocol=6 | dir=in | name=warcraft hosten (tcp) | "{DEE52D1E-7AD8-4587-8797-A336A942CFD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DFB2FDC5-AC69-46D9-B918-C8D3C3D1C974}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E4ED2BDD-F5F1-4448-86EF-22328182D7C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0AD1039-C922-48D5-A915-75A6627719C8}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{F4B94E0C-13A7-4238-ADE2-CFEA87226B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD234473-D514-4495-9D7E-DA93CD8571DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD9D77BE-C2C6-46A8-B921-44B7FF0CC0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FEBE93D1-C791-43D6-A149-03E12BAA9F98}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03EA7C1D-C51B-4363-B127-4D11EF1F7CF2}" = protocol=41 | dir=out | app=system | "{07857146-54F5-404C-B2AF-23E5F8B270FD}" = protocol=58 | dir=in | app=system | "{0AE01A6B-3E5B-4186-B521-5E57A0908AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1516A6E8-5B15-4ADC-B6A7-AC141C8EB166}" = protocol=58 | dir=out | name=kernnetzwerk - routerankündigung (icmpv6 ausgehend) | "{18398135-4B64-4406-B89A-6893889751F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{19C5B54D-4E44-4D0F-A81B-8721687466C0}" = protocol=58 | dir=in | app=system | "{2D881E67-AC89-4417-B94D-B1F12B22AEEA}" = protocol=58 | dir=in | app=system | "{3056500B-E1AD-4B9F-9192-61A8C5A36D06}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{3127CCFC-444D-4677-8BB6-3FCADB49CC9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{31F7B4CC-315B-4771-90C5-2346508D32D1}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörabfrage (icmpv6 ausgehend) | "{34975BFD-5193-4648-88B8-E11456940F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35318073-168C-4CBA-9ACC-B5B5C2438A5B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{380053FD-4EC8-48C1-B580-87E0EA7C9CCD}" = protocol=6 | dir=in | app=c:\progfiles\itunes\itunes.exe | "{4B50C50A-C5D8-4BB1-BF95-4FA8348197CA}" = protocol=1 | dir=in | app=system | "{52C5FB71-3087-40A9-9258-02A001F6C752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{539EE3FA-207C-4BA5-B539-F9F7695B6704}" = protocol=58 | dir=in | app=system | "{5C96D9AE-02AC-4F75-8531-9BE55F67520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{60231891-8EDF-4967-908D-0B19B961CF5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B0D204E-BE84-4507-BC7F-E9C0D60E0ACE}" = protocol=58 | dir=out | name=kernnetzwerk - zeitüberschreitung (icmpv6 ausgehend) | "{6EB29043-E7B3-4627-95F5-862CEE5B892B}" = protocol=58 | dir=in | app=system | "{72EE8667-87C0-4714-B93C-FA98BA3AF6F4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{790FFA2C-EBCD-4103-A7C1-3447363CEEAB}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht (icmpv6 ausgehend) | "{7B6C17ED-459C-41E4-890B-7854F2B640B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E07FE11-8F48-4EC8-8ABF-5F96B4E9BC6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{847993E7-A11C-4B11-9DCA-C208A2650937}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{857BDD0D-295F-4026-BEEF-2DD2A010222D}" = protocol=58 | dir=in | app=system | "{8BA0DDA9-D3C0-4D15-A650-6213891173AB}" = protocol=17 | dir=in | app=c:\progfiles\itunes\itunes.exe | "{8E493B07-5F47-48F6-AE90-5C7E3DB88CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{921E215D-E43B-4C4C-8FD3-4A0B3B8481D1}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsanfrage (icmpv6 ausgehend) | "{92D14525-95D6-4698-AD31-7ECFA02F7350}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht v2 (icmpv6 ausgehend) | "{965E55CF-7ADF-495F-95A5-262731EDFCA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{9B91B485-E126-4A8C-A06A-6EA661D9E790}" = protocol=41 | dir=in | app=system | "{9C1649E5-F2C9-4A26-8FDD-1C1686D24D6B}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsankündigung (icmpv6 ausgehend) | "{A6B366F9-F865-4036-AD89-BB5308496B7D}" = protocol=58 | dir=out | name=kernnetzwerk - routeranfrage (icmpv6 ausgehend) | "{A9E45AAD-C3EB-46C3-B13F-618218A2B693}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{AB2F0A65-7D60-4257-8191-CA9AEC3BF39F}" = protocol=6 | dir=out | app=system | "{AE50CCDF-CE9B-49E5-A7EE-8234071B33B8}" = protocol=2 | dir=in | app=system | "{AF3964B1-517D-43AD-B6E8-9869A17C1799}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{AF6942F8-3D04-470D-B417-A814BE9CF585}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörvorgang abgeschlossen (icmpv6 ausgehend) | "{B17E2752-A463-4FF4-88D3-5BB5228E1C09}" = protocol=58 | dir=in | app=system | "{BEDDA3A2-E64C-4CFD-9438-0763C8ECCCF5}" = protocol=58 | dir=in | app=system | "{C151598C-C645-4AB0-A7BF-3943C343F230}" = protocol=58 | dir=in | app=system | "{C46D1837-4E3D-4637-BFCD-B9FF14FC106A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D083D3B2-816D-43ED-A0AF-8577CE985BDD}" = protocol=2 | dir=out | app=system | "{D67D5A69-C19C-4255-BFB3-398D2BEF48FA}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{D9C8C3D5-E97B-4275-A216-267C11A87FB4}" = protocol=58 | dir=in | app=system | "{E2982187-6155-4B4C-AD9D-556DB2CC8AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E444E485-F907-4E74-876E-7F05871BAB07}" = protocol=58 | dir=in | app=system | "{E68D854F-15AC-4168-89FC-B4D5B8CFDCD1}" = protocol=58 | dir=out | name=kernnetzwerk - parameterproblem (icmpv6 ausgehend) | "{E8089052-4DA6-4B5F-9A62-293A4498981B}" = protocol=58 | dir=out | name=kernnetzwerk - paket zu gross (icmpv6 ausgehend) | "{E97F0E39-5924-4C45-9DCB-E7A96F9C7533}" = protocol=58 | dir=in | app=system | "{F38372D4-EF54-4052-B299-FF49CFA53380}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{F3FCC74E-5FC4-48AD-BEF1-87402F2B2D79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FACAEB83-3312-4D9C-979D-241358EA7513}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "TCP Query User{040A77D4-C269-4FEC-9843-AE0918C9F810}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | "TCP Query User{0D1A2328-BB85-406B-B69A-21DCD2E563F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{22372A26-D688-4650-953E-FB0CBE63AD6F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | "TCP Query User{288018B9-20ED-4065-8190-340DAB7156C1}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | "TCP Query User{2D9EE5FD-7FAF-4D3D-A6FB-6BF3AF079657}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{2E648958-69DD-4501-8A4E-0D9DCE0AF2F8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{2FE0DB96-0D88-4DE3-99C4-97245DF2D068}F:\callofduty4\iw3mp.exe" = protocol=6 | dir=in | app=f:\callofduty4\iw3mp.exe | "TCP Query User{4518FABE-E6A7-4276-98A6-212B8B70330F}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | "TCP Query User{475C53F3-55E2-402E-AB30-70E9C7CD1C3F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | "TCP Query User{58D32D27-08C6-44E3-800F-358C6990D4B2}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | "TCP Query User{5A0DF772-B951-4485-906B-9AE926786D3F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{62F9BB5A-047F-45AB-9888-7227980F8F96}C:\progfiles\screamerradio\screamer.exe" = protocol=6 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | "TCP Query User{68A290FC-BF34-4278-BC2D-1F0543CAB416}C:\progfiles\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\progfiles\zattoo\zattood.exe | "TCP Query User{6BEB8DDB-06FE-49DF-9D3B-A60123DC6F19}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{70972043-A089-4B7D-9CEB-02940A6501B9}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{740BAB1F-6D64-4B75-A0F0-2C0959463A21}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | "TCP Query User{7CF46998-ED4B-44FE-BA2A-9DB7CE7E7919}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | "TCP Query User{84E52A8F-7A12-4E26-A5A3-E94F139147A1}C:\progfiles\garena\garena.exe" = protocol=6 | dir=in | app=c:\progfiles\garena\garena.exe | "TCP Query User{87862B45-EA94-4065-A0D2-D0814254A4B4}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | "TCP Query User{8B10CF85-D4DC-44A4-A5D8-EF6E6A8D09B1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{8EB4347A-06C9-4FF2-9592-57C118DBD47E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{986C8BEC-9FAE-4AFE-9768-C9391CD2B4AB}C:\progfiles\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\progfiles\firefox\firefox.exe | "TCP Query User{98A2A7F9-770B-4676-A924-FFF15EA432BE}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | "TCP Query User{99311A98-6A0C-419A-81E4-C68269C737EB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "TCP Query User{B53B81CA-32F9-4D7C-9431-B17872382D31}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | "TCP Query User{BDF81878-22DF-4784-8B0D-063E84A4BB2B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | "TCP Query User{D7127690-B8D7-4BCB-BE91-B9777A037CBA}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | "TCP Query User{DDD2B434-CB82-48A1-AECC-E57EC3D967E8}C:\progfiles\icq6\icq.exe" = protocol=6 | dir=in | app=c:\progfiles\icq6\icq.exe | "TCP Query User{E61D138D-11DC-4EF7-9B44-F68CF26866D4}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | "TCP Query User{E8B709B1-9ACC-49DE-9EAA-702937865120}F:\serios sam ii\bin\sam2.exe" = protocol=6 | dir=in | app=f:\serios sam ii\bin\sam2.exe | "TCP Query User{E8EC0FD6-9538-4903-8B6A-0B62353E23F1}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "TCP Query User{E91CD75E-963F-43A5-B4E3-825044A163B8}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "TCP Query User{ED0BDEDC-B31B-4F37-BCC9-446AE8A1921B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | "TCP Query User{EDA64722-9CC6-41AA-A50D-A3D5DB7D2E84}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{F2484FDC-7C5E-4351-A3F9-3012DDBA3C8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{03E7B46B-31B0-436D-A1EE-DFD92363438E}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | "UDP Query User{0969CEB8-4C31-4381-95F0-7049E7E22BE3}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | "UDP Query User{10EC67F6-663D-47A2-A4D6-F5AFF2C10406}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{13544F0F-3A35-4B25-9F54-CA3ED7FFF3DC}C:\progfiles\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\progfiles\firefox\firefox.exe | "UDP Query User{1935E1FF-9806-4C40-BBAD-29AE173F99B5}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | "UDP Query User{217316AA-80B0-4B6D-A694-4D03F611CE9C}C:\progfiles\screamerradio\screamer.exe" = protocol=17 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | "UDP Query User{2B3C385E-FBB8-4C6B-A3C9-C9808776DE65}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | "UDP Query User{315F4795-2594-4011-A831-281BADCCCD69}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{42C667E3-7F8D-4844-A3C8-100B870922E3}F:\serios sam ii\bin\sam2.exe" = protocol=17 | dir=in | app=f:\serios sam ii\bin\sam2.exe | "UDP Query User{435FFE92-F275-40B0-BC64-6FE106BF4A2A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "UDP Query User{46D5DB42-95CF-4125-AE0A-A61419396A55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{5540E194-BF17-4517-BB89-88962D3EADC1}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | "UDP Query User{5586E9DA-02D1-41CC-898D-ED60E72152B3}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{56F3ABFF-8D06-4332-B5AD-F85EA33E7E91}F:\callofduty4\iw3mp.exe" = protocol=17 | dir=in | app=f:\callofduty4\iw3mp.exe | "UDP Query User{57F199C6-D85F-4715-A523-2A2069E2E38C}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | "UDP Query User{59C856D3-5AB1-4F10-90EF-D4EB41491BB4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{66575AE9-C0D4-454C-8157-FCB1129EB4BD}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | "UDP Query User{6AC60CC6-AFC7-4E39-944C-BA11887C964D}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "UDP Query User{6D0260B9-6763-485A-A942-EC606691F259}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | "UDP Query User{6F78FF01-CA2C-4BE8-9B19-6B274198FEC5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{70904A82-EF0D-46D5-9628-BF11580D11E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{710C74B2-1A3C-46E0-A97D-240CAB43E0C1}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{85E1CFB1-B4AA-4ED5-9D14-F5CFF96B2B76}C:\progfiles\garena\garena.exe" = protocol=17 | dir=in | app=c:\progfiles\garena\garena.exe | "UDP Query User{95428427-AFB4-4EE3-A146-6049A5A7E105}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{9C18AEC0-4DA4-4F32-9019-B51D3B240235}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | "UDP Query User{9E22FA4F-0B9A-438C-8912-66BF20ACEEC2}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | "UDP Query User{A1FA7043-06C2-4E10-AD02-9C99BD56FD8D}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | "UDP Query User{B6D23BB0-FC4C-4F83-A59E-EAA0B3331E00}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "UDP Query User{BADEBABF-AF1B-4478-B5AB-34D0EC5E04E0}C:\progfiles\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\progfiles\zattoo\zattood.exe | "UDP Query User{C4405CDE-EF56-4DF8-A473-00952B53ACD5}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | "UDP Query User{D58B51BF-353D-4741-A9CD-B1EE0C087809}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | "UDP Query User{DA60D498-5BFB-4FAE-8A46-810771B87052}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{DE111D63-5C5B-4405-96CE-7DD7528E9CCC}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | "UDP Query User{F2F2DBF3-F3F1-4F89-B8CD-1A5332A2A027}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0192ED7A-0AF2-426B-AFDF-AD8506295C94}" = Error Fix "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{128A6D30-D64D-4923-8EA3-4A4C536E0A4C}" = Mega ePower 85 Software "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4 "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{4BA56822-4E76-42EC-883F-52EF0859957E}" = S4 League_EU "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch "{ADC20BE6-8CA6-4989-B3E8-68EBD2AF1031}" = Nero 7 Essentials "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "CCleaner" = CCleaner "Cossacks : Back To War" = Cossacks - Back To War "Counter-Strike: Source" = Counter-Strike: Source "DX-Ball 1.09" = DX-Ball 1.09 "ffdshow_is1" = ffdshow [rev 2033] [2008-07-05] "FoxyTunesForFirefox" = FoxyTunes for Firefox "Free Studio_is1" = Free Studio version 5.0.9 "FreePDF_XP" = FreePDF XP (Remove only) "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "Red Alert" = Red Alert Windows 95 "Rohan_DE" = R.O.H.A.N. Vendetta "SpeedSim" = SpeedSim "SuperTux_is1" = SuperTux 0.1.3 "T4EPlayer" = T4E Player "TmNationsForever_is1" = TmNationsForever "UltraStar Deluxe" = UltraStar Deluxe "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2009 18:00:19 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 20.08.2009 07:02:33 | Computer Name = MarcsPC | Source = ESENT | ID = 215 Description = WinMail (3060) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 20.08.2009 07:04:30 | Computer Name = MarcsPC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Media Center Events ] Error - 16.04.2008 09:35:30 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 18.04.2008 12:54:59 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 18.04.2008 16:09:11 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. [ System Events ] Error - 01.06.2011 02:22:07 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = Error - 01.06.2011 02:35:03 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 02:35:03 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 07:52:19 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 09:25:07 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 10:10:35 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = < End of report > |
01.06.2011, 16:55 | #11 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH 3.OTL.exe OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2011 17:38:03 - Run 6 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alex\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,13% Memory free 4,25 Gb Paging File | 2,71 Gb Available in Paging File | 63,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,50 Gb Total Space | 57,52 Gb Free Space | 49,37% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alex\Downloads\OTL(5).exe (OldTimer Tools) PRC - C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) PRC - C:\Progfiles\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Progfiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (SafeList) ========== MOD - C:\Users\Alex\Downloads\OTL(5).exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- File not found SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/netsession_win_8832f4b.dll () SRV - (AntiVirSchedulerService) -- C:\Progfiles\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Progfiles\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (avgio) -- C:\Progfiles\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (s816mdm) -- C:\Windows\System32\drivers\s816mdm.sys (MCCI Corporation) DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s816mgmt.sys (MCCI Corporation) DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\System32\drivers\s816unic.sys (MCCI) DRV - (s816obex) -- C:\Windows\System32\drivers\s816obex.sys (MCCI Corporation) DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\System32\drivers\s816nd5.sys (MCCI Corporation) DRV - (s816mdfl) -- C:\Windows\System32\drivers\s816mdfl.sys (MCCI Corporation) DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\System32\drivers\s816bus.sys (MCCI Corporation) DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (PLCNDIS5) -- C:\Windows\System32\PLCNDIS5.SYS (Intellon, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goggle.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su=" FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Windows\system32\config\systemprofile\AppData\Roaming\5015 [2011.05.01 14:14:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 19:01:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.20 14:37:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2011.06.01 15:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions [2011.05.07 14:01:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.12 06:42:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.28 09:48:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.15 19:03:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\5di26csr.default\extensions\support@lastpass.com [2011.05.16 06:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.16 06:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.21 14:29:02 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ALEX\APPDATA\ROAMING\5015 () (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5DI26CSR.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\progfiles\Adobe\Reader8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvCplDaemonTool] C:\Windows\System32\hloads57.dll (Comp) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\ProgFiles\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Alex\hloads57.dll (Comp) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice3.0.1\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskk39.dll (Comp) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanudiskzc80.dll (Comp) O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108800 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.01 15:18:11 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.31 13:54:08 | 000,000,000 | ---D | C] -- C:\xmldm [2011.05.31 06:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\alaplaya [2011.05.31 06:38:02 | 000,000,000 | ---D | C] -- C:\Programme\alaplaya [2011.05.31 06:29:56 | 711,189,938 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe [2011.05.28 09:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DVDVideoSoft [2011.05.28 09:47:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo [2011.05.28 09:47:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft [2011.05.28 09:46:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2011.05.25 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia [2011.05.24 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2011.05.24 16:03:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.24 16:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.05.24 16:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.24 16:03:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.24 16:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.24 15:58:33 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll [2011.05.23 15:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Downloaded Installers [2011.05.21 14:29:02 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll [2011.05.20 19:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CCleaner [2011.05.20 19:42:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.05.16 21:16:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.16 06:50:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.16 06:50:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.15 19:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dabou [2011.05.14 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Bive [2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source [2011.05.08 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Counter-Strike Source [2011.05.07 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECHNO4EVER Player [2011.05.07 13:23:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.05.07 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Koenr [2011.05.05 17:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Counter-Strike Source [2011.05.04 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kock [2011.05.04 15:16:28 | 000,000,000 | ---D | C] -- C:\2011838ae5cda6dd97 [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ruyqit [2011.05.04 14:55:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Exyl [2011.05.04 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oghipu [2011.05.04 14:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ewonum [2011.05.03 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Xyopu [2011.05.03 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ythuu [2011.05.03 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Fyel [2011.05.02 21:59:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Erakwi [2011.05.02 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Iwreob [1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.01 17:41:12 | 000,000,889 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.06.01 17:40:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACD25646-07DA-497D-821D-5A16BB7A684A}.job [2011.06.01 17:38:16 | 000,036,579 | ---- | M] () -- C:\Users\Alex\Documents\Gmer.rtf [2011.06.01 17:36:59 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32723199-A1BE-4670-9193-A50997F9A519}.job [2011.06.01 16:45:10 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.01 16:45:10 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.01 16:45:10 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.01 16:45:10 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.01 16:39:09 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.01 16:39:09 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.01 16:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.01 16:38:41 | 240,519,884 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.06.01 13:53:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38515D3F-8908-46D7-8055-3092D76ADA21}.job [2011.05.31 13:47:12 | 000,001,326 | RHS- | M] () -- C:\Users\Alex\ntuser.pol [2011.05.31 06:42:40 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2011.05.31 06:37:20 | 711,189,938 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Alex\Desktop\S4League.exe [2011.05.28 09:48:14 | 000,001,032 | ---- | M] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.25 20:19:52 | 000,137,542 | ---- | M] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf [2011.05.25 17:49:47 | 000,030,259 | ---- | M] () -- C:\Users\Alex\Desktop\hjtscanlist.bat [2011.05.25 16:33:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.24 15:58:33 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe029.dll [2011.05.24 06:44:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Error Fix Scan.job [2011.05.23 17:57:23 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\MafiaBug.rtf [2011.05.23 16:43:47 | 000,014,408 | ---- | M] () -- C:\Users\Alex\Documents\Antivir².rtf [2011.05.23 16:08:35 | 000,014,402 | ---- | M] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf [2011.05.23 14:05:53 | 000,001,280 | ---- | M] () -- C:\Users\Alex\Documents\CMV.rtf [2011.05.22 19:21:48 | 007,975,821 | ---- | M] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf [2011.05.21 22:54:49 | 000,001,390 | ---- | M] () -- C:\Users\Alex\Documents\lehrer..rtf [2011.05.21 14:29:02 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Alex\AppData\Roaming\AcroIEHelpe.dll [2011.05.20 16:04:36 | 000,000,962 | ---- | M] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf [2011.05.16 21:16:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.16 06:50:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.05.16 06:50:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.16 06:50:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.15 19:01:22 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.14 08:47:32 | 2926,603,649 | ---- | M] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe [2011.05.11 16:23:37 | 000,000,210 | ---- | M] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf [2011.05.09 15:11:01 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.05.09 07:13:02 | 000,000,680 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat [2011.05.08 21:46:23 | 000,001,808 | ---- | M] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk [2011.05.07 13:46:38 | 000,000,823 | ---- | M] () -- C:\Users\Alex\Desktop\T4E Player.lnk [1 C:\Users\Alex\AppData\Roaming\*.tmp files -> C:\Users\Alex\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.01 17:34:11 | 000,036,579 | ---- | C] () -- C:\Users\Alex\Documents\Gmer.rtf [2011.05.31 06:42:40 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2011.05.28 09:48:14 | 000,001,032 | ---- | C] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.25 20:19:52 | 000,137,542 | ---- | C] () -- C:\Users\Alex\Documents\gesamter virusbericht.rtf [2011.05.25 20:16:58 | 000,000,889 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.05.24 16:03:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 17:57:22 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\MafiaBug.rtf [2011.05.23 16:43:47 | 000,014,408 | ---- | C] () -- C:\Users\Alex\Documents\Antivir².rtf [2011.05.23 16:08:35 | 000,014,402 | ---- | C] () -- C:\Users\Alex\Documents\Virusbericht 3Funde.rtf [2011.05.23 16:01:48 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Error Fix Scan.job [2011.05.23 14:05:53 | 000,001,280 | ---- | C] () -- C:\Users\Alex\Documents\CMV.rtf [2011.05.22 19:21:48 | 007,975,821 | ---- | C] () -- C:\Users\Alex\Documents\Barcelona Fan.rtf [2011.05.21 22:54:49 | 000,001,390 | ---- | C] () -- C:\Users\Alex\Documents\lehrer..rtf [2011.05.15 19:45:18 | 000,000,962 | ---- | C] () -- C:\Users\Alex\Documents\OGame.de Alte Allianz -ISF-.rtf [2011.05.15 19:01:22 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.14 08:15:34 | 2926,603,649 | ---- | C] () -- C:\Users\Alex\Desktop\rohan_de_installer_20101001.exe [2011.05.11 16:23:36 | 000,000,210 | ---- | C] () -- C:\Users\Alex\Documents\RunKittyRunmusik.rtf [2011.05.09 07:13:02 | 000,000,680 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat [2011.05.08 21:46:23 | 000,001,808 | ---- | C] () -- C:\Users\Alex\Desktop\Counter-Strike Source.lnk [2011.05.07 13:46:38 | 000,000,823 | ---- | C] () -- C:\Users\Alex\Desktop\T4E Player.lnk [2011.04.26 13:31:37 | 000,000,112 | ---- | C] () -- C:\ProgramData\56iE4qch.dat [2011.03.27 15:22:11 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2011.03.24 20:04:02 | 000,065,040 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.02.28 19:04:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2011.02.19 23:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\msicpl.ini [2009.08.02 16:29:26 | 000,000,276 | ---- | C] () -- C:\Windows\thug2.ini [2009.05.27 17:05:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.27 17:05:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.12.28 04:59:54 | 000,138,608 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.12.28 04:59:37 | 000,189,800 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.12.28 04:59:35 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.12.28 04:59:34 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini [2008.12.21 13:51:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.11.21 20:30:29 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2008.11.02 22:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.11.02 22:46:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.11.02 22:17:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2008.11.02 22:14:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2008.09.10 17:25:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008.09.02 17:04:44 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.09.02 17:04:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.07 11:52:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.11 17:24:03 | 000,399,736 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2008.04.10 17:28:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.04.02 15:52:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.18 18:53:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.03.17 17:05:08 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.27 10:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631 [2008.01.04 13:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.12.23 12:00:36 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2007.12.23 11:50:55 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2007.12.16 15:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.12.09 22:15:31 | 000,479,232 | ---- | C] () -- C:\Windows\System32\HookShield.dll [2007.12.09 22:15:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\executeosd.exe [2007.12.09 22:15:30 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll [2007.12.09 22:15:30 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll [2007.12.09 22:15:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\startup.exe [2007.12.09 22:15:27 | 000,462,848 | ---- | C] () -- C:\Windows\System32\HookMap.dll [2007.12.09 20:23:49 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2007.12.09 20:23:49 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2007.12.09 20:23:49 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2007.12.09 20:23:49 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2007.12.09 20:23:49 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2007.12.09 20:23:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 17:33:31 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,272,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > Otl.exe/Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2011 17:38:04 - Run 6 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Alex\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,13% Memory free 4,25 Gb Paging File | 2,71 Gb Available in Paging File | 63,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,50 Gb Total Space | 57,52 Gb Free Space | 49,37% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 49,30 Gb Free Space | 72,12% Space Free | Partition Type: NTFS Drive F: | 48,03 Gb Total Space | 29,19 Gb Free Space | 60,78% Space Free | Partition Type: NTFS Computer Name: MARCSPC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\ProgFiles\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{065E1C38-973B-420F-B300-BDE7042A66CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{153011C4-F9EB-4BF1-AEBB-27FB9BA2E179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3DD9E3BA-BBE6-4022-AB7A-BF11F5A333FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59671036-B829-4941-A9E3-F7379DB24EB0}" = lport=6112 | protocol=17 | dir=in | name=warcraft hosten (udp) | "{603119FC-035D-4A3A-9327-6807EC4345EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6F655981-E0B6-49CB-9EED-1541861992A3}" = lport=2869 | protocol=6 | dir=in | app=system | "{74474826-2651-4A2C-97A1-92B0A325D5B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8ECFC677-3E3C-4DE5-9DBE-FFC1C658C195}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe | "{A5A54654-BB71-4AEB-831F-7E0C6A3EE5C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AA24654D-64AE-4106-8141-753E04303CC4}" = lport=10243 | protocol=6 | dir=in | app=system | "{AD3F7378-5448-477B-8039-67EA7A916894}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{ADB8B2A9-030F-4370-9AD3-9C1952FE31E0}" = rport=10243 | protocol=6 | dir=out | app=system | "{B4099ED2-9F02-4B59-BD07-15BA42878DEB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{BF180437-BA42-47EA-86C4-E1034F2652C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C1674B6F-19D8-46E7-B498-56D0B5AC4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D0B4E190-D7AC-4816-B1F6-9BA877D28CED}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | "{DCDF20B5-C6DC-4B06-9DCB-71E40B6C704A}" = lport=6112 | protocol=6 | dir=in | name=warcraft hosten (tcp) | "{DEE52D1E-7AD8-4587-8797-A336A942CFD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DFB2FDC5-AC69-46D9-B918-C8D3C3D1C974}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E4ED2BDD-F5F1-4448-86EF-22328182D7C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0AD1039-C922-48D5-A915-75A6627719C8}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{F4B94E0C-13A7-4238-ADE2-CFEA87226B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD234473-D514-4495-9D7E-DA93CD8571DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD9D77BE-C2C6-46A8-B921-44B7FF0CC0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FEBE93D1-C791-43D6-A149-03E12BAA9F98}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03EA7C1D-C51B-4363-B127-4D11EF1F7CF2}" = protocol=41 | dir=out | app=system | "{07857146-54F5-404C-B2AF-23E5F8B270FD}" = protocol=58 | dir=in | app=system | "{0AE01A6B-3E5B-4186-B521-5E57A0908AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1516A6E8-5B15-4ADC-B6A7-AC141C8EB166}" = protocol=58 | dir=out | name=kernnetzwerk - routerankündigung (icmpv6 ausgehend) | "{18398135-4B64-4406-B89A-6893889751F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{19C5B54D-4E44-4D0F-A81B-8721687466C0}" = protocol=58 | dir=in | app=system | "{2D881E67-AC89-4417-B94D-B1F12B22AEEA}" = protocol=58 | dir=in | app=system | "{3056500B-E1AD-4B9F-9192-61A8C5A36D06}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{3127CCFC-444D-4677-8BB6-3FCADB49CC9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{31F7B4CC-315B-4771-90C5-2346508D32D1}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörabfrage (icmpv6 ausgehend) | "{34975BFD-5193-4648-88B8-E11456940F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35318073-168C-4CBA-9ACC-B5B5C2438A5B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{380053FD-4EC8-48C1-B580-87E0EA7C9CCD}" = protocol=6 | dir=in | app=c:\progfiles\itunes\itunes.exe | "{4B50C50A-C5D8-4BB1-BF95-4FA8348197CA}" = protocol=1 | dir=in | app=system | "{52C5FB71-3087-40A9-9258-02A001F6C752}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{539EE3FA-207C-4BA5-B539-F9F7695B6704}" = protocol=58 | dir=in | app=system | "{5C96D9AE-02AC-4F75-8531-9BE55F67520D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{60231891-8EDF-4967-908D-0B19B961CF5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B0D204E-BE84-4507-BC7F-E9C0D60E0ACE}" = protocol=58 | dir=out | name=kernnetzwerk - zeitüberschreitung (icmpv6 ausgehend) | "{6EB29043-E7B3-4627-95F5-862CEE5B892B}" = protocol=58 | dir=in | app=system | "{72EE8667-87C0-4714-B93C-FA98BA3AF6F4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{790FFA2C-EBCD-4103-A7C1-3447363CEEAB}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht (icmpv6 ausgehend) | "{7B6C17ED-459C-41E4-890B-7854F2B640B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E07FE11-8F48-4EC8-8ABF-5F96B4E9BC6D}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{847993E7-A11C-4B11-9DCA-C208A2650937}" = protocol=17 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{857BDD0D-295F-4026-BEEF-2DD2A010222D}" = protocol=58 | dir=in | app=system | "{8BA0DDA9-D3C0-4D15-A650-6213891173AB}" = protocol=17 | dir=in | app=c:\progfiles\itunes\itunes.exe | "{8E493B07-5F47-48F6-AE90-5C7E3DB88CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{921E215D-E43B-4C4C-8FD3-4A0B3B8481D1}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsanfrage (icmpv6 ausgehend) | "{92D14525-95D6-4698-AD31-7ECFA02F7350}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörbericht v2 (icmpv6 ausgehend) | "{965E55CF-7ADF-495F-95A5-262731EDFCA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{9B91B485-E126-4A8C-A06A-6EA661D9E790}" = protocol=41 | dir=in | app=system | "{9C1649E5-F2C9-4A26-8FDD-1C1686D24D6B}" = protocol=58 | dir=out | name=kernnetzwerk - nachbarermittlungsankündigung (icmpv6 ausgehend) | "{A6B366F9-F865-4036-AD89-BB5308496B7D}" = protocol=58 | dir=out | name=kernnetzwerk - routeranfrage (icmpv6 ausgehend) | "{A9E45AAD-C3EB-46C3-B13F-618218A2B693}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{AB2F0A65-7D60-4257-8191-CA9AEC3BF39F}" = protocol=6 | dir=out | app=system | "{AE50CCDF-CE9B-49E5-A7EE-8234071B33B8}" = protocol=2 | dir=in | app=system | "{AF3964B1-517D-43AD-B6E8-9869A17C1799}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{AF6942F8-3D04-470D-B417-A814BE9CF585}" = protocol=58 | dir=out | name=kernnetzwerk - multicastabhörvorgang abgeschlossen (icmpv6 ausgehend) | "{B17E2752-A463-4FF4-88D3-5BB5228E1C09}" = protocol=58 | dir=in | app=system | "{BEDDA3A2-E64C-4CFD-9438-0763C8ECCCF5}" = protocol=58 | dir=in | app=system | "{C151598C-C645-4AB0-A7BF-3943C343F230}" = protocol=58 | dir=in | app=system | "{C46D1837-4E3D-4637-BFCD-B9FF14FC106A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D083D3B2-816D-43ED-A0AF-8577CE985BDD}" = protocol=2 | dir=out | app=system | "{D67D5A69-C19C-4255-BFB3-398D2BEF48FA}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "{D9C8C3D5-E97B-4275-A216-267C11A87FB4}" = protocol=58 | dir=in | app=system | "{E2982187-6155-4B4C-AD9D-556DB2CC8AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E444E485-F907-4E74-876E-7F05871BAB07}" = protocol=58 | dir=in | app=system | "{E68D854F-15AC-4168-89FC-B4D5B8CFDCD1}" = protocol=58 | dir=out | name=kernnetzwerk - parameterproblem (icmpv6 ausgehend) | "{E8089052-4DA6-4B5F-9A62-293A4498981B}" = protocol=58 | dir=out | name=kernnetzwerk - paket zu gross (icmpv6 ausgehend) | "{E97F0E39-5924-4C45-9DCB-E7A96F9C7533}" = protocol=58 | dir=in | app=system | "{F38372D4-EF54-4052-B299-FF49CFA53380}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{F3FCC74E-5FC4-48AD-BEF1-87402F2B2D79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FACAEB83-3312-4D9C-979D-241358EA7513}" = protocol=6 | dir=in | app=c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\k72rmm3k\users_root_file_file[1].exe | "TCP Query User{040A77D4-C269-4FEC-9843-AE0918C9F810}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | "TCP Query User{0D1A2328-BB85-406B-B69A-21DCD2E563F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{22372A26-D688-4650-953E-FB0CBE63AD6F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | "TCP Query User{288018B9-20ED-4065-8190-340DAB7156C1}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | "TCP Query User{2D9EE5FD-7FAF-4D3D-A6FB-6BF3AF079657}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{2E648958-69DD-4501-8A4E-0D9DCE0AF2F8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{2FE0DB96-0D88-4DE3-99C4-97245DF2D068}F:\callofduty4\iw3mp.exe" = protocol=6 | dir=in | app=f:\callofduty4\iw3mp.exe | "TCP Query User{4518FABE-E6A7-4276-98A6-212B8B70330F}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | "TCP Query User{475C53F3-55E2-402E-AB30-70E9C7CD1C3F}F:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii\war3.exe | "TCP Query User{58D32D27-08C6-44E3-800F-358C6990D4B2}F:\ageofempiresii\empires2.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\empires2.exe | "TCP Query User{5A0DF772-B951-4485-906B-9AE926786D3F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{62F9BB5A-047F-45AB-9888-7227980F8F96}C:\progfiles\screamerradio\screamer.exe" = protocol=6 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | "TCP Query User{68A290FC-BF34-4278-BC2D-1F0543CAB416}C:\progfiles\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\progfiles\zattoo\zattood.exe | "TCP Query User{6BEB8DDB-06FE-49DF-9D3B-A60123DC6F19}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{70972043-A089-4B7D-9CEB-02940A6501B9}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{740BAB1F-6D64-4B75-A0F0-2C0959463A21}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | "TCP Query User{7CF46998-ED4B-44FE-BA2A-9DB7CE7E7919}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | "TCP Query User{84E52A8F-7A12-4E26-A5A3-E94F139147A1}C:\progfiles\garena\garena.exe" = protocol=6 | dir=in | app=c:\progfiles\garena\garena.exe | "TCP Query User{87862B45-EA94-4065-A0D2-D0814254A4B4}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | "TCP Query User{8B10CF85-D4DC-44A4-A5D8-EF6E6A8D09B1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{8EB4347A-06C9-4FF2-9592-57C118DBD47E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{986C8BEC-9FAE-4AFE-9768-C9391CD2B4AB}C:\progfiles\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\progfiles\firefox\firefox.exe | "TCP Query User{98A2A7F9-770B-4676-A924-FFF15EA432BE}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | "TCP Query User{99311A98-6A0C-419A-81E4-C68269C737EB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "TCP Query User{B53B81CA-32F9-4D7C-9431-B17872382D31}F:\cs\valve\hl.exe" = protocol=6 | dir=in | app=f:\cs\valve\hl.exe | "TCP Query User{BDF81878-22DF-4784-8B0D-063E84A4BB2B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | "TCP Query User{D7127690-B8D7-4BCB-BE91-B9777A037CBA}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | "TCP Query User{DDD2B434-CB82-48A1-AECC-E57EC3D967E8}C:\progfiles\icq6\icq.exe" = protocol=6 | dir=in | app=c:\progfiles\icq6\icq.exe | "TCP Query User{E61D138D-11DC-4EF7-9B44-F68CF26866D4}F:\css\hl2.exe" = protocol=6 | dir=in | app=f:\css\hl2.exe | "TCP Query User{E8B709B1-9ACC-49DE-9EAA-702937865120}F:\serios sam ii\bin\sam2.exe" = protocol=6 | dir=in | app=f:\serios sam ii\bin\sam2.exe | "TCP Query User{E8EC0FD6-9538-4903-8B6A-0B62353E23F1}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "TCP Query User{E91CD75E-963F-43A5-B4E3-825044A163B8}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "TCP Query User{ED0BDEDC-B31B-4F37-BCC9-446AE8A1921B}F:\heroesofnewerth\hon.exe" = protocol=6 | dir=in | app=f:\heroesofnewerth\hon.exe | "TCP Query User{EDA64722-9CC6-41AA-A50D-A3D5DB7D2E84}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{F2484FDC-7C5E-4351-A3F9-3012DDBA3C8E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{03E7B46B-31B0-436D-A1EE-DFD92363438E}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | "UDP Query User{0969CEB8-4C31-4381-95F0-7049E7E22BE3}F:\css\hl2.exe" = protocol=17 | dir=in | app=f:\css\hl2.exe | "UDP Query User{10EC67F6-663D-47A2-A4D6-F5AFF2C10406}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{13544F0F-3A35-4B25-9F54-CA3ED7FFF3DC}C:\progfiles\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\progfiles\firefox\firefox.exe | "UDP Query User{1935E1FF-9806-4C40-BBAD-29AE173F99B5}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | "UDP Query User{217316AA-80B0-4B6D-A694-4D03F611CE9C}C:\progfiles\screamerradio\screamer.exe" = protocol=17 | dir=in | app=c:\progfiles\screamerradio\screamer.exe | "UDP Query User{2B3C385E-FBB8-4C6B-A3C9-C9808776DE65}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | "UDP Query User{315F4795-2594-4011-A831-281BADCCCD69}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{42C667E3-7F8D-4844-A3C8-100B870922E3}F:\serios sam ii\bin\sam2.exe" = protocol=17 | dir=in | app=f:\serios sam ii\bin\sam2.exe | "UDP Query User{435FFE92-F275-40B0-BC64-6FE106BF4A2A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | "UDP Query User{46D5DB42-95CF-4125-AE0A-A61419396A55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{5540E194-BF17-4517-BB89-88962D3EADC1}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe | "UDP Query User{5586E9DA-02D1-41CC-898D-ED60E72152B3}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{56F3ABFF-8D06-4332-B5AD-F85EA33E7E91}F:\callofduty4\iw3mp.exe" = protocol=17 | dir=in | app=f:\callofduty4\iw3mp.exe | "UDP Query User{57F199C6-D85F-4715-A523-2A2069E2E38C}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | "UDP Query User{59C856D3-5AB1-4F10-90EF-D4EB41491BB4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{66575AE9-C0D4-454C-8157-FCB1129EB4BD}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | "UDP Query User{6AC60CC6-AFC7-4E39-944C-BA11887C964D}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "UDP Query User{6D0260B9-6763-485A-A942-EC606691F259}F:\cs\valve\hl.exe" = protocol=17 | dir=in | app=f:\cs\valve\hl.exe | "UDP Query User{6F78FF01-CA2C-4BE8-9B19-6B274198FEC5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{70904A82-EF0D-46D5-9628-BF11580D11E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{710C74B2-1A3C-46E0-A97D-240CAB43E0C1}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{85E1CFB1-B4AA-4ED5-9D14-F5CFF96B2B76}C:\progfiles\garena\garena.exe" = protocol=17 | dir=in | app=c:\progfiles\garena\garena.exe | "UDP Query User{95428427-AFB4-4EE3-A146-6049A5A7E105}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{9C18AEC0-4DA4-4F32-9019-B51D3B240235}F:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii\war3.exe | "UDP Query User{9E22FA4F-0B9A-438C-8912-66BF20ACEEC2}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | "UDP Query User{A1FA7043-06C2-4E10-AD02-9C99BD56FD8D}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | "UDP Query User{B6D23BB0-FC4C-4F83-A59E-EAA0B3331E00}F:\ageofempiresii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\age2_x1\age2_x1.exe | "UDP Query User{BADEBABF-AF1B-4478-B5AB-34D0EC5E04E0}C:\progfiles\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\progfiles\zattoo\zattood.exe | "UDP Query User{C4405CDE-EF56-4DF8-A473-00952B53ACD5}F:\ageofempiresii\empires2.exe" = protocol=17 | dir=in | app=f:\ageofempiresii\empires2.exe | "UDP Query User{D58B51BF-353D-4741-A9CD-B1EE0C087809}C:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\progfiles\java\jdk1.6.0_07\jre\bin\java.exe | "UDP Query User{DA60D498-5BFB-4FAE-8A46-810771B87052}C:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{DE111D63-5C5B-4405-96CE-7DD7528E9CCC}F:\heroesofnewerth\hon.exe" = protocol=17 | dir=in | app=f:\heroesofnewerth\hon.exe | "UDP Query User{F2F2DBF3-F3F1-4F89-B8CD-1A5332A2A027}C:\users\marc\desktop\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\marc\desktop\call of duty 2\cod2mp_s.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0192ED7A-0AF2-426B-AFDF-AD8506295C94}" = Error Fix "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{128A6D30-D64D-4923-8EA3-4A4C536E0A4C}" = Mega ePower 85 Software "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{451C4ACA-0B6A-4564-BD9D-A6C365DB9C76}_is1" = Bombermaaan 1.4 "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{4BA56822-4E76-42EC-883F-52EF0859957E}" = S4 League_EU "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch "{ADC20BE6-8CA6-4989-B3E8-68EBD2AF1031}" = Nero 7 Essentials "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "CCleaner" = CCleaner "Cossacks : Back To War" = Cossacks - Back To War "Counter-Strike: Source" = Counter-Strike: Source "DX-Ball 1.09" = DX-Ball 1.09 "ffdshow_is1" = ffdshow [rev 2033] [2008-07-05] "FoxyTunesForFirefox" = FoxyTunes for Firefox "Free Studio_is1" = Free Studio version 5.0.9 "FreePDF_XP" = FreePDF XP (Remove only) "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "Red Alert" = Red Alert Windows 95 "Rohan_DE" = R.O.H.A.N. Vendetta "SpeedSim" = SpeedSim "SuperTux_is1" = SuperTux 0.1.3 "T4EPlayer" = T4E Player "TmNationsForever_is1" = TmNationsForever "UltraStar Deluxe" = UltraStar Deluxe "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 06.08.2009 15:12:18 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2009 18:00:19 | Computer Name = MarcsPC | Source = Windows Search Service | ID = 3013 Description = Error - 20.08.2009 07:02:33 | Computer Name = MarcsPC | Source = ESENT | ID = 215 Description = WinMail (3060) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 20.08.2009 07:04:30 | Computer Name = MarcsPC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Media Center Events ] Error - 16.04.2008 09:35:30 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 18.04.2008 12:54:59 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. Error - 18.04.2008 16:09:11 | Computer Name = MarcsPC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. [ System Events ] Error - 01.06.2011 02:35:03 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 07:52:19 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 08:09:02 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 09:25:07 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 09:46:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 10:10:35 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7032 Description = Error - 01.06.2011 10:38:47 | Computer Name = MarcsPC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.06.2011 um 16:37:26 unerwartet heruntergefahren. Error - 01.06.2011 10:40:20 | Computer Name = MarcsPC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
01.06.2011, 17:00 | #12 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH und jetzt das dritte und letzte Stück. 4.Gmer Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net Rootkit scan 2011-06-01 17:29:33 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort4 SAMSUNG_HD250HJ rev.FH100-05 Running: xrzv5vp7.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldypog.sys ---- System - GMER 1.0.15 ---- INT 0x52 ? 84458BF8 INT 0x52 ? 84458BF8 INT 0x52 ? 84458BF8 INT 0x52 ? 84458BF8 INT 0x52 ? 863A5BF8 INT 0x52 ? 84458BF8 INT 0x62 ? 84458BF8 INT 0x72 ? 84458BF8 INT 0xB4 ? 863A5BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\sper.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 8839441B 5 Bytes JMP 863A51D8 .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D400340, 0x39DB57, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[296] ntdll.dll!NtProtectVirtualMemory 770E4B84 5 Bytes JMP 0179000A .text C:\Windows\Explorer.EXE[296] ntdll.dll!NtWriteVirtualMemory 770E54C4 5 Bytes JMP 017A000A .text C:\Windows\Explorer.EXE[296] ntdll.dll!KiUserExceptionDispatcher 770E5BF8 5 Bytes JMP 004C000A .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 02502680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 025024D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 02502590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 02502630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 02502340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 025023D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 026B9E64 .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!recv 75C8343A 5 Bytes JMP 026B9AE2 .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 026B9BB5 .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!send 75C8659B 5 Bytes JMP 026B9A01 .text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[1004] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 026B9D16 .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 770E4B84 5 Bytes JMP 004C000A .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 770E54C4 5 Bytes JMP 004F000A .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 770E5BF8 5 Bytes JMP 004B000A .text C:\Windows\system32\svchost.exe[1116] ole32.dll!CoCreateInstance 75B29F3E 5 Bytes JMP 0062000A .text C:\Windows\system32\svchost.exe[1116] USER32.dll!WindowFromPoint 7594884F 5 Bytes JMP 018F000A .text C:\Windows\system32\svchost.exe[1116] USER32.dll!GetForegroundWindow 759532C4 5 Bytes JMP 0190000A .text C:\Windows\system32\svchost.exe[1116] USER32.dll!GetCursorPos 75960B88 5 Bytes JMP 013E000A .text C:\Windows\system32\taskeng.exe[1996] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 031A2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\taskeng.exe[1996] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 031A24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\taskeng.exe[1996] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 031A2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\taskeng.exe[1996] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 031A2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 031A2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\taskeng.exe[1996] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 031A23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 02289E64 .text C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!recv 75C8343A 5 Bytes JMP 02289AE2 .text C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 02289BB5 .text C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!send 75C8659B 5 Bytes JMP 02289A01 .text C:\Windows\system32\taskeng.exe[1996] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 02289D16 .text C:\Windows\system32\Dwm.exe[2012] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 05FE2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\Dwm.exe[2012] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 05FE24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\Dwm.exe[2012] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 05FE2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\Dwm.exe[2012] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 05FE2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\Dwm.exe[2012] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 05FE2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\Dwm.exe[2012] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 05FE23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 06389E64 .text C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!recv 75C8343A 5 Bytes JMP 06389AE2 .text C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 06389BB5 .text C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!send 75C8659B 5 Bytes JMP 06389A01 .text C:\Windows\system32\Dwm.exe[2012] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 06389D16 .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 02082680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 020824D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 02082590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 02082630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 02082340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 020823D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 02E69E64 .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!recv 75C8343A 5 Bytes JMP 02E69AE2 .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 02E69BB5 .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!send 75C8659B 5 Bytes JMP 02E69A01 .text C:\Progfiles\Avira\AntiVir Desktop\avgnt.exe[2748] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 02E69D16 .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 00AB2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 00AB24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 00AB2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 00AB2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 00AB2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 00AB23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 01EF9E64 .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!recv 75C8343A 5 Bytes JMP 01EF9AE2 .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 01EF9BB5 .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!send 75C8659B 5 Bytes JMP 01EF9A01 .text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[2828] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 01EF9D16 .text C:\Windows\System32\rundll32.exe[2856] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 00C72680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\System32\rundll32.exe[2856] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 00C724D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\System32\rundll32.exe[2856] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 00C72590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\System32\rundll32.exe[2856] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 00C72630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\System32\rundll32.exe[2856] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 00C72340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\System32\rundll32.exe[2856] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 00C723D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 02249E64 .text C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!recv 75C8343A 5 Bytes JMP 02249AE2 .text C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 02249BB5 .text C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!send 75C8659B 5 Bytes JMP 02249A01 .text C:\Windows\System32\rundll32.exe[2856] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 02249D16 .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 05FC2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 05FC24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 05FC2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 05FC2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 05FC2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 05FC23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 05309E64 .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!recv 75C8343A 5 Bytes JMP 05309AE2 .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 05309BB5 .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!send 75C8659B 5 Bytes JMP 05309A01 .text C:\Program Files\Windows Sidebar\sidebar.exe[2864] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 05309D16 .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 05CA2680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 05CA24D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 05CA2590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 05CA2630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 05CA2340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 05CA23D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!closesocket 75C8330C 5 Bytes JMP 05DB9E64 .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!recv 75C8343A 5 Bytes JMP 05DB9AE2 .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!WSASend 75C84496 5 Bytes JMP 05DB9BB5 .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!send 75C8659B 5 Bytes JMP 05DB9A01 .text C:\Program Files\OpenOffice3.0.1\OpenOffice.org 3\program\soffice.bin[3032] WS2_32.dll!WSARecv 75C88400 5 Bytes JMP 05DB9D16 .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!TerminateProcess 75D118EF 6 Bytes PUSH 03C62680; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!FindNextFileA 75D32FF9 6 Bytes PUSH 03C624D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!FindNextFileW 75D3B79E 6 Bytes PUSH 03C62590; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] kernel32.dll!ExitProcess 75D541D8 6 Bytes PUSH 03C62630; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ADVAPI32.dll!RegDeleteValueA 75E12F59 6 Bytes PUSH 03C62340; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ADVAPI32.dll!RegDeleteValueW 75E13FB6 6 Bytes PUSH 03C623D0; RET C:\Windows\system32\hloads57.dll (zhvlevupcutixuctcqcstqn/Comp) .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!closesocket 75C8330C 5 Bytes JMP 01D79E64 .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!recv 75C8343A 5 Bytes JMP 01D79AE2 .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!WSASend 75C84496 5 Bytes JMP 01D79BB5 .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!send 75C8659B 5 Bytes JMP 01D79A01 .text C:\Program Files\Common Files\Teleca Shared\Generic.exe[4044] ws2_32.dll!WSARecv 75C88400 5 Bytes JMP 01D79D16 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806056D2] \SystemRoot\System32\Drivers\sper.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80605040] \SystemRoot\System32\Drivers\sper.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806057FC] \SystemRoot\System32\Drivers\sper.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806050BE] \SystemRoot\System32\Drivers\sper.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060513C] \SystemRoot\System32\Drivers\sper.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8521D1F8 Device \Driver\volmgr \Device\VolMgrControl 8445A1F8 Device \Driver\usbohci \Device\USBPDO-0 863831F8 Device \Driver\usbehci \Device\USBPDO-1 849701F8 Device \Driver\volmgr \Device\HarddiskVolume1 8445A1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8445A1F8 Device \Driver\cdrom \Device\CdRom0 849731F8 Device \Driver\atapi \Device\Ide\IdePort0 8521B1F8 Device \Driver\atapi \Device\Ide\IdePort1 8521B1F8 Device \Driver\atapi \Device\Ide\IdePort2 8521B1F8 Device \Driver\atapi \Device\Ide\IdePort3 8521B1F8 Device \Driver\atapi \Device\Ide\IdePort4 8521B1F8 Device \Driver\atapi \Device\Ide\IdePort5 8521B1F8 Device \Driver\msahci \Device\Ide\PciIde1Channel0 8521C1F8 Device \Driver\msahci \Device\Ide\PciIde1Channel1 8521C1F8 Device \Driver\msahci \Device\Ide\PciIde1Channel2 8521C1F8 Device \Driver\msahci \Device\Ide\PciIde1Channel3 8521C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-7 8521B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 8521B1F8 Device \Driver\volmgr \Device\HarddiskVolume3 8445A1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 86631500 Device \Driver\Smb \Device\NetbiosSmb 8653D1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{B00D18A5-30D7-4BB1-A95A-9A338C37A8F2} 86631500 Device \Driver\iScsiPrt \Device\RaidPort0 863871F8 Device \Driver\usbohci \Device\USBFDO-0 863831F8 Device \Driver\usbehci \Device\USBFDO-1 849701F8 Device \FileSystem\cdfs \Cdfs 8704A1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\ProgFiles\DAEMON_Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x51 0x82 0x42 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0xC1 0x1B 0x2D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0xFE 0x4C 0x64 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x32 0xF6 0x33 0xC3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\ProgFiles\DAEMON_Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x51 0x82 0x42 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0xC1 0x1B 0x2D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0xFE 0x4C 0x64 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x32 0xF6 0x33 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\ProgFiles\DAEMON_Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x51 0x82 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0xC1 0x1B 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0xFE 0x4C 0x64 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x32 0xF6 0x33 0xC3 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ---- Danke dir nochmal für die Hilfe. Und wollte nebenbei mal fragen woher du dein Computertechnisches wissen hast. |
01.06.2011, 20:04 | #13 |
/// Helfer-Team | Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH In einem anderen Forum Einschulung gehabt. Natürlich die Entwicklung geht weiter, weil ja es werden (leider) ständig neue Viren erzeugt. Aber wir zeigen uns kämpferisch und versuchen das Beste draus zu machen Ansonsten einfach Hobby von mir, weil Bereich der Virenbekämpfung sehr interessant ist, auch eine Herausforderung und man hilft doch auch gern ... ausserdem es wird von Jahr zu Jahr interessanter, eine sehr gute Erfahrung und man sehr viel dabei lernen kann - Nun ist es traurige Gewissheit, vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt... Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren. - wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter: TDSSKiller von Kaspersky
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
01.06.2011, 22:24 | #14 |
| Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH Achso okey. Weil ich mir jetzt auchn bisschen das schreiben beigebracht hab. Also wie darf ich das denn verstehn? - Nun ist es traurige Gewissheit, vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt... Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren. - wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter: und wie zieh ich das auf den Desktop und nicht in einem Ordner auf den Desktop? |
01.06.2011, 22:32 | #15 |
/// Helfer-Team | Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH keine Ordner anlegen für...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH |
absoluter, gefunde, java-virus, java-virus java/stutter.ag, java-virus java/stutter.ah, neuling, problem, sache, sachen, viren |